So, I''m sure this has been covered somewhere, but I can''t seem to find it. Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to be able to get rid of entries for hosts that are no longer present without actually having to write out a node declaration for each one. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Monday, July 23, 2012 1:10:10 PM UTC-5, Trevor Vaughan wrote:> > So, I''m sure this has been covered somewhere, but I can''t seem to find it. > > Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to > be able to get rid of entries for hosts that are no longer present > without actually having to write out a node declaration for each one. >Almost any resource type that has an ''ensure'' parameter can be purged via a ''resources'' meta-resource. I think it should be possible to purge Sshkey resources that way, but I cannot actually confirm so. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bVYmCq6ay8QJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I attempted to set it and it wasn''t very happy but your assessment is what I had thought as well. Thanks, Trevor On Tue, Jul 24, 2012 at 8:46 AM, jcbollinger <John.Bollinger@stjude.org> wrote:> > > On Monday, July 23, 2012 1:10:10 PM UTC-5, Trevor Vaughan wrote: >> >> So, I''m sure this has been covered somewhere, but I can''t seem to find it. >> >> Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to >> be able to get rid of entries for hosts that are no longer present >> without actually having to write out a node declaration for each one. > > > Almost any resource type that has an ''ensure'' parameter can be purged via a > ''resources'' meta-resource. I think it should be possible to purge Sshkey > resources that way, but I cannot actually confirm so. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/bVYmCq6ay8QJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mon, Jul 23, 2012 at 11:10 AM, Trevor Vaughan <tvaughan@onyxpoint.com> wrote:> So, I''m sure this has been covered somewhere, but I can''t seem to find it. > > Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to > be able to get rid of entries for hosts that are no longer present > without actually having to write out a node declaration for each one.Purge isn''t supported for providers based on parsed file that edit more than one target file. So purge works for host/cron, but not sshkey/yum. To support purging, I''ve used a custom define resource based on concat files (which have other pro/cons). Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tue, 24 Jul 2012 09:39:30 -0400 Trevor Vaughan <tvaughan@onyxpoint.com> wrote:> I attempted to set it and it wasn't very happy but your assessment is > what I had thought as well.Yup. (Still) Unsupported, unfortunately... See http://projects.puppetlabs.com/issues/1581 Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██████████████ Mail/XMPP: matthias@saou.eu ████ ██████ ████ ██████████████████████ GPG: 4096R/E755CC63 ██ ██████████████ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 ████ ████ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
That''s a different type, but same difference. I was looking at sshkey not ssh_authorized_key but it is the exact same problem. Thanks! Trevor On Tue, Jul 24, 2012 at 10:57 AM, Matthias Saou <matthias@saou.eu> wrote:> On Tue, 24 Jul 2012 09:39:30 -0400 > Trevor Vaughan <tvaughan@onyxpoint.com> wrote: > >> I attempted to set it and it wasn''t very happy but your assessment is >> what I had thought as well. > > Yup. (Still) Unsupported, unfortunately... > > See http://projects.puppetlabs.com/issues/1581 > > Matthias > > -- > Matthias Saou ██ ██ > ██ ██ > Web: http://matthias.saou.eu/ ██████████████ > Mail/XMPP: matthias@saou.eu ████ ██████ ████ > ██████████████████████ > GPG: 4096R/E755CC63 ██ ██████████████ ██ > 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ > 21A9 7A51 7B82 E755 CC63 ████ ████ > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tuesday, July 24, 2012 9:47:25 AM UTC-5, Nan Liu wrote:> > On Mon, Jul 23, 2012 at 11:10 AM, Trevor Vaughan <tvaughan@onyxpoint.com> > wrote: > > So, I''m sure this has been covered somewhere, but I can''t seem to find > it. > > > > Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to > > be able to get rid of entries for hosts that are no longer present > > without actually having to write out a node declaration for each one. > > Purge isn''t supported for providers based on parsed file that edit > more than one target file. So purge works for host/cron, but not > sshkey/yum. To support purging, I''ve used a custom define resource > based on concat files (which have other pro/cons). >We''re talking about Sshkey, not Ssh_authorized_key. As far as I know, the former ought to be managing only one file (/etc/ssh/ssh_known_hosts for most systems). Is there some reason why that type would be managing more than one file? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8xETw7IHQA8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tue, Jul 24, 2012 at 3:05 PM, jcbollinger <John.Bollinger@stjude.org> wrote:> > > On Tuesday, July 24, 2012 9:47:25 AM UTC-5, Nan Liu wrote: >> >> On Mon, Jul 23, 2012 at 11:10 AM, Trevor Vaughan <tvaughan@onyxpoint.com> >> wrote: >> > So, I''m sure this has been covered somewhere, but I can''t seem to find >> > it. >> > >> > Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to >> > be able to get rid of entries for hosts that are no longer present >> > without actually having to write out a node declaration for each one. >> >> Purge isn''t supported for providers based on parsed file that edit >> more than one target file. So purge works for host/cron, but not >> sshkey/yum. To support purging, I''ve used a custom define resource >> based on concat files (which have other pro/cons). > > > We''re talking about Sshkey, not Ssh_authorized_key. As far as I know, the > former ought to be managing only one file (/etc/ssh/ssh_known_hosts for most > systems). Is there some reason why that type would be managing more than > one file?Sorry for the mix up. It''s purging the default target files: resources { ''sshkey'': purge => true, } $ puppet apply /tmp/sshkey.pp notice: /Sshkey[192.168.232.128]/ensure: removed notice: /Sshkey[192.168.101.131]/ensure: removed notice: /Sshkey[ec2-23-22-74-239.compute-1.amazonaws.com]/ensure: removed notice: /Sshkey[192.168.232.143]/ensure: removed notice: Finished catalog run in 0.06 seconds $ cat /etc/ssh/ssh_known_hosts # HEADER: This file was autogenerated at Tue Jul 10 17:29:06 -0500 2012 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. On mac it''s default to /etc/ssh_known_hosts, and both seems to work. Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
d''oh! Syntax failure on my part it seems. However, you can point sshkey to different files, so that could be my issue. If you actually specify a target file for your sshkey instances, does it still work? Trevor On Tue, Jul 24, 2012 at 6:21 PM, Nan Liu <nan@puppetlabs.com> wrote:> On Tue, Jul 24, 2012 at 3:05 PM, jcbollinger <John.Bollinger@stjude.org> wrote: >> >> >> On Tuesday, July 24, 2012 9:47:25 AM UTC-5, Nan Liu wrote: >>> >>> On Mon, Jul 23, 2012 at 11:10 AM, Trevor Vaughan <tvaughan@onyxpoint.com> >>> wrote: >>> > So, I''m sure this has been covered somewhere, but I can''t seem to find >>> > it. >>> > >>> > Is there no ''purge'' ability on the ''sshkey'' type? It would be nice to >>> > be able to get rid of entries for hosts that are no longer present >>> > without actually having to write out a node declaration for each one. >>> >>> Purge isn''t supported for providers based on parsed file that edit >>> more than one target file. So purge works for host/cron, but not >>> sshkey/yum. To support purging, I''ve used a custom define resource >>> based on concat files (which have other pro/cons). >> >> >> We''re talking about Sshkey, not Ssh_authorized_key. As far as I know, the >> former ought to be managing only one file (/etc/ssh/ssh_known_hosts for most >> systems). Is there some reason why that type would be managing more than >> one file? > > Sorry for the mix up. It''s purging the default target files: > > resources { ''sshkey'': > purge => true, > } > > $ puppet apply /tmp/sshkey.pp > > notice: /Sshkey[192.168.232.128]/ensure: removed > notice: /Sshkey[192.168.101.131]/ensure: removed > notice: /Sshkey[ec2-23-22-74-239.compute-1.amazonaws.com]/ensure: removed > notice: /Sshkey[192.168.232.143]/ensure: removed > notice: Finished catalog run in 0.06 seconds > > $ cat /etc/ssh/ssh_known_hosts > # HEADER: This file was autogenerated at Tue Jul 10 17:29:06 -0500 2012 > # HEADER: by puppet. While it can still be managed manually, it > # HEADER: is definitely not recommended. > > On mac it''s default to /etc/ssh_known_hosts, and both seems to work. > > Nan > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tue, Jul 24, 2012 at 5:09 PM, Trevor Vaughan <tvaughan@onyxpoint.com> wrote:> d''oh! > > Syntax failure on my part it seems. > > However, you can point sshkey to different files, so that could be my issue. > > If you actually specify a target file for your sshkey instances, does > it still work?No, back to parsedfile flaws with more than one target file =(. Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Ok, that verifies what I was seeing then. Ah well. Thanks! Trevor On Tue, Jul 24, 2012 at 8:15 PM, Nan Liu <nan@puppetlabs.com> wrote:> On Tue, Jul 24, 2012 at 5:09 PM, Trevor Vaughan <tvaughan@onyxpoint.com> wrote: >> d''oh! >> >> Syntax failure on my part it seems. >> >> However, you can point sshkey to different files, so that could be my issue. >> >> If you actually specify a target file for your sshkey instances, does >> it still work? > > No, back to parsedfile flaws with more than one target file =(. > > Nan > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.