On 11-12-15 02:29 PM, Matthew Nicholson wrote:
> I've stopped collecting dsa keys, we don't care about those, and are
> looking to cut our run times down (about 1750 hosts). However, I'm
> assuming that a new node brought online will still get all the dsa
> keys since they have already been collected, right?
Actually, resources live for as long as they are being exported by
nodes. If puppet runs and doesn't "re-export" a resource, it is cleaned
out of the storedconfigs database.
So, assuming that all of your clients run periodically without errors,
now that you removed RSA key exporting, the RSA keys should get cleaned
out of the database after all clients have run puppet.
The key files that were already installed won't get removed from
servers, though. For that, you'd have to export resources for the RSA
keys by forcing "ensure => absent" on them.
> Can I do something like:
>
> class ssh::knownhosts {
> Sshkey <<| type= 'rsa' |>> {ensure => present}
> }
this should surely work, yes.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
