Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/214343
Change subject: admin: clean up removed/revoked SSH keys
......................................................................
admin: clean up removed/revoked SSH keys
This removes the ssh::userkey definition with an empty content for users
with no SSH keys. The output of join may or may not be undef and if it
is, the included File will just ignore the file's content instead of
setting it to ''.
This ensures that those stale SSH authorized keys will be removed, as
/etc/ssh/userkeys is recursively managed and purged.
Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e
---
M modules/admin/manifests/user.pp
1 file changed, 6 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/43/214343/1
diff --git a/modules/admin/manifests/user.pp b/modules/admin/manifests/user.pp
index 19362fb..4b279ee 100644
--- a/modules/admin/manifests/user.pp
+++ b/modules/admin/manifests/user.pp
@@ -82,7 +82,6 @@
owner => $name,
group => $gid,
force => true,
- tag => 'user-home',
require => User[$name],
}
}
@@ -91,10 +90,12 @@
fail("${name} is not a valid ssh_keys array: ${ssh_keys}")
}
- ssh::userkey { $name:
- ensure => $ensure,
- content => join($ssh_keys, "\n"),
- tag => 'user-ssh',
+ # recursively-managed, automatically purges
+ if !empty($ssh_keys) {
+ ssh::userkey { $name:
+ ensure => $ensure,
+ content => join($ssh_keys, "\n"),
+ }
}
if !empty($privileges) {
--
To view, visit https://gerrit.wikimedia.org/r/214343
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
