camptocamp/grundics accounts module

[Guy Matz]

Is anyone using camptocamp or grundic's accounts module?  I can't it working and am at my wit's end! 

my problem is with the ssh_authorized_key_title . . .  I'm getting the error:

Error 400 on SERVER: stack level too deep at /etc/puppet/modules/accounts/manifests/authorized_key.pp:35

But I think I have everything set up correctly:

In my modules/profiles/manifests/base.pp I have:

  class { 'accounts':

    groups                   => hiera_hash('accounts::groups', {}),

    ssh_keys                 => hiera_hash('accounts::ssh_keys', {}),

    users                    => hiera_hash('accounts::users', {}),

    usergroups               => hiera_hash('accounts::usergroups', {}),

    accounts                 => hiera_hash('accounts::accounts', {}),

    ssh_authorized_key_title => '%{ssh_keys[\'%{ssh_key}\'][\'comment\'] on %{user}',

    dotfiles                 => hiera_hash('accounts::dotfiles', {}),

  }

So that should put all of that info into my run, yes?  Is there a better place to put that?

Then in hiera I have:

$ more hieradata/common_users.eyaml

accounts::ssh_keys:

  iambot:

    comment: iambot@somewhere

    type: ssh-dss

    public: public_key

accounts::users:

  iambot:

    uid: 10079

    gid: 10022

    comment: I am a Bot

accounts::groups:

  Staff:

    gid: 10022

It seems that with camptocamp's implementation you then need to call accounts::account like this to get the user created:

accounts::account { 'iambot': }

But with Grundic's it seems you have to add an accounts::account block to the yaml above:

accounts::account:

  iambot:

    groups:

      - Staff

    authorized_keys:

      - iambot

Is that right?

Anyway, I can get around the stack level error by replacing the contents of the ssh_authorized_key_title with something "static", but would prefer to have it as is.

Any ideas?  ;-/

Thanks a lot,

Guy

[Mickaël Canévet]

Hi,

There is a missing right brace at the end of the format string:

  ssh_authorized_key_title => '%{ssh_keys[\'%{ssh_key}\'][\'comment\'] on %{user}}',

BTW this param is not really useful anymore, we added it so that we can set the resource title to not have duplicate keys in the .ssh/authorized_keys.

But since puppet 3.6 (IIRC) you can purge unmanaged authorized_keys, so resource titles does not really matter anymore.

Mickaël

[Mickaël Canévet]

If you still want to use ssh_authorized_key_title, you have some examples in unit tests.

Le vendredi 16 janvier 2015 18:40:06 UTC+1, guymatz a écrit :

[Guy Matz]

Mickaël,

Thanks for the reply!!  Is there an updated version of the module that you recommend I use?

One other thing . . .  where do you put the class block that pulls in the hiera data?

Thanks a lot!

Guy

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/47654e48-2065-4788-a4eb-213711c2fdb4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Mickaël Canévet]

Guy,

It looks like grundics's accounts is just a fork of camptocamp's one. So unless you need grundics's features I recommend you to use camptocamp's version.

We are actually including the declaration of the accounts class in a base profile class included in all ours roles.

Regards,

Mickaël