On Mon, 10 Jun 2013 16:41:22 -0400
Martin Langhoff <martin.langh...@gmail.com> wrote:
> Sysadmins have the (reasonable?) expectation of installing more than
> one ssh key.
>
> Relevant bits from my current config follows:
>
> class rl_users {
> define ssh_user($uid, $gid, $password, $akey,
> $ensure=present) { user{ $name :
> ensure => $ensure, managehome => true,
> uid => $uid, gid => $gid,
> password => $password,
> groups => ['wheel'],
> require => Group[$name],
> }
> group { $name :
> ensure => $ensure,
> gid => $gid,
> }
> ssh_authorized_key { "${name}-akey":
> ensure => $ensure,
> key => $akey,
> type => 'ssh-rsa',
> user => $name,
> require => User[$name],
> }
> }
>
> @ssh_user { 'foo':
> uid=> 2004 , gid => 2004,
> password => '$6$foo',
> akey => 'AAAAB3xyz/VFwxhtYhw==',
> }
>
> # how can we support user bar?
> @ssh_user { 'bar':
> uid=> 2005 , gid => 2005,
> password => '$6$bar',
> akey => [ 'AAAAB3xyz/VFwxhtYhw==',
> ''AAAABzzzzz==' ]
> }
>
> Right now I have a fugly kludge in place to support a second "akey0"
> slot.
One workaround which comes to mind is to use regsubst on the $akey
array in order to make each element unique, and move the
ssh_authorized_key call to its own definition.
When it comes to iterating with puppet, the usual way to get where you
want is to apply a definition to an array. From there, you need to avoid
the (also usual) duplicate declarations, by extending and abusing the
$title if needed in order to make sure it's unique.
So here (these are quick hints, completely untested), something like
this should work, since "<user>-<sshkey>" is unique :
$user-akey = regsubst($akey, '^(.*)$', "${name}-\1")
my_ssh_authorized_key { $user-akey: ensure => $ensure }
Then :
define my_ssh_authorized_key ( $ensure ) {
$user = regsubst($title, '^(.+)-(.+)$', '\1')
$akey = regsubst($title, '^(.+)-(.+)$', '\2')
ssh_authorized_key { $title:
ensure => $ensure,
key => $akey,
type => 'ssh-rsa',
user => $user,
require => User[$user],
}
}
If there are more elegant solutions, I'd love to hear about them :-)
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matth...@saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
