On Tue, Dec 14, 2010 at 1:03 PM, Tim Watts <t...@dionic.net> wrote:
> Right. Now I'm not sure I see further down a solution unless it falls out
> of one of the environment or selector bits - I'll offer a standard "problem"
> and ask what the "puppet way" is if I may...
>
> OK - /etc/ssh/sshd_config - it's very common on a large uni site to have
> several versions - one for servers, one for staff PCs, another for student
> PCs, another for a "really secure server" and also to have ad-hoc exceptions
> on odd named PCs.
>
> If you don't like sshd_config, then mentally substitute /root/.k5login
>
> How does one handle this cleanly and concisely in puppet, based on the node
> inheritance scheme?
>
This seems like it encapsulates most of your concerns, so I'm addressing it.
If I dropped something you really wanted a reply to, say so.
There are many ways to do this, but this is the one I tend towards:
file { "/etc/sshd/sshd_config":
ensure => present,
owner => "root",
group => "root",
mode => "0644",
source => "puppet:///sshd/etc/sshd/sshd_config.${sshd_type}",
}
In your base node (i.e., top level inheritance) set a default:
node base {
$sshd_type="client"
include sshd
}
node myclient inherits base {
}
node myserver inherits base {
$sshd_type="server"
}
This would require sshd_config.client. Override it on a per-node basis.
External nodes scripts make this sort of thing simpler.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
