Puppet: send an email to the client when a new key is generated
5 SEP 2012
4 mins read
Puppet is great for centralised management of SSH keys on Linux boxes. The SSH module described in the project pages does its job really well for creating a new key pair and distributing it for clients (using the keys) and servers (authorized_keys file management).
The key generation mechanism provides several options to set up how the keys should be generated. One of them, is the maxdays options, defining how long the keys are valid. Because of that, I needed some mechanism to notify the users when their key has changed and they need to fetch new one. Normally, ssh::auth::server can be used for private key distribution, sometimes however this is not possible and that’s why this need floated.
To solve that, I thought that the simplest way will be to send an email that is set in the account properties.
Basically the most crucial code needed is this one:
The command for user notification is in the exec clause and it is using a simple mail command.
The full diff of modules/ssh/manifests/auth.pp is below: