puppet 管理秘钥登陆

企业实际使用的案例

1.创建模块目录
mkdir -p /etc/puppet/modules/ssh/{files,manifests}
2.创建秘钥（一路回车即可）
ssh-keygen
3.将公钥拷贝到资源目录
cat /root/.ssh/id_rsa.pub  >/etc/puppet/modules/ssh/files/authorized_keys
4.创建模块的入口文件
[root@master manifests]# cat /etc/puppet/modules/ssh/manifests/init.pp 
class ssh{
  package { 'openssh-server':
    ensure => present,
  }
  file { '/root/.ssh/authorized_keys':
    ensure => present,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
    source => "puppet://$puppetserver/modules/ssh/authorized_keys",
    require => Package['openssh-server'],
  }
}

4.创建主配置
[root@master manifests]# cat /etc/puppet/manifests/site.pp
node 'nginxnode2.puppetcao.com'{
  include ssh
}
client端口服务器启动puppet服务即可同步过去，这样可以方便管理多用户的秘钥
systemctl  start puppet

5.测试
[root@master manifests]# ssh root@192.168.1.116
Last login: Wed Sep 18 15:44:58 2019 from master.puppetcao.com
成功登陆

　检查配置命令：

puppet parser validate /etc/puppet/manifests/site.pp