FAQ
Hi all,

How to refresh ssh/authorized_keys file content ?

I'm trying massive loading keys. I need refresh authorized_keys file
content.

I try delete file before call ssh_authorized_key :

exec { "del_${user_local}_authorized_keys":
command => "rm /home/$user_local/.ssh/
authorized_keys ; touch /home/$user_local/.ssh/authorized_keys ; chown
$user_local:$user_local /home/$user_local/.ssh/authorized_keys",
path => '/bin:/usr/bin',
}

First run only delete file and in the second one I got desired
result.

I think is possible create content file using template but before
leave ssh_authorized_key resource type way I want to know any other
chance.


Regards,
Eduardo.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Felix Frank at Jun 13, 2012 at 7:34 am
    Hi,
    On 06/12/2012 07:39 PM, eduardo wrote:
    Hi all,

    How to refresh ssh/authorized_keys file content ?

    I'm trying massive loading keys. I need refresh authorized_keys file
    content.

    I try delete file before call ssh_authorized_key :
    please don't. This is *not* how you are supposed to interact with
    authorized keys.

    Either use the ssh_autherized_key type *or* fiddle with the file, but
    don't mix them.
    exec { "del_${user_local}_authorized_keys":
    command => "rm /home/$user_local/.ssh/
    authorized_keys ; touch /home/$user_local/.ssh/authorized_keys ; chown
    $user_local:$user_local /home/$user_local/.ssh/authorized_keys",
    path => '/bin:/usr/bin',
    }

    First run only delete file and in the second one I got desired
    result.

    I think is possible create content file using template but before
    leave ssh_authorized_key resource type way I want to know any other
    chance.
    A template would work.

    You can also try simply pruning all unmanaged keys, so puppet will clear
    all unwanted stuff out. Take note that this will affect keys of *all*
    users (I believe), so you have to manage all keys on the system in question.

    resources { "ssh_authorized_key": purge => true }

    HTH,
    Felix

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Eduardo at Jun 13, 2012 at 5:02 pm
    Thanks you felix for answer me. I owe you another one.

    The bad news I tried resources { "ssh_authorized_key": purge =>
    true } but don't result.

    The good one is templates are great for it.


    I appreciate your help,
    Bests regards,
    eduardo.

    On 13 jun, 03:34, Felix Frank wrote:
    Hi,
    On 06/12/2012 07:39 PM, eduardo wrote:

    Hi all,
    How to refresh ssh/authorized_keys file content ?
    I'm trying massive loading keys. I need refresh authorized_keys file
    content.
    I try delete file before call ssh_authorized_key :
    please don't. This is *not* how you are supposed to interact with
    authorized keys.

    Either use the ssh_autherized_key type *or* fiddle with the file, but
    don't mix them.
    exec { "del_${user_local}_authorized_keys":
    command => "rm /home/$user_local/.ssh/
    authorized_keys ; touch /home/$user_local/.ssh/authorized_keys ; chown
    $user_local:$user_local /home/$user_local/.ssh/authorized_keys",
    path => '/bin:/usr/bin',
    }
    First run only delete file and in the second one I got desired
    result.
    I think is possible create content file using template but before
    leave ssh_authorized_key resource type way I want to know any other
    chance.
    A template would work.

    You can also try simply pruning all unmanaged keys, so puppet will clear
    all unwanted stuff out. Take note that this will affect keys of *all*
    users (I believe), so you have to manage all keys on the system in question.

    resources { "ssh_authorized_key": purge => true }

    HTH,
    Felix
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Eduardo at Jun 15, 2012 at 1:21 pm
    Having advised :
    'it is highly recommended to migrate work from exec to native
    Puppet types as quickly as possible.'

    Is there any chance to purge keys ?

    Do nothing writing resources { "ssh_authorized_key": purge => true }
    in my init.pp module.

    Regards,
    eduardo.

    On 13 jun, 13:02, eduardo wrote:
    Thanks you felix for answer me. I owe you another one.

    The bad news I tried resources { "ssh_authorized_key": purge =>
    true } but don't result.

    The good one is templates are great for it.

    I appreciate your help,
    Bests regards,
    eduardo.

    On 13 jun, 03:34, Felix Frank wrote:






    Hi,
    On 06/12/2012 07:39 PM, eduardo wrote:

    Hi all,
    How to refresh ssh/authorized_keys file content ?
    I'm trying massive loading keys. I need refresh authorized_keys file
    content.
    I try delete file before call ssh_authorized_key :
    please don't. This is *not* how you are supposed to interact with
    authorized keys.
    Either use the ssh_autherized_key type *or* fiddle with the file, but
    don't mix them.
    exec { "del_${user_local}_authorized_keys":
    command => "rm /home/$user_local/.ssh/
    authorized_keys ; touch /home/$user_local/.ssh/authorized_keys ; chown
    $user_local:$user_local /home/$user_local/.ssh/authorized_keys",
    path => '/bin:/usr/bin',
    }
    First run only delete file and in the second one I got desired
    result.
    I think is possible create content file using template but before
    leave ssh_authorized_key resource type way I want to know any other
    chance.
    A template would work.
    You can also try simply pruning all unmanaged keys, so puppet will clear
    all unwanted stuff out. Take note that this will affect keys of *all*
    users (I believe), so you have to manage all keys on the system in question.
    resources { "ssh_authorized_key": purge => true }
    HTH,
    Felix
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Brian Gallew at Jun 15, 2012 at 2:56 pm
    "ensure => absent" is the standard syntax for all Puppet types.
    On Fri, Jun 15, 2012 at 6:21 AM, eduardo wrote:

    Having advised :
    'it is highly recommended to migrate work from exec to native
    Puppet types as quickly as possible.'

    Is there any chance to purge keys ?

    Do nothing writing resources { "ssh_authorized_key": purge => true }
    in my init.pp module.

    Regards,
    eduardo.

    On 13 jun, 13:02, eduardo wrote:
    Thanks you felix for answer me. I owe you another one.

    The bad news I tried resources { "ssh_authorized_key": purge =>
    true } but don't result.

    The good one is templates are great for it.

    I appreciate your help,
    Bests regards,
    eduardo.

    On 13 jun, 03:34, Felix Frank wrote:






    Hi,
    On 06/12/2012 07:39 PM, eduardo wrote:

    Hi all,
    How to refresh ssh/authorized_keys file content ?
    I'm trying massive loading keys. I need refresh authorized_keys file
    content.
    I try delete file before call ssh_authorized_key :
    please don't. This is *not* how you are supposed to interact with
    authorized keys.
    Either use the ssh_autherized_key type *or* fiddle with the file, but
    don't mix them.
    exec { "del_${user_local}_authorized_keys":
    command => "rm /home/$user_local/.ssh/
    authorized_keys ; touch /home/$user_local/.ssh/authorized_keys ;
    chown
    $user_local:$user_local /home/$user_local/.ssh/authorized_keys",
    path => '/bin:/usr/bin',
    }
    First run only delete file and in the second one I got desired
    result.
    I think is possible create content file using template but before
    leave ssh_authorized_key resource type way I want to know any other
    chance.
    A template would work.
    You can also try simply pruning all unmanaged keys, so puppet will
    clear
    all unwanted stuff out. Take note that this will affect keys of *all*
    users (I believe), so you have to manage all keys on the system in
    question.
    resources { "ssh_authorized_key": purge => true }
    HTH,
    Felix
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Nan Liu at Jun 15, 2012 at 3:19 pm

    On Fri, Jun 15, 2012 at 6:21 AM, eduardo wrote:
    Having advised :
    'it is highly recommended to migrate work from exec to native
    Puppet types as quickly as possible.'

    Is there any chance to purge keys ?

    Do nothing writing resources { "ssh_authorized_key": purge => true }
    in my init.pp module.
    To support purging, the puppet type need to to be able to query all
    instances of the resource. In this case because ssh_authorized_keys
    can write to different file locations, it does not have the ability to
    detect all ssh keys that exists on the system and therefor it will not
    have the ability to purge. In some cases, this is a limitation of the
    provider which does not implement self.instances (for example this was
    the case for a long time for mysql database type), but in this case I
    don't believe it will ever support it.

    An easy way to see if a resource supports purging is simply via the
    puppet resource command. If puppet resource <type> can list all
    instance of that resources then it supports purging, otherwise it does
    not.

    # for example host supports purge
    $ puppet resource host
    host { 'ip6-allnodes':
    ensure => 'present',
    ip => 'ff02::1',
    target => '/etc/hosts',
    }
    ...

    # try this with ssh_authorized_key, and it returns nothing
    $ puppet resource ssh_authorized_key

    In this case, a file fragment pattern with puppet-concat will be
    suitable for managing a specific ssh key file with support for
    purging.

    Thanks,

    Nan

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Eduardo at Jun 15, 2012 at 4:57 pm
    Thanks you Nan, your answer is very clear about it.
    I'd got template way.

    Regards,
    eduardo.

    On 15 jun, 11:19, Nan Liu wrote:
    On Fri, Jun 15, 2012 at 6:21 AM, eduardo wrote:
    Having advised :
    'it is highly recommended to migrate work from exec to native
    Puppet types as quickly as possible.'
    Is there any chance to purge keys ?
    Do nothing writing resources { "ssh_authorized_key": purge => true }
    in my init.pp module.
    To support purging, the puppet type need to to be able to query all
    instances of the resource. In this case because ssh_authorized_keys
    can write to different file locations, it does not have the ability to
    detect all ssh keys that exists on the system and therefor it will not
    have the ability to purge. In some cases, this is a limitation of the
    provider which does not implement self.instances (for example this was
    the case for a long time for mysql database type), but in this case I
    don't believe it will ever support it.

    An easy way to see if a resource supports purging is simply via the
    puppet resource command. If puppet resource <type> can list all
    instance of that resources then it supports purging, otherwise it does
    not.

    # for example host supports purge
    $ puppet resource host
    host { 'ip6-allnodes':
    ensure => 'present',
    ip     => 'ff02::1',
    target => '/etc/hosts',}

    ...

    # try this with ssh_authorized_key, and it returns nothing
    $ puppet resource ssh_authorized_key

    In this case, a file fragment pattern with puppet-concat will be
    suitable for managing a specific ssh key file with support for
    purging.

    Thanks,

    Nan
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jo Rhett at Jun 16, 2012 at 12:43 am

    On Jun 15, 2012, at 8:19 AM, Nan Liu wrote:
    To support purging, the puppet type need to to be able to query all
    instances of the resource. In this case because ssh_authorized_keys
    can write to different file locations, it does not have the ability to
    detect all ssh keys that exists on the system and therefor it will not
    have the ability to purge. In some cases, this is a limitation of the
    provider which does not implement self.instances (for example this was
    the case for a long time for mysql database type), but in this case I
    don't believe it will ever support it.
    Nan, this should be easy to do. Yes, there is a forest of authorized key files on the host, for any given authorized_keys file you have a known list of what keys should be there. I know for a fact it knows about the other keys in the file, since it sometimes logs very weird error messages about them if the key's comment matches another user's name.
    http://projects.puppetlabs.com/issues/14809#change-64568

    Since it reads in the authorized_keys file, and knows about the other keys, it should be trivial to allow a purge=>true which removes any key not defined in the manifest.

    --
    Jo Rhett
    Net Consonance : net philanthropy to improve open source and internet projects.



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • David Schmitt at Jun 18, 2012 at 8:44 am

    On 16.06.2012 02:42, Jo Rhett wrote:
    On Jun 15, 2012, at 8:19 AM, Nan Liu wrote:
    To support purging, the puppet type need to to be able to query all
    instances of the resource. In this case because ssh_authorized_keys
    can write to different file locations, it does not have the ability to
    detect all ssh keys that exists on the system and therefor it will not
    have the ability to purge. In some cases, this is a limitation of the
    provider which does not implement self.instances (for example this was
    the case for a long time for mysql database type), but in this case I
    don't believe it will ever support it.
    Nan, this should be easy to do. Yes, there is a forest of authorized key
    files on the host, for any given authorized_keys file you have a known
    list of what keys should be there. I know for a fact it knows about the
    other keys in the file, since it sometimes logs very weird error
    messages about them if the key's comment matches another user's name.
    http://projects.puppetlabs.com/issues/14809#change-64568

    Since it reads in the authorized_keys file, and knows about the other
    keys, it should be trivial to allow a purge=>true which removes any key
    not defined in the manifest.
    There's an issue for that:

    http://projects.puppetlabs.com/issues/1581



    Best Regards, David

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 12, '12 at 5:39p
activeJun 18, '12 at 8:44a
posts9
users6
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase