Dear puppet wizards,
http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does not
suggest to me that nested parametrized defines would be forbidden, hence I
expected the following code to work:
add_to_ssh_authorized_keys.pp:
--------
define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home",
$targetuser="root", $keyowner, $keyownername, $state="present" ) {
$sshdir = "$homebasedir/$targetuser/.ssh"
$authfile = "$sshdir/authorized_keys"
ssh_authorized_key {"$keyow...@censhare.de($keyownername 4096) as $targetuser":
key => template("ssh_public_keys/$keyowner"),
ensure => "$state",
name => "$keyownername",
type => 'ssh-rsa',
target => $authfile,
user => $targetuser,
} }
---------
it_services_admins.pp:
---------
define a::ssh_keys::it_services_admins($user='root'){
censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah":
targetuser => "$user",
keyowner => 'blah',
keyownername => 'blah',
}
}
---------
class file:
------------
class ….{
censhare::ssh_keys::it_services_admins{ 'b':
user => 'b'
}
censhare::ssh_keys::it_services_admins { 'root':
user => 'root'
}
}
-----
I do however get: "Invalid resource type
a::ssh_keys::add_to_ssh_authorized_keys at
/etc/puppet/modules/censhare/manifests/ssh_keys/:7"
Any hints? If parametrized defines in fact can't be nested I would appreciate
it if the documentation clearly said so, would safe a lot of headache. If it
should work I can't figure out the correct syntax and would appreciate an
example.
Here's what I actually try to do, perhaps some of you comes up with a smarter
suggestion:
- I'd like to define ssh public keys in one place and avoid duplicates.
- These ssh key resources should be usable wrapped in 'groups' (e.g. "all keys
used to access the b user's account", ...) and on their own (for use with the
Unix account of this one specific user)
- There's a one-to-many relation, i.e. the key x might be used on one node in
her own Unix account x, together with all other members of the 'group' "all
keys used to access the b user's account" in Unix accounts c and d, and
together with "all keys used to access the b user's account" in Unix account
b.
- Some of the key owners will have a Unix account on the appropriate node, but
most won't, hence it's not possible to connect user and ssh_authorized_key
resources.
Thank you for helping me out!
Patricia
--
Patricia Jung
Senior Software and Support Engineer
censhare AG
Paul-Gerhardt-Allee 50, 81245 Muenchen, Germany
Fon +49 89 568236-311
Fax +49 89 568236-501
http://www.censhare.com
http://blog.censhare.com
Vorstand: Walter Bauer, Robert Motzke, Dieter Reichert
Aufsichtsratsvorsitzender: Matthias Zimmermann
Handelsregister: Amtsgericht Muenchen HRB 140617
USt-ID: DE219222021
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/D47029F0-D745-4594-A14F-07452104B9CC%40censhare.com.
For more options, visit https://groups.google.com/groups/opt_out.
