On Wednesday, September 18, 2013 6:03:27 AM UTC-5, Roman wrote:
>
> Hi everyone,
>
> i am currently trying to reduce some redundancy in my puppet-setup. I have 
> setup user-account using virtual-resources like this:
>
> @users::account { 'xyz':
> uid => '1000',
> ...
> key => 'AAAsfhjujbh...'
> }
>
> Now i have written another simple module to setup mercurial-repositories 
> with hgssh3 access-protection which uses the same 'key' as above, but i 
> have to specify the key a 2nd time for the hgssh3-class:
>
> class hgssh3 ( $users=['',''] ) {
>       "/home/$name/.ssh/authorized_keys":
>         ensure => file,
>         replace => false,
>         mode   => 600,
>         content => template('hgssh3/authorized_keys.erb');
> ...
> }
>
> I was thinking i could somehow use the key-variable from the first class 
> in a the template of hgssh3 and just specify the user who should get 
> access? Is this at all possible?
>
> Thanks for every little hint or link ;)
>
> best regards,
> Roman
>
>
You cannot easily -- and anyway should not try to -- introspect declared 
resources.  It will cause you trouble, guaranteed.  You can, however, 
factor out data that are needed by multiple classes to some place where it 
is accessible to all of them.  In this case, for example, you can create a 
hash somewhere mapping usernames to their keys, and have the user::account 
declarations and the hgssh3 class both match keys to users by looking up 
the user names in the same hash.  The hash might live in a well-known class 
variable somewhere, or it could be loaded from external data at need (or 
both).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to