Berichten met een Label ‘workflow’

Script to generate certificates & Puppet-code

Written by Ger Apeldoorn. Posted in Sysadmin

My laziness knows no bounds, I use the script below to automate writing automation puppet code for creating new users (and generating, converting and mailing their certificates too)…

This ruby script will read information from a CSV-file and:

  • generate certificate with a random passphrase
  • create a Putty version
  • email the (encrypted) certificates to the user
  • prints the Puppet-resource definition to STDOUT
  • store the passphrase in a textfile

It will check if the certificates have already been generated (check if directory exists), so you can just add to the CSV-file.



  • Ruby of course
  • some rubygems: mail, csv
  • pwgen
  • ssh-keygen
  • puttygen

Just put the files below in the same directory.


Edit the userlist.txt to add users; the format is:

userid,username,name,email,groups (groups ; seperated)


"1001","gertest","Ger Apeldoorn","","admin;dev;prutsor"
"1002","gertest2","Ger Apeldoorn","","admin;dev;prutsor"

After that’s done, just run the script:


Example output:

@pe_accounts::user { 'gertest':
	locked  => false,
	comment => 'Ger Apeldoorn',
	uid     => '999',
	gid     => '999',
	groups  => ["admin", "dev", "prutsor"],
	sshkeys => ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnCWb6yiDpOdtzJ3w0Hf/MOIvXswpqu3XnotDtgAkJaH/ZtC/wNrwAsm+ugyGtTmWTX22LdJ1M4mr0KYk7cj1m6QlKp78R4485uERFn0/q6LAJSqKYzEFY53SGECCn/BVZWYDJQ6UcoslouSiIsDivC+rwrG4UGAwdyDSED4PrT0U2kTkPeadbxqvT3FcHcO1HuQF8nMZ'],

After running this, the user receives an email with mailtext.txt as contents and three attachments:

  • id_rsa
  • putty_private.ppk

Note that the private keys are protected with the passphrase… 🙂



#!/usr/bin/env ruby
CSVFILE = 'userlist.txt'
EMAILCONTENT = 'mailtext.txt'
CURDIR = Dir.pwd

require 'csv'
require 'rubygems'
gem 'mail'
require 'mail'

def which(cmd)
  exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
  ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
    exts.each { |ext|
      exe = "#{path}/#{cmd}#{ext}"
      return exe if File.executable? exe
  return nil

def preflight_checks
        #see if apps are installed and in path
        puts "pwgen is not installed"      if not which('pwgen')
        puts "ssh-keygen is not installed" if not which('ssh-keygen')
        puts "puttygen is not installed"   if not which('puttygen')

def send_email(username, email)
        mail = do
                from    ''
                to              email
                subject 'Your SSH keys'
                body, EMAILCONTENT))
        mail.add_file(File.join(CURDIR, username, "id_rsa"))
        mail.add_file(File.join(CURDIR, username, ""))
        mail.add_file(File.join(CURDIR, username, "putty_private.ppk"))
        mail.delivery_method :sendmail
def print_puppetconfig(userid,username,name,email,groups)
        puts "@pe_accounts::user { '#{username}':"
        puts "  locked  => false,"
        puts "  comment => '#{name}',"
        puts "  uid     => '#{userid}',"
        puts "  gid     => '#{userid}',"
        puts "  groups  => #{groups.split(";").inspect},"
        pubkey =, username, "")).chomp
        puts "  sshkeys => ['#{pubkey}'],"
        puts "}"



CSV.foreach(CSVFILE) do |row|
        userid,username,name,email,groups = row
        if File.exists?(File.join(CURDIR, username))
                puts "Directory for user #{username} already exists"
        Dir.mkdir(File.join(CURDIR, username))
        Dir.chdir(File.join(CURDIR, username))
        passphrase=`pwgen -c -n -1 10`
        #Create SSH keypair
        `ssh-keygen -C #{email} -P #{passphrase} -f id_rsa`
        #Convert SSH keypair to Putty
        `echo #{passphrase} | puttygen id_rsa -O private -o putty_private.ppk`
        #Save the passphrase"passphrase", 'w') {|f| f.write(passphrase) }
        send_email(username, email)



You will find your OpenSSH and Putty keys attached. You can use these keys to login to any Linux server for which you are authorized.

You can get the passphrase from -----.

Kind regards.
Le Pinguin

Have fun!

Puppet en Hiera update configuratie workflow

Written by Ger Apeldoorn. Posted in Sysadmin

Je hebt iets prachtigs gemaakt in de ‘development’ environment en wilt dit doorzetten naar ‘testing’. Hier vind je een handige manier om dat te doen.

Bij dit stukje ga ik van het volgende uit:

Van start: Enkele wijzigingen lokaal committen

Eerst maar eens naar de juiste directory: