On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger wrote:
>
>
>
> On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote:
>>
>> Hi,
>>
>> I'm new to Puppet. And I'm trying out an ssh module:
>> https://github.com/saz/puppet-ssh.
>> It collects ssh keys like this:
>>
>> class ssh::knownhosts {
>> Sshkey <<| |>> {
>> ensure => present,
>> }
>> notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
>> }
>>
>> I can see it echoes the host key of the host the puppet agent runs on.
>> But the /etc/ssh/ssh_known_hosts file isn't actually written - I can add an
>> sshkey resource "manually" in a manifest somewhere and then puppet does
>> write the file though.
>>
>> I reckon when compiling the catalog, Puppet doesn't actually use the
>> collected resource to include in another host's configuration. But why not?
>>
>
> The code you present collects all available exported resources of type
> 'sshkey', but it does not declare any such resources. If you're not
> managing your nodes' ssh host keys, then Puppet knows nothing about them.
> For this to work, therefore, in addition to the above your manifest should
> contain something like
>
> @@sshkey { "${hostname}":
> key => '<the-key>',
> type => '<probably-dsa-or-rsa>'
> }
>
>
> John
>
There is, in another class (and as I wrote, the collection sort of works
because I see the output of the 'notify{"knownhosts class: $fqdn $hostname
$ipaddress ":}' above):
class ssh::hostkeys {
@@sshkey { "${fqdn}_rsa":
host_aliases => [ "$fqdn", "$hostname", "$ipaddress" ],
type => rsa,
key => $sshrsakey,
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/TpECFT6hA5QJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
