Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/214343
Change subject: admin: clean up removed/revoked SSH keys ...................................................................... admin: clean up removed/revoked SSH keys This removes the ssh::userkey definition with an empty content for users with no SSH keys. The output of join may or may not be undef and if it is, the included File will just ignore the file's content instead of setting it to ''. This ensures that those stale SSH authorized keys will be removed, as /etc/ssh/userkeys is recursively managed and purged. Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e --- M modules/admin/manifests/user.pp 1 file changed, 6 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/43/214343/1 diff --git a/modules/admin/manifests/user.pp b/modules/admin/manifests/user.pp index 19362fb..4b279ee 100644 --- a/modules/admin/manifests/user.pp +++ b/modules/admin/manifests/user.pp @@ -82,7 +82,6 @@ owner => $name, group => $gid, force => true, - tag => 'user-home', require => User[$name], } } @@ -91,10 +90,12 @@ fail("${name} is not a valid ssh_keys array: ${ssh_keys}") } - ssh::userkey { $name: - ensure => $ensure, - content => join($ssh_keys, "\n"), - tag => 'user-ssh', + # recursively-managed, automatically purges + if !empty($ssh_keys) { + ssh::userkey { $name: + ensure => $ensure, + content => join($ssh_keys, "\n"), + } } if !empty($privileges) { -- To view, visit https://gerrit.wikimedia.org/r/214343 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits