Re: [Puppet Users] how to add same ssh_key to two diff accounts
On 05/11/2011 05:36 PM, Arnau Bria wrote:
If you're keen to get it anyway, you may want to open a ticket.
I think I've already asked here... but I have an example where that
feature is really interesting: we have some user pool, aout 1000
users, and I'd like to distrbute one key to all those users. Why the
trivial workaround, I could do it, but with 1000 lines :-)
That's just not true.
You surely have some defined type for your users, no? Such as
my_user($fullname) {
user { $name: fullname = $fullname, ... }
...
}
You just add the key to that
my_user($fullname) {
user { $name: fullname = $fullname, ... }
ssh_authorized_key { key-for-$name:
user = $name,
key = AAznbwet...,
...
}
}
That's what I meant - the workaround is really *that* trivial.
I'm quite sure you'll have a hard time finding a use case that really
requires the authorized key resource to be effective for multiple target
users.
Regards,
Felix
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Thu, 12 May 2011 09:59:21 +0200
Felix Frank wrote:
On 05/11/2011 05:36 PM, Arnau Bria wrote:
If you're keen to get it anyway, you may want to open a ticket.
I think I've already asked here... but I have an example where that
feature is really interesting: we have some user pool, aout 1000
users, and I'd like to distrbute one key to all those users. Why the
trivial workaround, I could do it, but with 1000 lines :-)
That's just not true.
You surely have some defined type for your users, no? Such as
Nop, we use an other software for creating those users.
So, I must redefine each key for each user, and then my problem
appears.
[...]
my_user($fullname) {
user { $name: fullname = $fullname, ... }
ssh_authorized_key { key-for-$name:
user = $name,
key = AAznbwet...,
...
}
}
That's what I meant - the workaround is really *that* trivial.
I'm quite sure you'll have a hard time finding a use case that really
requires the authorized key resource to be effective for multiple
target users.
From your example I think I can play with a false define for something
else trivial and add my key there
Regards,
Felix
Cheers,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Wed, May 11, 2011 at 05:36:26PM +0200, Arnau Bria wrote:
I think I've already asked here... but I have an example where that
feature is really interesting: we have some user pool, aout 1000
users, and I'd like to distrbute one key to all those users. Why the
trivial workaround, I could do it, but with 1000 lines :-)
so, I'll open a ticket and pray for developers finding it interesting
too.
One key for more than one user (e.g. an array for users) is really hard
to implement the right way:
When puppet parses the keyfiles of different users, puppet just creates
one pool of keys. Puppet identifies a key by its name (=comment) NOT by
the target. So one key has be unique across all your keyfiles. That
means puppet can also move one entry from one file to another:
Simple test with the host type:
puppet apply -v --noop -e 'host {localhost: target = /tmp/test }'
info: Applying configuration version '1305216426'
notice: /Stage[main]//Host[localhost]/target: is /etc/hosts, should be
/tmp/test (noop)
Because one key has to have a unique name, one could argue that puppet
should allow an array as a value for target (or user). But that just
raises other issues: Imagine you have the following:
ssh_authorized_key { 'testkey':
ensure = present,
key= 'A',
user = ['userA', 'userB' ]
}
What should puppet report when in userA's keyfile the keyproperty is out
of sync (let's say key = 'X') while the key in userB's keyfile is
correct?
maybe something like
Ssh_authorized_key[testkey]/key: is 'X', should be 'A' but only for
'userA' because for 'userB' key is correctly set to 'A'
So in my opinion the biggest problem with managing a resource for a
whole bunch of users at the same time is the problem that you now have
more than one is-value.
-Stefan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Tue, 10 May 2011 12:48:21 +0200 Felix Frank wrote: Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) :-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. I think I've already asked here... but I have an example where that feature is really interesting: we have some user pool, aout 1000 users, and I'd like to distrbute one key to all those users. Why the trivial workaround, I could do it, but with 1000 lines :-) so, I'll open a ticket and pray for developers finding it interesting too. Regards, Felix Many thanks for your reply, Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to add same ssh_key to two diff accounts
Hi all, I'm trying to add same ssh key to two diff accounts and I'm getting an error. My code: 'key_1' name= 'arnau@my_pc.domain', user= 'user1', key = rsa_key; 'key_2': name= 'arnau@my_pc.domain', user= 'user2', key = rsa_key; On the client the error is: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Ssh_authorized_key[key_1] to [arnau@my_pc.domain]; resource [Ssh_authorized_key, [arnau@my_pc.domain]] already exists at /etc/puppet/manifests/services/common/modules/common_si/manifests/init.pp:165 on node X.pic.es Is there something wrong in my code? Am I trying to do something not supported? Anyone faced this before? how did you solve it? TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
Hi, On 05/10/2011 12:21 PM, Arnau Bria wrote: Hi all, I'm trying to add same ssh key to two diff accounts and I'm getting an error. My code: 'key_1' name= 'arnau@my_pc.domain', user= 'user1', key = rsa_key; 'key_2': name= 'arnau@my_pc.domain', user= 'user2', key = rsa_key; On the client the error is: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Ssh_authorized_key[key_1] to [arnau@my_pc.domain]; resource [Ssh_authorized_key, [arnau@my_pc.domain]] already exists at /etc/puppet/manifests/services/common/modules/common_si/manifests/init.pp:165 on node X.pic.es Is there something wrong in my code? yes, you're declaring the same resource twice. Am I trying to do something not supported? Yes. Anyone faced this before? how did you solve it? I helped someone with a similar issue here before. Just rename on of the keys. The name of a public key is really quite arbitrary and SSH doesn't use it for anything important (that I am aware of). Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Just rename on of the keys. The name of a public key is really quite arbitrary and SSH doesn't use it for anything important (that I am aware of). thanks, that worked perfectly! Cheers, Felix Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
On 05/10/2011 12:38 PM, Arnau Bria wrote: On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to add same ssh_key to two diff accounts
you could also define the key as virtual resource and realize it on different occasions (hosts). 2011/5/10 Felix Frank felix.fr...@alumni.tu-berlin.de On 05/10/2011 12:38 PM, Arnau Bria wrote: On Tue, 10 May 2011 12:26:06 +0200 Felix Frank wrote: Hi, Hi Felix, Am I trying to do something not supported? Yes. Do you know if this is going to be supportted in future? Redeclaration of the same resource is not going to work ;-) As for the distribution of one authorized_key to multiple user accounts...I'm not sure that it's as useful as it sounds, given the trivial workaround. If you're keen to get it anyway, you may want to open a ticket. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
