Puppet users - Sep 2012 - ssh keys - registering multiple keys onto a same remote account

hi admin,

This is the scenario that i am working on. I have a list of keys that need 
to be registered against one remote account.

e.g.

key1=[ ''XXXXXXXX'', ''YYYYY'',
''ZZZZZZZ'']

this is my ssh_authorized_keys code

ssh_authorized_key { "user1":
                name => "user1@$fqdn",
                ensure => present,
                type => ssh-rsa,
                key => $key1,
                user => user1,
        }

can i put to $key1 in? how can i do it? please advise.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/VfCGph6WY64J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Hiu,
 
> key1=[ ''XXXXXXXX'', ''YYYYY'',
''ZZZZZZZ'']
>
... 
>                 key => $key1,
>
 
http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey does 
not suggest that the provider would support an array for key.

I suggest doing something like:

$user = ''user''

ssh_authorized_key {
  "${user}-key1":
    type => ''ssh-rsa'',
    user => $user,
    key => $key1;
  "${user}-key2":
    type => ''ssh-rsa'',
    user => $user,
    key => $key2;
...
}

or even a define:

$user = ''user''
$keys = [$key1, $key2, ...]

define user_key() {
  ssh_authorized_key { "$user-$name'':
    type => ''ssh-rsa'',
    user => $user,
    key => $name,
  }
}

user_key { $keys: }

(My puppet code may well contain errors, but should give you the idea)

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/fbmfqVIH4FYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

hi Paul,


I am pretty to code the puppet codes. I try the options that you suggested 
about creating the define type. But, I am still stuck in the middle.

Here is my code.
$pub_keys=[''XXXXXX'', ''YYYYY'',
''ZZZZZZ'' ]

define add_authkeys (user="hiu", key) {
        ssh_authorized_key { "$hiu":
                name => "hiu@$fqdn",
                ensure => present,
                type => ssh-rsa,
                key => $key,
                user => $user,
        }
}


class base::config_authorized_keys {
        add_authkeys { "hiu@$fqdn":
                 key => $pub_keys,
        }
}


the result is something that unexpected. my authorized keys are something 
like this:

ssh-rsa XXXXYYYYYYYYZZZZZZZZZ

instead of 

ssh-rsa XXXXXXXX
ssh-rsa YYYYYY
ssh-rsa ZZZZZZZ


can you please advise? thank you.



On Thursday, 20 September 2012 17:01:49 UTC+8, Paul Tötterman
wrote:
>
> Hi Hiu,
>  
>
>> key1=[ ''XXXXXXXX'', ''YYYYY'',
''ZZZZZZZ'']
>>
> ... 
>
>>                 key => $key1,
>>
>  
> http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey
does
> not suggest that the provider would support an array for key.
>
> I suggest doing something like:
>
> $user = ''user''
>
> ssh_authorized_key {
>   "${user}-key1":
>     type => ''ssh-rsa'',
>     user => $user,
>     key => $key1;
>   "${user}-key2":
>     type => ''ssh-rsa'',
>     user => $user,
>     key => $key2;
> ...
> }
>
> or even a define:
>
> $user = ''user''
> $keys = [$key1, $key2, ...]
>
> define user_key() {
>   ssh_authorized_key { "$user-$name'':
>     type => ''ssh-rsa'',
>     user => $user,
>     key => $name,
>   }
> }
>
> user_key { $keys: }
>
> (My puppet code may well contain errors, but should give you the idea)
>
> Cheers,
> Paul
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/rI5fzWAqJt0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Sep 20, 2012 at 07:34:44PM -0700, Hiu wrote:
> hi Paul,
> 
> 
> I am pretty to code the puppet codes. I try the options that you suggested 
> about creating the define type. But, I am still stuck in the middle.
> 
> Here is my code.
> $pub_keys=[''XXXXXX'', ''YYYYY'',
''ZZZZZZ'' ]
> 
> define add_authkeys (user="hiu", key) {
>         ssh_authorized_key { "$hiu":
>                 name => "hiu@$fqdn",
>                 ensure => present,
>                 type => ssh-rsa,
>                 key => $key,
>                 user => $user,
>         }
> }
> 
> 
> class base::config_authorized_keys {
>         add_authkeys { "hiu@$fqdn":
>                  key => $pub_keys,
>         }
> }
> 
> 
> the result is something that unexpected. my authorized keys are something 
> like this:
> 
> ssh-rsa XXXXYYYYYYYYZZZZZZZZZ
> 
> instead of 
> 
> ssh-rsa XXXXXXXX
> ssh-rsa YYYYYY
> ssh-rsa ZZZZZZZ
> 
> 
> can you please advise? thank you.
> 
The idea is to pass an array as a resource title. e.g.

    file { [''/foo'', ''/bar'' ]: ensure =>
directory}

is the same as decalaring

    file { ''/foo'': ensure => directory}
    file { ''/bar'': ensure => directory}

You can now define a resource that takes a *key* as a title. This way
passing an array of keys multiple resources are created. The title is
available as $name. $user has to be passed as a parameter.

    define pubkey{$user) {
      ssh_authorized_key { "${user}@fqdn-${name}":
        ensure => present,
        key    => $name,
        user   => $user,
        type   => rsa,
      }
    }

Now in your base class:

    class base::config_authorized_keys {
      $keys = [ "aaa", "bbb" ]
      pubkey { $keys:
        user => ''hiu'',
      }
    }

Again, this is the same as declaring

    pubkey { "aaa": user => hiu }
    pubkey { "bbb": user => hiu }

-Stefan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.