如何在木偶提供程序中创建ssh_authorized_key资源？ （我强行冲洗吗？）

Question

完整代码位于https://gist.github.com/c9815c1b19a36ed07ca5

在nodes.pp我有

node 'random.brighterplanet.com' {
  $deploy_user = 'www-data'
  include secured_by_authorized_keys
  include logs_in_as_deploy
}

在modules/logs_in_as_deploy/manifests/logs_in_as_deploy.pp我有

class logs_in_as_deploy {
  access_via_authorized_key { $deploy_user:
    ensure => present
  }
}

在modules/secured_by_authorized_keys/lib/puppet/provider/authorized_keys.rb我有

# [...]
def to_ssh_authorized_key(name, ensure_status)
  k = Puppet::Type.type(:ssh_authorized_key).new :name => id(name), :ensure => ensure_status, :key => public_key, :type => 'ssh-rsa', :user => name
  k.provider.create
  k
end
# [...]
Puppet::Type.type(:access_via_authorized_key).provide(:authorized_keys) do
# [...]
  def create
    ks = AuthorizedParty.all.map do |authorized_party|
      authorized_party.to_ssh_authorized_key resource[:name], :present
    end
  end
# [...]

我看到了

# puppet --debug  /etc/puppet/manifests/site.pp 
[...]
notice: /Stage[main]/Logs_in_as_deploy/Access_via_authorized_key[www-data]/ensure: created
debug: Finishing transaction -611364608
debug: Storing state
debug: Stored state in 0.01 seconds
notice: Finished catalog run in 2221.41 seconds

但是没有任何内容写入authorized_keys文件。我想我要么

• 以某种方式将内置ssh_authorized_key资源添加到节点目录
• 以某种方式调用flush

我做错了什么？

Answer 1

我评论了你的要点。

我相信这个自定义类型代码对于使用本机ssh_authorized_key类型非常乐观。将资源硬编码到类型代码中并忽略目录内容是边缘滥用。

在清单中实现这一点是明智的

$keys = { 'rimuhosting' => { 'id' => ... }, ... }

define my_authorized_key($ensure = present) {
  $data = $keys[$title]
  $key_name = $data['email'] + "-" + $data['public_key_version'] + "-" + $data['user']
  ssh_authorized_key {
    "$key_name":
      ensure => $ensure,
      type => 'ssh-rsa',
      ...
  }
}

因为全有或全无似乎是目标

class authorized_keys($ensure = present) {
  $names = keys($keys)   # <- function from puppetlabs-stdlib module
  my_authorized_key { $names: ensure => $ensure }
}

参数化类可能很难使用，如果你想走这条路线，我强烈建议你把它与Hiera结合起来。