> If there is a new "foohost" client then you may not need to do anything.
> If not, then yes, you should clear its configuration out of your
> storeconfigs DB.
>
>
Its a new hostname as well as a new key. I wasn't clear on that earlier.
Also, I had run `puppet node clean foohost` before fyi. Lets call the old
host *foohost* and the new one *newhost.*
My goal is to have 50 hosts with the same ssh_known_hosts file, which will
contain the keys for the 50 hosts, so from what I understand I need to use
sshkey as an "exported" resource. Perhaps I'm not understanding local vs
exported resources though.
It seems to me that if if the hostnames are different, then there shouldn't
be a problem with the two resource declarations coexisting in my manifest,
as the type-title combo should be unique, right? A solution I've come up
with is to have ONLY this declared:
# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}
Sshkey <<| |>>
and then let my puppet agents pull down their configs and thus handle the
removal of foohost from ssh_known_hosts. Later today, I'll remove this
declaration and put back in:
# add keys
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
Sshkey <<| |>>
Not the prettiest solution, but this situation where we rebuild a host with
a new hostname isn't that common.
Now, with all that said, I can see in my storedconfigs DB which is also
shared by Foreman, that there are some records for sshkey and foohost that
still exist. Not sure how to clean this out (is puppet node clean foohost
the correct way?), other than a postgres query.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/hyewxsFQxA4J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
