Re: [Puppet Users] Install a single pubkey on multiple system accounts located on the same node (duplicate definition error)

[Jan]

Hi *,

On 02/16/2011 11:19 AM, Jan wrote:
> I would like to create a pool of ssh pubkeys. The major goal is to be
> able to assign a single key to multiple users on a given node/system.
so here are some details on what I'm trying to do:

--------------------------------------------------------
       _______           _________      ___________
      |       |         |         |    |           |
      | node1 |---------| PUB KEY |<---| real user |
      |_______|         |_________|    |___________|
          |                                  |
          |                                  |
          |                                  |
          |                                  |
     -----------                           ******
     |         |                         **      **
  _______   _______                         USER
 |       | |       |                    *   POOL   *
 |  foo  | |  bar  |                     **      **
 |_______| |_______|                       ******

 .ssh/authorized_keys

--------------------------------------------------------

The user pool consists of key resources defined by the
ssh_authorized_key type. The users foo and bar are local system accounts.

Pubkey definition:

--------------------------------------------------------
[...]

define sshpubkey::users($systemAccount) {

        ssh_authorized_key {
        'jim':
        ensure => present,
        user => "$systemAccount",
        name => "unique@string.domain",
        type  => ssh-rsa,
        key => "[...]";
      }

[...]
--------------------------------------------------------

Assigning the key to different users:

--------------------------------------------------------
[...]

sshpubkey::users { "jim": systemAccount => "bar" }
sshpubkey::users { "jim": systemAccount => "foo" }

[...]
--------------------------------------------------------

At this point arrays are not working so I think that's because the
ssh_authorized_keys function don't know how to handle them. As another
option I had a look at the ssh::auth class but in fact this solution is
based on key distribution with automatic key generation which I don't need:

http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns

I also had a look at virtual resources but I think that this approach
won't solve my problem either. Guys, I'm stuck and could really use some
help with this. I know that I'm missing something, so any smallest
advice is greatly appreciated. Btw. I'm using puppet 2.6.4.

Many thanks

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.