-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I read and find a way (well, there seems to be several equal implementations) to collect the ssh keys of machines. However they all give only the choice to choose between the key formats. But is there a way to collect both keys of a machine, the rsa _and_ the dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as the key is the machine name and it have to be unique. Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAt1iZ+OKpjRpO3lAQpLMQf+Py9qYeIy4oYlY4Mx1LFkYIohfefYmchV 7HkUIZLsNr8MKXMLZfqB5svixYaC0T8ZC6Ap6WyVK8Y1YfkMw4hiw6u0WZjHtek2 iAeFA/m17ZcPyAtji6lSjJOHTVG8LT4GN+9dfAKmmXEGpRlZ1TQxQXH7jqE916ud Hd4xll0GgxhFPaVXeC4fLzDHQwcYjPwaoov1ULDd5xF+7jpN0/hfJyDnT7FnC2Qw xTDCpYeQPSvjB5GvjsqOvdFz+v7RLCUktdeRUq3Q+xMlcpj/aftm/w6v8CjhFL1L 6Flsx0MFLM9Y+cZ+3up3ds3tigRASN43qtYsCyWCvX4tvtbTAKMLNw==lCF5 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/06/2010 06:16 AM, Klaus Ethgen wrote:> Hello, > > I read and find a way (well, there seems to be several equal > implementations) to collect the ssh keys of machines. However they all > give only the choice to choose between the key formats. > > But is there a way to collect both keys of a machine, the rsa _and_ the > dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as > the key is the machine name and it have to be unique. > > Regards > Klaus EthgenKlaus, do you all your machines by defualt actually have both DSA and rsa types? regardless, you can collect like this Ssh_authorized_key <<| type => "rsa" ||> Ssh_authorized_key <<| type => "dsa" ||> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L''ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/06/2010 08:00 AM, Joe McDonagh wrote:> On 06/06/2010 06:16 AM, Klaus Ethgen wrote: >> Hello, >> >> I read and find a way (well, there seems to be several equal >> implementations) to collect the ssh keys of machines. However they all >> give only the choice to choose between the key formats. >> >> But is there a way to collect both keys of a machine, the rsa _and_ the >> dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as >> the key is the machine name and it have to be unique. >> >> Regards >> Klaus Ethgen > Klaus, do you all your machines by defualt actually have both DSA and > rsa types? regardless, you can collect like this > > Ssh_authorized_key <<| type => "rsa" ||> > Ssh_authorized_key <<| type => "dsa" ||>Slight typo there enclosed inside those little brackets it''s <<| |>> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L''ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am So den 6. Jun 2010 um 13:00 schrieb Joe McDonagh:> > But is there a way to collect both keys of a machine, the rsa _and_ the > > dss key (and maybe the rsa1 too)? I didn''t find a way to solve this as > > the key is the machine name and it have to be unique.[...]> Klaus, do you all your machines by defualt actually have both DSA and > rsa types?Sure. And they get collected by facter without problems. But I am only able to disperse one of them to all hosts.> regardless, you can collect like this > > Ssh_authorized_key <<| type => "rsa" ||> > Ssh_authorized_key <<| type => "dsa" ||>Oh, seems to be a misunderstanding. I do not mean the authorized keys I do mean the host keys of the machines. (The ones found in /etc/ssh/ssh_host_{rsa,dsa}_key.pub.) Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAvRF5+OKpjRpO3lAQr7XQf7BJLkXQbPtVXDjua0ycIO49Zobg5Mpe4X td+GGONOUGfmysqr9A/jYPV01j3QueRv/i/RqqAfV6BiFQX3CWzvsJ5uP1KMoVQ4 T5GNL7ZJ3GNeuq/rgrmLLSvEc8wbgTxfaZNTHi4VYbGNsQ7vhkC67usYM6uW4WPl mBbnfibIZRpb8zOf3Aq2g9RclORxHPYgpS139AtId8NTn6uUFWHEFJLkR+K9+hGq ONx7No5S/fJKGLJkCXpQwzG5DPUeYen5FP2DsqujVMgavXVUWaaV9r5RoBcSd5hj G/zWF1H0Cjh8eZ6b16MdqWT8M203LdSvsPjwuhUumOubQUpZ2XjToA==WRG1 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/06/2010 12:47 PM, Klaus Ethgen wrote:> Sure. And they get collected by facter without problems. But I am only > able to disperse one of them to all hosts. > > >> regardless, you can collect like this >> >> Ssh_authorized_key<<| type => "rsa" ||> >> Ssh_authorized_key<<| type => "dsa" ||> >> > Oh, seems to be a misunderstanding. I do not mean the authorized keys I > do mean the host keys of the machines. (The ones found in > /etc/ssh/ssh_host_{rsa,dsa}_key.pub.) > >I feel like you may be using the term ''collected'' without knowing that it is actually a technical term within puppet. You probably want to check out the exported resources wiki page, since the principals are the same for exporting and collecting resources of any type. -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode "When the going gets weird, the weird turn pro." -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sun, Jun 6, 2010 at 6:16 AM, Klaus Ethgen <Klaus+puppet@ethgen.de> wrote:> I read and find a way (well, there seems to be several equal > implementations) to collect the ssh keys of machines. However they all > give only the choice to choose between the key formats.I''m not sure I understand your question, but doesn''t this work? ssh-keyscan -t dsa,rsa hostname -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Di den 8. Jun 2010 um 17:15 schrieb Michael Semcheski:> I''m not sure I understand your question, but doesn''t this work? > > ssh-keyscan -t dsa,rsa hostnameSure. But that is exact the point. If I collect the information with ssh-keyscan there is a little change that the key is wrong and not the one of the machine. Puppet give a nice way to collect the ssh keys of all hosts it manage from facter. And it provides also a nice way to spread all that collected keys to all machines known-hosts file. Unfortunately the key for the key (ehem, I hope you can follow. ;-) is the host name so you have to choose which one of each host you want to spread to all machines. Regards Klaus Ethgen Ps. Disclaimer: This mail is in British English and not in puppet English. That means I use terms like "collect" in the British meaning and _not_ for the puppet meaning. - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTA6D0p+OKpjRpO3lAQpgYgf8DofFGj/rKVADMCyXQy0sO2PEhCafCjnG I4jTyabNeydx2vwqAn+II1/YZf+muHbToFaFZlqIx3cxr6dMoqJtYPoLt95q3Swb Muckvi8eJ4xVf4iJdB678JfMAbH2Kf4LC4g6dD6OHHPSQB/tA93EakOOWTqDGUoE t2IGGRE2F1lerPIwi3+zPWnZKTXgPKYHEre1MuIpyOxyGxmzTiCjnXGsjUZcjmea X35euWMUpctRuPcWNyUGKl8xbmQeuV5EvHPkayBwmKnSNXRaRENMiXpmg05W5Sv9 2qhrroNlTlgAtohtheDiJ71EKROmjLGWzc69tJDANwX7gwKSpXcPdg==KR7v -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/08/2010 01:54 PM, Klaus Ethgen wrote:> Hi, > > Am Di den 8. Jun 2010 um 17:15 schrieb Michael Semcheski: >> I''m not sure I understand your question, but doesn''t this work? > >> ssh-keyscan -t dsa,rsa hostname > > Sure. > > But that is exact the point. If I collect the information with > ssh-keyscan there is a little change that the key is wrong and not the > one of the machine. Puppet give a nice way to collect the ssh keys of > all hosts it manage from facter. And it provides also a nice way to > spread all that collected keys to all machines known-hosts file. > Unfortunately the key for the key (ehem, I hope you can follow. ;-) is > the host name so you have to choose which one of each host you want to > spread to all machines.This is one of the cases where ''tags'' are really useful. You can tag something like tag => "for_collection" in the exported resource, then when you collect the exported resource, you would do Sshkey <<| tag => "for_collection" |>>.> > Regards > Klaus Ethgen > > Ps. Disclaimer: This mail is in British English and not in puppet > English. That means I use terms like "collect" in the British > meaning and _not_ for the puppet meaning.Right but it serves no one including yourself to continue using a technical term in a technical forum when you really mean some other concept or principle. It seems like exactly what you want is collecting exported resources. I recommend checking wiki:ExportedResource if what I am saying makes no sense. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L''ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Mi den 9. Jun 2010 um 3:35 schrieb Joe McDonagh:> > But that is exact the point. If I collect the information with > > ssh-keyscan there is a little change that the key is wrong and not the > > one of the machine. Puppet give a nice way to collect the ssh keys of > > all hosts it manage from facter. And it provides also a nice way to > > spread all that collected keys to all machines known-hosts file. > > Unfortunately the key for the key (ehem, I hope you can follow. ;-) is > > the host name so you have to choose which one of each host you want to > > spread to all machines. > > This is one of the cases where ''tags'' are really useful. You can tag > something like tag => "for_collection" in the exported resource, then > when you collect the exported resource, you would do Sshkey <<| tag => > "for_collection" |>>.Have to test this out if that work with the existing ssh-hostkey type, thanks for that hint.> > Ps. Disclaimer: This mail is in British English and not in puppet > > English. That means I use terms like "collect" in the British > > meaning and _not_ for the puppet meaning. > > Right but it serves no one including yourself to continue using a > technical term in a technical forum when you really mean some other > concept or principle.Ok, I forgot to add a smile. However, it is really difficult for some which mother thong is not English to distinguish between the technical term used just in on software and the correct English word. So telling the one that "collect" is a technical term in puppet with a completely different meaning than "collect" in English maybe, is not helpful and more confusing.> It seems like exactly what you want is collecting exported resources. > I recommend checking wiki:ExportedResource if what I am saying makes > no sense.Exact. And I still read that sources. With the Sshkey type there is still a implemented solution to collect that keys and export them to all hosts. But that Type only allow to export one of the two hostkeys a host have. And that is the source of my question. Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTA9Xb5+OKpjRpO3lAQpR4Af+ONFCFUNrfhG6La0zrrLYkU7qa2OXprZm 8bGlEZFTYCYvPeNmc3aNBAyz+OK15GZ3ZdOPfHY+dgTOuFTCg8TzmtcZ0C07U5aq WITlW+aoN1SH8Xx+FrpGEbuJlDbfcZB8nkkvRu3r400GifHLLduJ1690M/7BpBv/ 5uELFG15TyeUSx92DuU8tD5S9i4s3oxPYFmLWuunywdNFjiQI36DZl/Ja5X2v9+C Ox+dPjRGQRMwhvh1WN//p+85V+pVbZmCsD73qynMfxnO7G6LhMjy4vBluMFDO0LX VFUzZev/Fd26wGsqyI+7WUfMZhUbBegCt7oPUy3GzOBqaKrsO4ot6A==wyft -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/09/2010 04:57 AM, Klaus Ethgen wrote:> > Exact. And I still read that sources. With the Sshkey type there is > still a implemented solution to collect that keys and export them to all > hosts. But that Type only allow to export one of the two hostkeys a host > have. And that is the source of my question. > >Klaus, I assume you mean both the dsa and rsa key types; the sshkey type provides for specifying which you want. From the docs at http://docs.puppetlabs.com/references/stable/type.html: type The encryption type used. Probably ssh-dss or ssh-rsa. Valid values are |ssh-dss| (also called |dsa|), |ssh-rsa| (also called |rsa|). -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode "When the going gets weird, the weird turn pro." -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Am 09.06.2010 10:57, schrieb Klaus Ethgen:>> It seems like exactly what you want is collecting exported resources. >> I recommend checking wiki:ExportedResource if what I am saying makes >> no sense. > > Exact. And I still read that sources. With the Sshkey type there is > still a implemented solution to collect that keys and export them to all > hosts. But that Type only allow to export one of the two hostkeys a host > have. And that is the source of my question.You''ll need to set a properly unique title, and set the namevar explicitely: @@sshkey { "${fqdn}dsa": name => $fqdn, ... "${fqdn}rsa": name => $fqdn, ... } This should become easier once composite titles are implemented. Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt:> You''ll need to set a properly unique title, and set the namevar explicitely: > > @@sshkey { > "${fqdn}dsa": > name => $fqdn, > ... > "${fqdn}rsa": > name => $fqdn, > ... > }That idea was pretty good. But then I get the message: err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource Sshkey[xxx.yyy.ch] already exists at /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch So, this approach is a dead end too unfortunately. Best regards and many thanks for the idea. Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTERml5+OKpjRpO3lAQpeRgf9Hy1QofMwLOIwE5w51I0eMM8KhqFATQuf yTdMv+eh0Q2gDZ7MUHq28CVp5z1FbsZvMPVx5eUNYwhmj7rMjHXyx2x4UA5l952C VKCZ5AxJ2tC8JXynwIfxkNR2q+wTJftBfI1XwNvi/Mc2F7H1RfZTSpfiIXzf8NSR 0Iu/AWnDoTpyHLnkrWFVubQqbHVuSrE3AjHJJDOHHp5bOVxzFZ5l3KK/gemrDSNb FYOWG7iaXHWaeY3M6DP6ERZtpOgdz+dbBfMHHHNJgdVUar3wB0tOarZBl0KeAYc8 WafT4aaWfwmysSOELcT6ZRGax9DxxDu0wC8f4FP6deDX9FJu3nwMqw==d+Mw -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jul 19, 2010, at 7:52 AM, Klaus Ethgen wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt: >> You''ll need to set a properly unique title, and set the namevar explicitely: >> >> @@sshkey { >> "${fqdn}dsa": >> name => $fqdn, >> ... >> "${fqdn}rsa": >> name => $fqdn, >> ... >> } > > That idea was pretty good. But then I get the message: > err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource Sshkey[xxx.yyy.ch] already exists at /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch > > So, this approach is a dead end too unfortunately. > > Best regards and many thanks for the idea.In practice I think you will only need the rsa key. Try just using rsa (and if that doesn''t work just dsa) and see if you are able to connect without warnings. If I remember right, ssh clients usually only use one key, and modern clients usually only use rsa keys. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mon, Jul 19, 2010 at 7:52 AM, Klaus Ethgen <Klaus+puppet@ethgen.de> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt: >> You''ll need to set a properly unique title, and set the namevar explicitely: >> >> @@sshkey { >> "${fqdn}dsa": >> name => $fqdn, >> ... >> "${fqdn}rsa": >> name => $fqdn, >> ... >> } > > That idea was pretty good. But then I get the message: > err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource Sshkey[xxx.yyy.ch] already exists at /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.chThe name attribute is the namevar and as such must also be unique in the catalog. Try this: @@sshkey { "${fqdn}-dsa": host_aliases => "${fqdn}", key => "${sshdsakey}"; "${fqdn}-rsa": host_aliases => "${fqdn}", key => "${sshrsakey}"; } Sshkey <<||>> This will prevent duplicate resource definitions. Hope this helps, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am Mo den 19. Jul 2010 um 21:34 schrieb Jeff McCune:> The name attribute is the namevar and as such must also be unique in > the catalog. > > Try this: > > @@sshkey { > "${fqdn}-dsa": > host_aliases => "${fqdn}", > key => "${sshdsakey}"; > "${fqdn}-rsa": > host_aliases => "${fqdn}", > key => "${sshrsakey}"; > } > > Sshkey <<||>> > > This will prevent duplicate resource definitions.That was my idea too. But then it complies that there is a duplicated alias. As it seems there is no way at the moment to get both. Man has to choose between them. :-( Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTEVT55+OKpjRpO3lAQo2jwf/UcNvTebz53RTKYt6RCENyWfaMvgHgeik oO0n3Vy32Cusonft5PdGgoOpOi0AvZuXDpoOIPFeuHFfbyxEJ6JtWsfOFnrBxVNE Lc6Li1oXX++PfPzOKoIQoYrkwHm8gL5IdDz57alEiL5RVp+VoFg3CgLUigJw5Ayr 1yU5yIklV2768bg4EfMxl44OQ3qSx/uiaEBFewP7wwgsd2EonCNXme+gu4OaJIpG 6IWKF7TUJwO2TxAzaGO++duazCkn9M0FtZnueb/aiJuUz7rGqAr7zyepZ4nD89AC Zdxlrj/8CvIIxAeEsW2FKUdgipGqK+aeX7eYOQULCuOjTNFJXZD8bg==meg+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1>> This will prevent duplicate resource definitions. > > That was my idea too. But then it complies that there is a duplicated > alias.too bad.> As it seems there is no way at the moment to get both. Man has to choose > between them. :-(I think this should be possible in 2.6, with the combined resource identifiers. cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxFyWQACgkQbwltcAfKi39opwCcC1BfaBB+xQDDzJpRHIWCD6dR Q+QAoKrXStLa3obCQ7eqWmGj/DwaUnUH =UVgh -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 7/19/2010 10:34 PM, Jeff McCune wrote:> On Mon, Jul 19, 2010 at 7:52 AM, Klaus Ethgen<Klaus+puppet@ethgen.de> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hi, >> >> Am Sa den 12. Jun 2010 um 10:03 schrieb David Schmitt: >>> You''ll need to set a properly unique title, and set the namevar explicitely: >>> >>> @@sshkey { >>> "${fqdn}dsa": >>> name => $fqdn, >>> ... >>> "${fqdn}rsa": >>> name => $fqdn, >>> ... >>> } >> >> That idea was pretty good. But then I get the message: >> err: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Sshkey[xxx.yyy.chrsa] to xxx.yyy.ch; resource Sshkey[xxx.yyy.ch] already exists at /etc/puppet/modules/ssh/manifests/init.pp:44 on node xxx.yyy.ch > > The name attribute is the namevar and as such must also be unique in > the catalog. > > Try this: > > @@sshkey { > "${fqdn}-dsa": > host_aliases => "${fqdn}", > key => "${sshdsakey}"; > "${fqdn}-rsa": > host_aliases => "${fqdn}", > key => "${sshrsakey}"; > } > > Sshkey<<||>> > > This will prevent duplicate resource definitions. > > Hope this helps,jeff, http://docs.puppetlabs.com/guides/types/ssh/sshkey.html doesn''t talk about host_aliases, so something''s wrong here. Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Mo den 26. Jul 2010 um 8:13 schrieb David Schmitt:> On 7/19/2010 10:34 PM, Jeff McCune wrote: > > host_aliases => "${fqdn}",[...]> http://docs.puppetlabs.com/guides/types/ssh/sshkey.html doesn''t talk > about host_aliases, so something''s wrong here.Well, there is definitively a little confusion. puppetdoc tell you about host_aliases and tell you why not to use alias. However, it doesn''t matter for this particular problem as it doesn''t work either. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTE1XiZ+OKpjRpO3lAQquOQf+KTjP98r8pSNhuXWu0Tjjih7FNnv9UJ7D n8bl4eH3Bb+tE2VNoUX3HS/XgzPnb33TfDjxgyA9Lb/4w+ypNRP3K0KF7/p76Q3B tUdNJVof+uwFf/E0HZSVb0Uf/OMvjs7JBvk37QsZYf+okVI7vxnMsZgpTgV5hgpm b9LzqhLb5nP5jIXiY29ngIgKhsyy0L2dVZNB3j0BVTI5kwmwMqeY2oRWpvB311BX VHH8DjzET/1eBUyiB9FL6p1cIFbVLGigWfBfoA68VF+D8VsVtLzpHjvZ9typ4Oo9 f0wco/ROx3qIA57oXl6rTJ8BNolNVzPS/bHkkMCBGZPKrBmNFvexEA==bXbh -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mon, Jul 26, 2010 at 3:38 AM, Klaus Ethgen <Klaus+puppet@ethgen.de> wrote:> > However, it doesn''t matter for this particular problem as it doesn''t > work either.Hrm... Could you be more specific about what''s not working? The two resources I posted should manage both the DSA and RSA keys on all of your systems. What''s the error you''re getting? Cheers, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Di den 27. Jul 2010 um 2:54 schrieb Jeff McCune:> > However, it doesn''t matter for this particular problem as it doesn''t > > work either. > Hrm... Could you be more specific about what''s not working? The two > resources I posted should manage both the DSA and RSA keys on all of > your systems.I still wrote it. It complies about duplicate host alias (or that the alias ist still defined, I do not know exactly anymore).> What''s the error you''re getting?If you need the correct error message I have to do the test once more. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTE6Pw5+OKpjRpO3lAQqH1wf/VknAy+vhZErA/i0MfFushl4JWGZNJ9Sm 6IfJGsWy+5/CpnNNcRMqICcIAPn91fplw5j87sSpeig31nJsMBniLqprWxViTDBL iaHcfc9isV5OuWX3lR6rCSgi6ZQp2tEkGOci/HkKu3mnc/FZH6yz3awIftTigsXR dqt40Gp1ZW8gEO8MqGem3FQ56sZQJ96rMCcrvID68fVLMaalKlzzXimHfM8oRcrU OPb8xebHBVB4w/P0KajhdqF0HqiKcyQQekj/HjUe0xv+dbaXF7jGmNylNrXKsoM8 HAcxclWQG9855vnDIDLJIqHkJ5ve/v8sybNd+DOE/wdi19uU8fbwng==wkF/ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.