sshkey type purge
130 views
Skip to first unread message
Trevor Vaughan
Jul 23, 2012, 2:10:10 PM7/23/12
to puppet...@googlegroups.com
So, I'm sure this has been covered somewhere, but I can't seem to find it.
Is there no 'purge' ability on the 'sshkey' type? It would be nice to
be able to get rid of entries for hosts that are no longer present
without actually having to write out a node declaration for each one.
Thanks,
Trevor
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
Is there no 'purge' ability on the 'sshkey' type? It would be nice to
be able to get rid of entries for hosts that are no longer present
without actually having to write out a node declaration for each one.
Thanks,
Trevor
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
jcbollinger
Jul 24, 2012, 8:46:46 AM7/24/12
to puppet...@googlegroups.com
On Monday, July 23, 2012 1:10:10 PM UTC-5, Trevor Vaughan wrote:
So, I'm sure this has been covered somewhere, but I can't seem to find it.
Is there no 'purge' ability on the 'sshkey' type? It would be nice to
be able to get rid of entries for hosts that are no longer present
without actually having to write out a node declaration for each one.
Almost any resource type that has an 'ensure' parameter can be purged via a 'resources' meta-resource. I think it should be possible to purge Sshkey resources that way, but I cannot actually confirm so.
John
Trevor Vaughan
Jul 24, 2012, 9:39:30 AM7/24/12
to puppet...@googlegroups.com
I attempted to set it and it wasn't very happy but your assessment is
what I had thought as well.
Thanks,
Trevor
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/bVYmCq6ay8QJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
what I had thought as well.
Thanks,
Trevor
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/bVYmCq6ay8QJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
Nan Liu
Jul 24, 2012, 10:47:25 AM7/24/12
to puppet...@googlegroups.com
On Mon, Jul 23, 2012 at 11:10 AM, Trevor Vaughan <tvau...@onyxpoint.com> wrote:
> So, I'm sure this has been covered somewhere, but I can't seem to find it.
>
> Is there no 'purge' ability on the 'sshkey' type? It would be nice to
> be able to get rid of entries for hosts that are no longer present
> without actually having to write out a node declaration for each one.
Purge isn't supported for providers based on parsed file that edit
> So, I'm sure this has been covered somewhere, but I can't seem to find it.
>
> Is there no 'purge' ability on the 'sshkey' type? It would be nice to
> be able to get rid of entries for hosts that are no longer present
> without actually having to write out a node declaration for each one.
more than one target file. So purge works for host/cron, but not
sshkey/yum. To support purging, I've used a custom define resource
based on concat files (which have other pro/cons).
Thanks,
Nan
Matthias Saou
Jul 24, 2012, 10:57:46 AM7/24/12
to puppet...@googlegroups.com
On Tue, 24 Jul 2012 09:39:30 -0400
Trevor Vaughan <tvau...@onyxpoint.com> wrote:
> I attempted to set it and it wasn't very happy but your assessment is
> what I had thought as well.
Yup. (Still) Unsupported, unfortunately...
Trevor Vaughan <tvau...@onyxpoint.com> wrote:
> I attempted to set it and it wasn't very happy but your assessment is
> what I had thought as well.
See http://projects.puppetlabs.com/issues/1581
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matt...@saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
Trevor Vaughan
Jul 24, 2012, 2:45:04 PM7/24/12
to puppet...@googlegroups.com
That's a different type, but same difference.
I was looking at sshkey not ssh_authorized_key but it is the exact same problem.
Thanks!
Trevor
I was looking at sshkey not ssh_authorized_key but it is the exact same problem.
Thanks!
Trevor
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
jcbollinger
Jul 24, 2012, 6:05:42 PM7/24/12
to puppet...@googlegroups.com
We're talking about Sshkey, not Ssh_authorized_key. As far as I know, the former ought to be managing only one file (/etc/ssh/ssh_known_hosts for most systems). Is there some reason why that type would be managing more than one file?
John
Nan Liu
Jul 24, 2012, 6:21:19 PM7/24/12
to puppet...@googlegroups.com
resources { 'sshkey':
purge => true,
}
$ puppet apply /tmp/sshkey.pp
notice: /Sshkey[192.168.232.128]/ensure: removed
notice: /Sshkey[192.168.101.131]/ensure: removed
notice: /Sshkey[ec2-23-22-74-239.compute-1.amazonaws.com]/ensure: removed
notice: /Sshkey[192.168.232.143]/ensure: removed
notice: Finished catalog run in 0.06 seconds
$ cat /etc/ssh/ssh_known_hosts
# HEADER: This file was autogenerated at Tue Jul 10 17:29:06 -0500 2012
# HEADER: by puppet. While it can still be managed manually, it
# HEADER: is definitely not recommended.
On mac it's default to /etc/ssh_known_hosts, and both seems to work.
Nan
Trevor Vaughan
Jul 24, 2012, 8:09:11 PM7/24/12
to puppet...@googlegroups.com
d'oh!
Syntax failure on my part it seems.
However, you can point sshkey to different files, so that could be my issue.
If you actually specify a target file for your sshkey instances, does
it still work?
Trevor
Syntax failure on my part it seems.
However, you can point sshkey to different files, so that could be my issue.
If you actually specify a target file for your sshkey instances, does
it still work?
Trevor
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
Nan Liu
Jul 24, 2012, 8:15:44 PM7/24/12
to puppet...@googlegroups.com
On Tue, Jul 24, 2012 at 5:09 PM, Trevor Vaughan <tvau...@onyxpoint.com> wrote:
> d'oh!
>
> Syntax failure on my part it seems.
>
> However, you can point sshkey to different files, so that could be my issue.
>
> If you actually specify a target file for your sshkey instances, does
> it still work?
No, back to parsedfile flaws with more than one target file =(.
> d'oh!
>
> Syntax failure on my part it seems.
>
> However, you can point sshkey to different files, so that could be my issue.
>
> If you actually specify a target file for your sshkey instances, does
> it still work?
Nan
Trevor Vaughan
Jul 24, 2012, 9:46:56 PM7/24/12
to puppet...@googlegroups.com
Ok, that verifies what I was seeing then.
Ah well. Thanks!
Trevor
Ah well. Thanks!
Trevor
Reply all
Reply to author
Forward
0 new messages