[Puppet Users] Re: how to avoid ssh_authorized_key duplicates ?

Thu, 07 Jun 2012 07:32:54 -0700 

 Thanks you Felix for your answer, yes i'm trying to allow the same
key for diferents users and I'm checking your advised, it's welcome.

 I had been looking for more control on authorized_keys content files.
I'm trying another version using Ruby DSL ENC getting advantage of
ruby language power.

├── actkeys
│   └── manifests
│       └── init.rb

 Having init.rb something like :

 hostclass :actkeys , :arguments => {'accounts' =>
AST::ASTArray.new([])} do
  accounts = scope.lookupvar('accounts')

   ----

   accounts.each_with_index do |account, i|
    raise Puppet::Error, "accounts[#{i}] must be a Hash" unless
account.kind_of?(Hash)

    ---


  I think this way is great because allow us compare parameters class
values against file's contents and anything on agent environment
nevertheless I pretty sure might be a simple pure puppet solution.
Meanwhile, I'm learning at the same enjoy puppet package.

  I appreciate your help
  eduardo.

On 7 jun, 03:49, Felix Frank <felix.fr...@alumni.tu-berlin.de> wrote:
> Hi,
>
> On 06/05/2012 05:17 PM, eduardo wrote:
>
>
>
>
>
>
>
>
>
> >  First one is about how to avoid duplicate lines in authorized_keys,
> > having something like :
>
> >  define add_ssh_key( $key, $type ) {
>
> >             $username       = $title
>
> >             ssh_authorized_key{ "${username}_${key}":
> >                     ensure  => present,
> >                     key     => $key,
> >                     type    => $type,
> >                     user    => $username,
> >                     require => file["/home/$username/.ssh/
> > authorized_keys"]
>
> >             }
>
> >     }
>
> this should not produce duplicate lines by any means.
>
> It *will* however include the public key into the name of each key,
> which may be what's annoying you.
>
> Why are you wrapping the ssh_authorized_key? Are you allowing the same
> key to lots of different users?
>
> If so, you could try and make things more readably by only using the
> first 12 or so characters from the pubkey for the generated name (e.g.
> usinghttp://docs.puppetlabs.com/references/stable/function.html#sprintf).
>
> But honestly, I would add the key name as a third parameter and name the
> resources like this:
>
> define add_ssh_key( $key, $type, $keyname ) {
>             $username       = $title
>             ssh_authorized_key{ "${keyname}_for_${username}":
>                 ...
>
> }
>
> HTH,
> Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to