P:base: provision ssh CA key as known_hosts

Needed to SSH between hosts without host key warnings. (Or you could
provision a known_hosts based on key data from PuppetDB, but this is
easier.)

Author: supertassu

modules/profile/manifests/base.pp

@@ -18,6 +18,9 @@
   class { 'ssh::server':
     enable_ssh_ca => $enable_ssh_ca,
   }
+  class { 'ssh::client':
+    enable_ssh_ca => $enable_ssh_ca,
+  }
 
   class { 'users':
     accounts       => $accounts,

modules/ssh/manifests/client.pp

@@ -0,0 +1,13 @@
+# @summary ssh client configuration
+class ssh::client (
+  Boolean $enable_ssh_ca,
+) {
+  if $enable_ssh_ca {
+    $ca_pub_data = jqlib::secret('ssh_ca/ca.pub')
+    file { '/etc/ssh/ssh_known_hosts':
+      ensure  => file,
+      content => "@cert-authority *.ops.jquery.net ${ca_pub_data}\n",
+      mode    => '0444',
+    }
+  }
+}