I''m currently searching around/reading up on exported resources, but
figured I''d ping the list to see if someone had a quick answer.
I''m collecting and exporting ssh keys, basically like the example in
ProPuppet and in the wiki etc. I was collecting both rsa and dsa keys,
and exporting all keys.
I''ve stopped collecting dsa keys, we don''t care about those,
and are
looking to cut our run times down (about 1750 hosts). However, I''m
assuming that a new node brought online will still get all the dsa
keys since they have already been collected, right?
Can I do something like:
class ssh::knownhosts {
Sshkey <<| type= ''rsa'' |>> {ensure
=> present}
}
to only hand out the rsa ssh keys?
--
Matthew Nicholson
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
I''m not quite sure, but my experience is that as soon as you remove the @@-resources from your node configuration, they will also be dropped from the database by the Puppet master. You may want to check with some select-statements if this is really true. I once deleted some resources manually from the database since I was not sure if it''s done automatically - worked well, too. But, as mentioned, I think the master is doing this for you. Bernd> -----Ursprüngliche Nachricht----- > Von: puppet-users@googlegroups.com [mailto:puppet- > users@googlegroups.com] Im Auftrag von Matthew Nicholson > Gesendet: Donnerstag, 15. Dezember 2011 20:30 > An: puppet-users@googlegroups.com > Betreff: [Puppet Users] filtering exported resources... > > I''m currently searching around/reading up on exported resources, but > figured I''d ping the list to see if someone had a quick answer. > > I''m collecting and exporting ssh keys, basically like the example in > ProPuppet and in the wiki etc. I was collecting both rsa and dsa keys, > and exporting all keys. > > I''ve stopped collecting dsa keys, we don''t care about those, and are > looking to cut our run times down (about 1750 hosts). However, I''m > assuming that a new node brought online will still get all the dsa keys > since they have already been collected, right? > > Can I do something like: > > class ssh::knownhosts { > Sshkey <<| type= ''rsa'' |>> {ensure => present} > } > > to only hand out the rsa ssh keys? > > > -- > Matthew Nicholson > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet- > users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 11-12-15 02:29 PM, Matthew Nicholson wrote:> I''ve stopped collecting dsa keys, we don''t care about those, and are > looking to cut our run times down (about 1750 hosts). However, I''m > assuming that a new node brought online will still get all the dsa > keys since they have already been collected, right?Actually, resources live for as long as they are being exported by nodes. If puppet runs and doesn''t "re-export" a resource, it is cleaned out of the storedconfigs database. So, assuming that all of your clients run periodically without errors, now that you removed RSA key exporting, the RSA keys should get cleaned out of the database after all clients have run puppet. The key files that were already installed won''t get removed from servers, though. For that, you''d have to export resources for the RSA keys by forcing "ensure => absent" on them.> Can I do something like: > > class ssh::knownhosts { > Sshkey <<| type= ''rsa'' |>> {ensure => present} > }this should surely work, yes. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.