I distribute my root keys through the following setup:
A custom fact ('ssh_pub_keys.rb') exports my root pub keys. Then I include
the 'dasar::ssh_keys::root' class on my nodes (see 'root.pp'). Now I can
ssh from all my machines that have that include into all my other machines
that have it too.
If you want to get fancy, you could leave the last statement out of that
class, and do specific collects in your node defs, like:
node satu {
Ssh_authorized_key <<| tag == "ssh_authorized_key-root_dua" |>>
}
node dua {
Ssh_authorized_key <<| tag == "ssh_authorized_key-root_satu" |>>
}
node tiga {
Ssh_authorized_key <<| |>>
}
Now satu and dua can only get into each other, and tiga can get on all of
them.
Thijs
On Friday, 27 July 2012 19:58:14 UTC+2, Nikolaos Hatzopoulos wrote:
>
> My philosophy is that if you implement something would be easy to redo it
> and produce
> a new key, kind of something nice that puppet has, so the thing that you
> are suggesting
> with the export it sounds complicated and I wanted to learn what it does
> because I
> saw it was a new feature, but as I see it is better to be centralize and
> produce
> the keys on the server and distribute them to the nodes.
>
> thanks for the responds,
> --Nikos
>
> On Thu, Jul 26, 2012 at 2:08 PM, jcbollinger <[email protected]>wrote:
>
>>
>>
>> On Thursday, July 26, 2012 10:41:28 AM UTC-5, Nikolaos Hatzopoulos wrote:
>>>
>>> as far as I understand for files you need a unique title in my case
>>> /etc/mynodes.txt
>>>
>>> how you can export instead of a file a variable and let's say it has a
>>> unique "title"
>>> and it has as content a string can you do that?
>>>
>>
>> You can only export resources, not variables. You can, however, export
>> resources of any type, including custom and defined types. I'm not quite
>> following what you don't like about the approach I've selected so far, but
>> most objectives of this kind can be realized by exporting and collecting
>> resources of some type, if you really want or need to go through Puppet as
>> the intermediary.
>>
>>
>>>
>>> The scp won't work because I am trying to setup the ssh keys with taking
>>> the key
>>> from a specific node and putting into the authorized_keys file of the
>>> other :) on the other
>>> hand I can make the scp for the root user.. but if you do that what's
>>> the point of using
>>> puppet (i have only linux nodes)?
>>>
>>
>> Not this, actually. Puppet's main purpose is to serve as a central
>> authority and manager for the configuration of nodes under its purview.
>> Copying data from one node to another is conflicts with "central authority"
>> because it makes the source node the authority for the information copied.
>> If you want Puppet only for this purpose, then you probably don't really
>> want Puppet at all.
>>
>> A solution more in the Puppet style would be to generate all the keys on
>> the master (possibly, but not necessarily, inside Puppet), and have Puppet
>> distribute them to all parties that need them.
>>
>>
>> John
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/Y0BmPZIkL2cJ.
>>
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/v5PA1sC2NnkJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
