Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Tricky landing for bug 926468
5 views
Skip to first unread message
Dustin J. Mitchell
Aug 12, 2014, 9:01:03 AM8/12/14
to Announcements and development of PuppetAgain
Hi folks --
Bug 926468 adds support for external syncs of SSH keys and group membership from LDAP. It's built to interface with Mozilla's LDAP, and I'm not an LDAP guru so I assume it's at least partially Mozilla-specific. So it's named 'moco_ldap'.
Anyway, if you're using SSH keys in keys.pp, and have access to Mozilla's LDAP, you need to land it in two parts, with a sync run in between:
* merge http://hg.mozilla.org/build/puppet/rev/53135f5a5487 or equivalent
which adds and runs the sync, but doesn't use it.
* run /usr/local/sbin/extsync-moco_ldap
and verify that /etc/hiera/moco_ldap.eyaml exists
* merge the rest of the patch
If you do not have access to Mozilla LDAP, you still need to be careful with merging the change: for all users in your $admin_users config, you'll need to add their key in $extra_user_ssh_keys; something like
$extra_user_ssh_keys = {
'florence' => ['ssh-rsa <key here> florence@nightingale'],
}
Dustin
Bug 926468 adds support for external syncs of SSH keys and group membership from LDAP. It's built to interface with Mozilla's LDAP, and I'm not an LDAP guru so I assume it's at least partially Mozilla-specific. So it's named 'moco_ldap'.
Anyway, if you're using SSH keys in keys.pp, and have access to Mozilla's LDAP, you need to land it in two parts, with a sync run in between:
* merge http://hg.mozilla.org/build/puppet/rev/53135f5a5487 or equivalent
which adds and runs the sync, but doesn't use it.
* run /usr/local/sbin/extsync-moco_ldap
and verify that /etc/hiera/moco_ldap.eyaml exists
* merge the rest of the patch
If you do not have access to Mozilla LDAP, you still need to be careful with merging the change: for all users in your $admin_users config, you'll need to add their key in $extra_user_ssh_keys; something like
$extra_user_ssh_keys = {
'florence' => ['ssh-rsa <key here> florence@nightingale'],
}
Dustin
0 new messages