[Puppet Users] Re: Assign multipe PublicKeys to multiple System Users

Thu, 24 May 2012 06:19:56 -0700 

On May 23, 7:51 am, tommodore <kraeut...@googlemail.com> wrote:
> Hi,
>
> I'm trying to assign PublicKeys from a set of users to multiple System
> Users like
>
> node example.example.com {
>         include ssh::auth
>         ssh::auth::server { ["thomas", "peter", "steve",  ]: user =>
> "appuser" }
>         ssh::auth::server { ["thomas", "peter", ]: user => "admin" }
>
> }
>
> I got following error:
> Could not retrieve catalog from remote server: Error 400 on SERVER:
> Duplicate definition: Ssh::Auth::Server[thomas] is already defined in
> file /etc/puppet/manifests/nodes.pp
>
> Does anyone knows a workaround for this?


Much depends on the definition of ssh::auth:server, which you did not
provide.  I took a quick look around for a public release of it
somewhere, but nothing turned up.  I can therefore speak only in
generalities.  There are three possibilities:

1) If the ssh::auth::server definition supports it, you can specify
the "user" property as an array:
node example.example.com {
        include ssh::auth
        ssh::auth::server { 'steve': user => 'appuser' }
        ssh::auth::server { ['thomas', 'peter', ]: user => ['admin',
'appuser'] }
}

2) Alternatively, it may be possible to separate the resource title
from the system user.  It could be something similar to this:

node example.example.com {
        include ssh::auth
        ssh::auth::server { 'steve': user => 'appuser' }
        ssh::auth::server { 'thomas-admin':
            sys_user => 'thomas',
            user => 'admin'
        }
        ssh::auth::server { 'peter-admin':
            sys_user => 'peter',
            user => 'admin'
        }
        ssh::auth::server { 'thomas-appuser':
            sys_user => 'thomas',
            user => 'appuser'
        }
        ssh::auth::server { 'peter-appuser':
            sys_user => 'peter',
            user => 'appuser'
        }
}

3) If the ssh::auth::user type does not support either of the above
approaches, then you'll need to modify it to do so or replace it with
something different that does.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to