> No, I created this pool by using some simple resource definitions based
> on the ssh_authorized_key function.
It would be easier if you posted more of your code.
>> You should have a define as follows:
>>
>> define pooled_user($realname="anonymous") {
>> user { "$name": description => $realname, ... }
>> # insert code here to make sure ~/.ssh/ exists etc.
>> ssh_authorized_key { "jim@uniqe.email_for_$name":
>> key => YOUR_KEY_HERE,
>> ...
>> }
>> }
>
> I think I didn't got it yet but just to stay with your example I'm using
> the following definition:
>
> ------------------------------------------------------
> [...]
>
> define pooled_user($realname="anonymous") {
> user { "$name": description => $realname, ... }
> # insert code here to make sure ~/.ssh/ exists etc.
> ssh_authorized_key { "jim@uniqe.email_for_$name":
> key => "KEY-PLACEHOLDER"
> }
> }
>
> [...]
> ------------------------------------------------------
>
> When using the realize statement I don't know which naming attribute to
> use? The "key =>" contains a template or even the PEM encoded key of
> user "jim" but except it's resource name "jim@uniqe.email_for_$name"
> there is no naming attribute for this resource.
>
> So of course puppet throws an error when using the following definition
> because virtual resource "jim" cannot be found.
Sorry if I caused confusion. I didn't mean to suggest you insert a
key-placeholder in your define. From what I inferred, you were creating
multiple accounts all sharing the same key. I now think I was mistaken
there.
Anyhow, still building on the given example, it would make most sense
for you to make the key a parameter:
define pooled_user($realname="anonymous",$key) {
user { "$name": description => $realname, ... }
# insert code here to make sure ~/.ssh/ exists etc.
ssh_authorized_key { "pubkey_for_$name":
key => $key, ...
}
}
Then simply use it as
pooled_user {
"jim": key => "AAAAB3N...";
"joe": key => "AAAAB3N...";
"jack":key => "AAAABsX...";
}
No need for virtualization or realize() if you haven't needed it before.
Notice that the keys can be identical. The structure will ensure the
names are not.
Hope this makes things more clear.
Cheers,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
