Dan White
2013-Jul-12 18:06 UTC
[Puppet Users] ssh_authorized_key - does not show up in "puppet resource"
I am getting into managing user accounts with Puppet - and having a blast !
I stumbled on this and wanted to ask:
If I type : I get:
puppet resource user The expected puppet list of all the logins.
puppet resource file Error: Could not run: Listing all file
instances is not supported.
Please specify a file or directory, e.g.
puppet resource file /etc
puppet resource file /etc/passwd A puppet resource as I would expect
HOWEVER !
If I type "puppet resource ssh_authorized_key" I get nothing. No
error, no output. Bupkis !
I even tried the model of the file resource and tried:
puppet resource ssh_authorized_key <name of a resource I defined and
realized>
...and still got nothing.
Is this expected behavior or what ?
“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Stefan Schulte
2013-Jul-12 18:33 UTC
Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource"
On 12.07.2013 20:06, Dan White wrote:> I am getting into managing user accounts with Puppet - and having a blast ! > > I stumbled on this and wanted to ask: > > If I type : I get: > puppet resource user The expected puppet list of all the logins. > puppet resource file Error: Could not run: Listing all file instances is not supported. > Please specify a file or directory, e.g. puppet resource file /etc > puppet resource file /etc/passwd A puppet resource as I would expect > > HOWEVER ! > If I type "puppet resource ssh_authorized_key" I get nothing. No error, no output. Bupkis ! > > I even tried the model of the file resource and tried: > puppet resource ssh_authorized_key <name of a resource I defined and realized> > ...and still got nothing. > > Is this expected behavior or what ?`puppet resource` does only work for a limited set of resource types: a) there is such a thing as a list of resources (e.g. it does not work for the exec resource type because you can execute endless combinations of commands) b) the list can be generate without any additional information The first one is obvious I guess. The second one is more important here: If I ask puppet about users, puppet can get a list pretty easily (in the end it is like running `getent passwd` on the commandline). If you ask for a list of ssh keys: How should puppet know where to look for ssh keys? -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Dan White
2013-Jul-12 19:45 UTC
Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource"
Great answer.. On the second point -- how to generate an answer -- in /etc/ssh/sshd_config is a paramer named AuthorizedKeysFile which defaults to ~/.ssh/ authorized_keys That is a starting point ! Thanks for responding. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) ----- Original Message ----- From: "Stefan Schulte" <stefan.schulte@taunusstein.net> To: puppet-users@googlegroups.com Sent: Friday, July 12, 2013 2:33:28 PM Subject: Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource" On 12.07.2013 20:06, Dan White wrote:> I am getting into managing user accounts with Puppet - and having a blast ! > > I stumbled on this and wanted to ask: > > If I type : I get: > puppet resource user The expected puppet list of all the logins. > puppet resource file Error: Could not run: Listing all file instances is not supported. > Please specify a file or directory, e.g. puppet resource file /etc > puppet resource file /etc/passwd A puppet resource as I would expect > > HOWEVER ! > If I type "puppet resource ssh_authorized_key" I get nothing. No error, no output. Bupkis ! > > I even tried the model of the file resource and tried: > puppet resource ssh_authorized_key <name of a resource I defined and realized> > ...and still got nothing. > > Is this expected behavior or what ?`puppet resource` does only work for a limited set of resource types: a) there is such a thing as a list of resources (e.g. it does not work for the exec resource type because you can execute endless combinations of commands) b) the list can be generate without any additional information The first one is obvious I guess. The second one is more important here: If I ask puppet about users, puppet can get a list pretty easily (in the end it is like running `getent passwd` on the commandline). If you ask for a list of ssh keys: How should puppet know where to look for ssh keys? -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Stefan Schulte
2013-Jul-12 20:03 UTC
Re: [Puppet Users] ssh_authorized_key - does not show up in "puppet resource"
On 12.07.2013 21:45, Dan White wrote:> Great answer.. > > On the second point -- how to generate an answer -- in > /etc/ssh/sshd_config is a paramer named AuthorizedKeysFile which > defaults to > > ~/.ssh/authorized_keys > > That is a starting point ! >Yeah you''re probably right that you could - look at the operating system to guess the location of the sshd_config file (IIRC HP-UX has this file someplace under `/opt`) - lookup the AuthorizedKeysFile parameter and handle the fact when it is not explicitly defined - don''t take the path literally, e.g. search for `%h` or `%u`. If a placeholder was found, query all users/all homedirectories to generate an array of files Yep it is possible but I''m not sure there is a usecase worth the effort. -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.