On Wed, May 11, 2011 at 05:36:26PM +0200, Arnau Bria wrote: > I think I've already asked here... but I have an example where that > feature is really interesting: we have some user pool, aout 1000 > users, and I'd like to distrbute one key to all those users. Why the > trivial workaround, I could do it, but with 1000 lines :-) > > so, I'll open a ticket and pray for developers finding it interesting > too. >
One key for more than one user (e.g. an array for users) is really hard to implement the right way: When puppet parses the keyfiles of different users, puppet just creates one pool of keys. Puppet identifies a key by its name (=comment) NOT by the target. So one key has be unique across all your keyfiles. That means puppet can also move one entry from one file to another: Simple test with the host type: puppet apply -v --noop -e 'host {localhost: target => "/tmp/test" }' info: Applying configuration version '1305216426' notice: /Stage[main]//Host[localhost]/target: is /etc/hosts, should be /tmp/test (noop) Because one key has to have a unique name, one could argue that puppet should allow an array as a value for target (or user). But that just raises other issues: Imagine you have the following: ssh_authorized_key { 'testkey': ensure => present, key => 'A', user => ['userA', 'userB' ] } What should puppet report when in userA's keyfile the keyproperty is out of sync (let's say key => 'X') while the key in userB's keyfile is correct? maybe something like Ssh_authorized_key[testkey]/key: is 'X', should be 'A' but only for 'userA' because for 'userB' key is correctly set to 'A' So in my opinion the biggest problem with managing a resource for a whole bunch of users at the same time is the problem that you now have more than one is-value. -Stefan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.