On Sun, 2008-09-28 at 15:54 +0200, Jeroen van Meeuwen wrote:
> Hi there,
>
> I'd like to collect some feedback on a conceptual simple Puppet Common
> Module I want to propose;
>
> http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
Nice. The one thing that leaves a bad taste in my mouth is the way the
file statements try to let you control which exact ssh{,d}_config file
is used on a client: won't that in practice go back pretty quickly to a
situation of one file per host on the server ? Even worse, when an
update to the package wants to change the default for some setting (or
add a new one), you'll have to spend lots of time merging that change
into all the copies of ssh{,d}_config.
Not surprisingly, I'd advocate to only manage the places where the
ssh{,d}_config needs to deviate from the default that's shipped in the
package, and to do that with Augeas. So, instead of blowing out the
entire file to a client, just say something like
augeas { "sshd-config-mods":
context => "/files/etc/ssh/sshd_config"
changes => [
"set UsePam no",
"set PermitRootLogin yes"
]
}
with appropriate Puppet-specific logic to adjust for differing file
locations etc.
David
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
