On Wednesday, August 14, 2013 6:39:05 PM UTC-5, Ygor wrote:
[...]
> One thing I found about the ssh_authorized_key type is that is does not
> work with :
> resource { ‘ssh_authorized_key’: purge => true, }
> so I have to explicitly un-manage the keys
>
>
Yes, purging via the Resources meta-resource works only for types that can
enumerate all their instances on the target node. Ssh_authorized_key is
not one of those. Neither is File, though that type provides its own, more
narrowly-scoped purging mechanism.
> When you say "managing ~/.ssh/authorized_keys as a whole, via a
> template”, do you mean as a separate class rather than as a facet of my
> “users” class ?
>
>
>
Not necessarily. I am merely suggesting replacing the (2 * number_of_roles)
Ssh_authorized_key resources for each user with a single File resource per
user, with content driven by a template. Perhaps you could also drop the
intermediate and bottom defined-type instances for each user. If your
problems really arise from the memory consumed by all those
Users::Restricted_ssh_user instances and the Ssh_authorized_keys they
declare, then I think it will be a big win to replace them with a single
File per user, even if the file content is comparatively large. As an
added bonus, you would no longer need to worry about explicitly removing
authorized keys that should no longer be present.
I don't care where you hang the File resource(s), though it looks like it
might fit nicely into your users::useraccount definition.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
