> Oops, I've been too fast. When I try to ssh::auth::key (realize > Ssh::Auth::Key["$keyname"]) and ssh::auth::server without > ssh::auth::client on a node, it fails on the master : > > err: Failed to realize virtual resources Ssh::Auth::key[...@ssh]
ssh::auth::key can't be made into a virtual resource at present, so realize Ssh::Auth::Key[$keyname] # INCORRECT isn't the right usage. The right usage is as shown in http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth#basic-usage. However, I am thinking of changing to a virtual-resource type of interface. That's what the "unstable" note at the top of http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth is about. So instead of writing e.g. ssh::auth::key { "alice": } node sshserver { ssh::auth::server { "alice": } } you might write something like @ssh::auth::key { "alice": } node sshserver { realize Ssh::Auth::Key { "alice": } } There are some complications to this, and I haven't decided yet which method is best. But for now, you'll have to stick with the first method. > > > I spent some time to find the subtle difference (regarding $home) > > > between : > > > > > ssh::auth::server { "r...@ssh": } > > > > > And : > > > > > ssh::auth::server { "r...@ssh": > > > user => "root", > > > } > > > > > ;) > > > > Please, enlighten me. If it's not right, I'll correct it. > > What surprised me and made me loose some time to understand was the > default "/home" you add in your code. I hate "hidden" defaults ... > Perhaps you could either : update your doc about this default or just > remove it ... My feeling is not to have defaults in the code since > this isn't reliable over time: just remove it and force users to code > it. This is just my advice and any default won't hurt me anymore since > I now force this parameter ;) http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth#home clearly states that the default is /home/$user. Of course that isn't generally right for root or for other system users, but it can be overridden as you say. But what I thought I understood you to say is that the two cases mentioned above give different values of $home. That shouldn't happen, but it might if you specify $home in ssh::auth::key, and $user but not $home in ssh::auth::server or ::client. I'll look into that too. > > > Just find me a way of installing one key into several user's > > > authorized_keys and I'll be your happiest user ever ! > > > > I'm looking into it. > > I'd like to see how ... Will certainly be a good puppet lesson for > me ;) And for me too :| Frankly, on first look I doubt that it can be done in just Puppet, without dropping into Ruby. The problem is that Puppet's array handling is very primitive. You can loop over arrays using defines, but that's about all, and it may not be enough for this case. I suspect that the solution to this problem will only come by converting the ssh::auth defines into native Ruby types. I'd like to do that eventually, in order to do some of the processing in a more straightforward way, and probably get better performance too. But it would take a fairly large amount of time, and I'm not sure that I have it. Andrew. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
