Re: [Puppet Users] how to add same ssh_key to two diff accounts
On 05/11/2011 05:36 PM, Arnau Bria wrote: If you're keen to get it anyway, you may want to open a ticket. I think I've already asked here... but I have an example where that feature is really interesting: we have some user pool, aout 1000 users, and I'd like to distrbute one key to all those users. Why the trivial workaround, I could do it, but with 1000 lines :-) That's just not true. You surely have some defined type for your users, no? Such as my_user($fullname) { user { $name: fullname = $fullname, ... } ... } You just add the key to that my_user($fullname) { user { $name: fullname = $fullname, ... } ssh_authorized_key { key-for-$name: user = $name, key = AAznbwet..., ... } } That's what I meant - the workaround is really *that* trivial. I'm quite sure you'll have a hard time finding a use case that really requires the authorized key resource to be effective for multiple target users. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Thu, 12 May 2011 09:59:21 +0200 Felix Frank wrote: On 05/11/2011 05:36 PM, Arnau Bria wrote: If you're keen to get it anyway, you may want to open a ticket. I think I've already asked here... but I have an example where that feature is really interesting: we have some user pool, aout 1000 users, and I'd like to distrbute one key to all those users. Why the trivial workaround, I could do it, but with 1000 lines :-) That's just not true. You surely have some defined type for your users, no? Such as Nop, we use an other software for creating those users. So, I must redefine each key for each user, and then my problem appears. [...] my_user($fullname) { user { $name: fullname = $fullname, ... } ssh_authorized_key { key-for-$name: user = $name, key = AAznbwet..., ... } } That's what I meant - the workaround is really *that* trivial. I'm quite sure you'll have a hard time finding a use case that really requires the authorized key resource to be effective for multiple target users. From your example I think I can play with a false define for something else trivial and add my key there Regards, Felix Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Wed, May 11, 2011 at 05:36:26PM +0200, Arnau Bria wrote: I think I've already asked here... but I have an example where that feature is really interesting: we have some user pool, aout 1000 users, and I'd like to distrbute one key to all those users. Why the trivial workaround, I could do it, but with 1000 lines :-) so, I'll open a ticket and pray for developers finding it interesting too. One key for more than one user (e.g. an array for users) is really hard to implement the right way: When puppet parses the keyfiles of different users, puppet just creates one pool of keys. Puppet identifies a key by its name (=comment) NOT by the target. So one key has be unique across all your keyfiles. That means puppet can also move one entry from one file to another: Simple test with the host type: puppet apply -v --noop -e 'host {localhost: target = /tmp/test }' info: Applying configuration version '1305216426' notice: /Stage[main]//Host[localhost]/target: is /etc/hosts, should be /tmp/test (noop) Because one key has to have a unique name, one could argue that puppet should allow an array as a value for target (or user). But that just raises other issues: Imagine you have the following: ssh_authorized_key { 'testkey': ensure = present, key= 'A', user = ['userA', 'userB' ] } What should puppet report when in userA's keyfile the keyproperty is out of sync (let's say key = 'X') while the key in userB's keyfile is correct? maybe something like Ssh_authorized_key[testkey]/key: is 'X', should be 'A' but only for 'userA' because for 'userB' key is correctly set to 'A' So in my opinion the biggest problem with managing a resource for a whole bunch of users at the same time is the problem that you now have more than one is-value. -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Tue, 10 May 2011 12:48:21 +0200 Felix Frank wrote: Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) :-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. I think I've already asked here... but I have an example where that feature is really interesting: we have some user pool, aout 1000 users, and I'd like to distrbute one key to all those users. Why the trivial workaround, I could do it, but with 1000 lines :-) so, I'll open a ticket and pray for developers finding it interesting too. Regards, Felix Many thanks for your reply, Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to add same ssh_key to two diff accounts
Hi all, I'm trying to add same ssh key to two diff accounts and I'm getting an error. My code: 'key_1' name= 'arnau@my_pc.domain', user= 'user1', key = rsa_key; 'key_2': name= 'arnau@my_pc.domain', user= 'user2', key = rsa_key; On the client the error is: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Ssh_authorized_key[key_1] to [arnau@my_pc.domain]; resource [Ssh_authorized_key, [arnau@my_pc.domain]] already exists at /etc/puppet/manifests/services/common/modules/common_si/manifests/init.pp:165 on node X.pic.es Is there something wrong in my code? Am I trying to do something not supported? Anyone faced this before? how did you solve it? TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
Hi, On 05/10/2011 12:21 PM, Arnau Bria wrote: Hi all, I'm trying to add same ssh key to two diff accounts and I'm getting an error. My code: 'key_1' name= 'arnau@my_pc.domain', user= 'user1', key = rsa_key; 'key_2': name= 'arnau@my_pc.domain', user= 'user2', key = rsa_key; On the client the error is: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Ssh_authorized_key[key_1] to [arnau@my_pc.domain]; resource [Ssh_authorized_key, [arnau@my_pc.domain]] already exists at /etc/puppet/manifests/services/common/modules/common_si/manifests/init.pp:165 on node X.pic.es Is there something wrong in my code? yes, you're declaring the same resource twice. Am I trying to do something not supported? Yes. Anyone faced this before? how did you solve it? I helped someone with a similar issue here before. Just rename on of the keys. The name of a public key is really quite arbitrary and SSH doesn't use it for anything important (that I am aware of). Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Just rename on of the keys. The name of a public key is really quite arbitrary and SSH doesn't use it for anything important (that I am aware of). thanks, that worked perfectly! Cheers, Felix Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On 05/10/2011 12:38 PM, Arnau Bria wrote: On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
you could also define the key as virtual resource and realize it on different occasions (hosts). 2011/5/10 Felix Frank felix.fr...@alumni.tu-berlin.de On 05/10/2011 12:38 PM, Arnau Bria wrote: On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.