Justin,
it seems like your task can be performed as follows:
files:
"$(root_homedir)/.ssh/lum.pub"
copy_from =>
remote_copy_with_backup("/root/.ssh/id_rsa.pub", "lum");
"$(root_homedir)/.ssh/authorized_keys"
edit_line => insert_file("$(root_homedir)/.ssh/lum.pub");
with the appropriate edit_line bundle:
bundle edit_line insert_file(src)
{
insert_lines:
"$(src)" insert_type => "file";
}
2010/5/14 Justin Lloyd <[email protected]>:
> Someone raised a couple of good questions in a private email to me, so I
> thought I'd go ahead and send my response to the whole list. I didn't know if
> they'd want me to forward their response to the list, so I've omitted their
> response, just to be safe. :) My apologies if you prefer attribution, feel
> free to reply to this if that is the case.
>
> First, I verified my trustkeysfrom and @(def.acl) settings were correct. As
> for the second point, my remote_copy_with_backup body already has trust
> enabled.
>
> body copy_from remote_copy_with_backup(filename, hostname) {
> source => "$(filename)";
> servers => { "$(hostname)" };
> compare => "digest";
> copy_backup => "true";
> trustkey => "true";
> }
>
> As for my goal, I had shortened my original email to make it easier to
> understand but the response made me realize that I took out an important
> point. My goal is to have all systems trust lum so that they can retrieve the
> sudoers file, though some systems don't need to fetch that sudoers file.
> However, I do have an edit_line bundle (promiser is
> "$(root_homedir)/.ssh/authorized_keys") that defines a variable by calling
> remotescalar(), which is a function specific to Cfengine Nova and does not
> include a key exchange mechanism.
>
> "remote_user_public_key" string => remotescalar(
> "$(user)_public_ssh_key_access", "$(host)", "yes"
> );
>
> When $(host) is lum (which is the only way I'm calling this bundle right
> now), it's not trusted by clients that don't retrieve sudoers and thus those
> systems couldn't get lum's public ssh key. I had no other way of ensuring all
> systems could successfully use the remotescalar call to get lum's public SSH
> key.
>
> Justin
>
>
> This electronic communication and any attachments may contain confidential
> and proprietary
> information of DigitalGlobe, Inc. If you are not the intended recipient, or
> an agent or employee
> responsible for delivering this communication to the intended recipient, or
> if you have received
> this communication in error, please do not print, copy, retransmit,
> disseminate or
> otherwise use the information. Please indicate to the sender that you have
> received this
> communication in error, and delete the copy you received. DigitalGlobe
> reserves the
> right to monitor any electronic communication sent or received by its
> employees, agents
> or representatives.
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
>
--
SY, Seva Gluschenko.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
