On Fri, Jun 15, 2012 at 6:21 AM, eduardo <erodr...@gmail.com> wrote:
> Having advised :
> 'it is highly recommended to migrate work from exec to native
> Puppet types as quickly as possible.'
>
> Is there any chance to purge keys ?
>
> Do nothing writing resources { "ssh_authorized_key": purge => true }
> in my init.pp module.
To support purging, the puppet type need to to be able to query all
instances of the resource. In this case because ssh_authorized_keys
can write to different file locations, it does not have the ability to
detect all ssh keys that exists on the system and therefor it will not
have the ability to purge. In some cases, this is a limitation of the
provider which does not implement self.instances (for example this was
the case for a long time for mysql database type), but in this case I
don't believe it will ever support it.
An easy way to see if a resource supports purging is simply via the
puppet resource command. If puppet resource <type> can list all
instance of that resources then it supports purging, otherwise it does
not.
# for example host supports purge
$ puppet resource host
host { 'ip6-allnodes':
ensure => 'present',
ip => 'ff02::1',
target => '/etc/hosts',
}
...
# try this with ssh_authorized_key, and it returns nothing
$ puppet resource ssh_authorized_key
In this case, a file fragment pattern with puppet-concat will be
suitable for managing a specific ssh key file with support for
purging.
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
