开发者

How do I create ssh_authorized_key resources in a puppet provider? (do I force a flush?)

问答 作者:

Full code is at https://gist.github.com/c9815c1b19a36ed07ca5

In nodes.pp I have

node 'random.brighterplanet.com' {
  $deploy_user = 'www-data'
  include secured_by_authorized_keys
  include logs_in_as_deploy
}

In modules/logs_in_as_deploy/manifests/logs_in_as_deploy.pp I have

class logs_in_as_deploy {
  access_via_authorized_key { $deploy_user:
    ensure => present
  }
}

In modules/secured_by_authorized_keys/lib/puppet/provider/authorized_keys.rb I have

# [...]
def to_ssh_authorized_key(name, ensure_status)
  k = Puppet::Type.type(:ssh_authorized_key).new :name => id(name), :ensure => ensure_status, :key => public_key, :type => 'ssh-rsa', :user => name
  k.provider.create
  k
end
# [...]
Puppet::Type.type(:access_via_authorized_key).provide(:authorized_keys) do
# [...]
  def create
    ks = AuthorizedParty.all.map do |authorized_party|
      authorized_party.to_ssh_authorized_key resource[:name], :present
    end
  end
# [...]

I see

# puppet --debug  /etc/puppet/manifests/site.pp 
[...]
notice: /Stage[main]/Logs_in_as_deploy/Access_via_authorized_key[www-data]/ensure: created
debug: Finishing transaction -611364608
debug: Storing state
debug: Stored state in 0.01 seconds
notice: Finished catalog run in 2221.41 seconds

But nothing is written to the authorized_keys file. I think I either have to

  • add the built-in ssh_authorized_key resource to the node catalog somehow
  • call flu开发者_JS百科sh on it somehow

What am I doing wrong?

I commented on your gist.

I believe this custom type code is quite a bit too optimistic about employing the native ssh_authorized_key type. Hardcoding resources into the type code and ignoring the catalog contents is borderline abusive.

It would be prudent to implement this in a manifest instead

$keys = { 'rimuhosting' => { 'id' => ... }, ... }

define my_authorized_key($ensure = present) {
  $data = $keys[$title]
  $key_name = $data['email'] + "-" + $data['public_key_version'] + "-" + $data['user']
  ssh_authorized_key {
    "$key_name":
      ensure => $ensure,
      type => 'ssh-rsa',
      ...
  }
}

And since all-or-nothing seems to be the goal

class authorized_keys($ensure = present) {
  $names = keys($keys)   # <- function from puppetlabs-stdlib module
  my_authorized_key { $names: ensure => $ensure }
}

Parameterized classes can be fugly to use, if you want to go this route, I highly recommend to combine it with Hiera.

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9