Hello,
I''m trying to reuse an ssh_authorized_key, but I''m having some
problems.
There was a recent thread about using the same key for different users, but
I didn''t see any resolution there. My issue is a bit different.
I''m
currently using this key:
class ssh_keys::all {
class bob {
ssh_authorized_key {"bob":
name => "bob@somehost",
ensure => present,
key => "*snip*"
user => "root",
type => ssh-dss
}
}
}
I''m trying to use this same key for authorization using svn, overriding
user
and options like so:
class repobob inherits ssh_keys::all::bob {
Ssh_authorized_key[bob] {
user => "repo",
options => "command=\"svnserve -t
--tunnel-user=bob\"",
}
}
include repobob
When I include the repopbob, oddly enough, the options for the key in
/root/.ssh/authorized_keys change, and no key is added to the repo user.
This seems like an appropriate use, but maybe I''m doing something
wrong.
Any ideas?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Fri, 12 Mar 2010, Bob Belnap wrote:> I''m trying to reuse an ssh_authorized_key, but I''m having some problems.If you want to use the same key in different ways (e.g. sometimes with and sometimes without options => "command=...") then you have to use separate ssh_authorized_key resources, with different titles and different names, like this: $bob_ssh_key = "*snip*" $bob_ssh_key_type = "ssh_dss" ssh_authorized_key {"bob": name => "bob@somehost", ensure => present, key => $bob_ssh_key, type => $bob_ssh_key_type, user => "root", } ssh_authorized_key {"bob to repo": # title cannot be "bob" name => "bob@somehost to repo", # name cannot be "bob@somehost" ensure => present, key => $bob_ssh_key, type => $bob_ssh_key_type, user => "repo", options => "command=\"svnserve -t --tunnel-user=bob\"", } --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Alan,
You just reminded me that the name has to be unique. It turns out it will
work when inherited, but you have to override the name as well. This works
as expected:
class repobob inherits ssh_keys::all::bob {
Ssh_authorized_key[bob] {
user => "repo",
name => "repobob@somehost",
options => "command=\"svnserve -t
--tunnel-user=bob\"",
}
}
include repobob
--Bob
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Correction: "seems to work as expected" :) overriding name gets it to the "repo" user, but does not keep in other places. Looks like I''m back to using variables. Thanks for the tip. --Bob -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> Correction: "seems to work as expected" :) overriding name gets it to the > "repo" user, but does not keep in other places. Looks like I''m back to using > variables. Thanks for the tip.what you can do is create a define per ssh key and then for example use $name of this define to build a title for the ssh_.. type, as well define the user, something like: define ssh::key::user1(){ ssh_authorized_key{"user1 for ${name}": user => $name, key => ''AAAA..'', ... } } and then you simply declare the define when you need key user1 for a certain user: ssh::key::user1{''root'': } ssh::key::user1{''dummy'': } or even shorter: ssh::key::user1{[''root'', ''dummy'']: } if you need to place a key for user1 for 2 users at one place. user1 can for example be a member of the team. with the define you can also easily deploy multiple keys per co-worker by simply putting a second key statement into the define. if you need to declare the same key at multiple places, you simply wrap the declaration of the define with a class and include this class wherever you would declare the define. for example: class ssh::key::user1::root { ssh::key::user1{''root'': } } somewhere else: include ssh::key::user1::root cheers pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks Pete! I owe you a beer. Using defines this way works much better.
And, for my issue with adding options, it''s just a matter of passing
in the
options to the define, then using:
ssh_keys::bob{"repo": options => "command=\"svnserve -t
--tunnel-user=bob\""}
Often it''s hard for me to get in the ''puppet mindset''
and I end up thinking
of things in a more general programming way. This is a good example of how
to think in a puppet way.
Thanks again.
--Bob
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.