Feature #6313
closed
Update the puppetssh puppet_provider to allow ssh options
Description
Allow additional SSH options to be called for additional functionality.
An example of this use would be creating a SSH tunnel from the puppet master to the puppet client and having the puppet client reach back though the tunnel to communicate with the puppet master.
This is useful for remote nodes that do not have a secure communication back to the puppet master or a puppet master in its facility.
Here is a snippet from the current code we use:
/usr/bin/ssh i ${sshkey} -R 8140:$puppetmaster:8140 $1 puppet agent --test 1>& 2>&-
Where:
$sshkey the key your connecting with ( current puppetssh_keyfile )
$puppetmaster FQDN of the puppet master
$1 == the node your connecting to
Note: the client node will need an entry set in DNS or /etc/hosts that points the $puppetmaster FQDN to 127.0.0.1 to force communication though the tunnel created from the master
Bonus: Update the documentation to recommend creating a separate ssh that limits the connection parameters, command and potentially source(from)
command="sudo puppet agent -t",no-pty,from="puppet.example.com"
Updated by
Updated by Ewoud Kohl van Wijngaarden over 2 years ago
- Status changed from New to Rejected
The puppetssh provider has been dropped.