On Wednesday, August 14, 2013 6:39:05 PM UTC-5, Ygor wrote: [...]
> One thing I found about the ssh_authorized_key type is that is does not > work with : > resource { ‘ssh_authorized_key’: purge => true, } > so I have to explicitly un-manage the keys > > Yes, purging via the Resources meta-resource works only for types that can enumerate all their instances on the target node. Ssh_authorized_key is not one of those. Neither is File, though that type provides its own, more narrowly-scoped purging mechanism. > When you say "managing ~/.ssh/authorized_keys as a whole, via a > template”, do you mean as a separate class rather than as a facet of my > “users” class ? > > > Not necessarily. I am merely suggesting replacing the (2 * number_of_roles) Ssh_authorized_key resources for each user with a single File resource per user, with content driven by a template. Perhaps you could also drop the intermediate and bottom defined-type instances for each user. If your problems really arise from the memory consumed by all those Users::Restricted_ssh_user instances and the Ssh_authorized_keys they declare, then I think it will be a big win to replace them with a single File per user, even if the file content is comparatively large. As an added bonus, you would no longer need to worry about explicitly removing authorized keys that should no longer be present. I don't care where you hang the File resource(s), though it looks like it might fit nicely into your users::useraccount definition. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.