Forum: CFEngine Help
Subject: Re: Dynamic module for editing authorized_keys
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,24453,24499#msg-24499
I essentially have a structure like this
vars:
hostname::
keymaps slist => {"key2"};
keymaps slist => {"key1", "key2"};
And then I iterate over the list for every user defined on the system. The
public arrays elements get .pub appended, and the private array gets pulled
down directly (all keys are stored on the master in a consistent directory
structure). Both the public and private key management bundles know how to get
the key file into the right place for each user based on the ssh implementation
on the given system. The hostname class isn't actually a hostname most of the
time; it's usually a servertype class which groups hostnames based on some
attribute.
I've been meaning to define "user_exists_X" classes for all users, which I
think would make this slightly more efficient by allowing me to stick
ifvarclass attributes on each user's variable definition - right now I define
an abort_bundle class in the key install method if the specified user doesn't
exist, which results in a lot of relatively slow unneccesary method calls.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
