On Wednesday, September 18, 2013 6:03:27 AM UTC-5, Roman wrote:
>
> Hi everyone,
>
> i am currently trying to reduce some redundancy in my puppet-setup. I have
> setup user-account using virtual-resources like this:
>
> @users::account { 'xyz':
> uid => '1000',
> ...
> key => 'AAAsfhjujbh...'
> }
>
> Now i have written another simple module to setup mercurial-repositories
> with hgssh3 access-protection which uses the same 'key' as above, but i
> have to specify the key a 2nd time for the hgssh3-class:
>
> class hgssh3 ( $users=['',''] ) {
> "/home/$name/.ssh/authorized_keys":
> ensure => file,
> replace => false,
> mode => 600,
> content => template('hgssh3/authorized_keys.erb');
> ...
> }
>
> I was thinking i could somehow use the key-variable from the first class
> in a the template of hgssh3 and just specify the user who should get
> access? Is this at all possible?
>
> Thanks for every little hint or link ;)
>
> best regards,
> Roman
>
>
You cannot easily -- and anyway should not try to -- introspect declared
resources. It will cause you trouble, guaranteed. You can, however,
factor out data that are needed by multiple classes to some place where it
is accessible to all of them. In this case, for example, you can create a
hash somewhere mapping usernames to their keys, and have the user::account
declarations and the hgssh3 class both match keys to users by looking up
the user names in the same hash. The hash might live in a well-known class
variable somewhere, or it could be loaded from external data at need (or
both).
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
