https://www.puppet.com/community logo
Join Slack
Powered by
# voxpupuli
  • v
    ewoud: looks like the augeas one can only manage host keys
  • v
    ewoud: hmm... perhaps adding it there would be better, but then i need to write yet another type
  • v
    and on top of augeas
  • v
    and then i still need a type resource
  • v
    in that case the autorequire stuff is equivalent for me
  • v
    i'm starting to wonder if it's best just not to share that code at all
  • v
    and go back to my cave
  • v
    bastelfreak: yeah, it's hard to do... if you let the file be owned by the user, that doesn't work
  • v
    i guess that's my objection with the ssh_authorized_key type, it favors that approach
  • v
    anarcat: yes, I had some vague recollection it could manage SSH authorized keys too but can't find it now
  • v
    I assumed they are owned by root or the ssh user
  • v
    i also don't like how it breaks down the key in type/modulus/comment, you can't just pass around the entire line
  • v
    wouldn't an EPP template be easier for your use case?
  • v
    maaybe?
  • v
    how would that work?
  • v
    maybe that's what bastelfreak was talking about the other day about tapping into puppetdb
  • v
    no, but that works as well
  • v
    but something else: are you 100% sure that the authorized_keys file cannot be owned by root?
  • v
    the internet says that works
  • v
    i am 100% sure
  • v
    (but I haven't tested it)
  • v
  • v
    and that's besides the point, if the file is owned by the user, we fail
  • v
    because the user can modify it
  • v
    according to the internet, it can be owned by root
  • v
    with 0600
  • v
    oh
  • v
    well it didn't work in my tests
  • v
    let me reproduce, hold on
  • v
    uh.
1...626627628...648Latest