Extending the resource

Greetings,

Is there a convenient way to extend built-in chef resources? Right now
I’m thinking about the User resource. For my purposes it would be nice
to have an attribute for managing contents of ~/.ssh/authorized_keys. Of
course, I could have patched chef sources, but maybe a better way exists.

Thanks,
Dmitry

how are your users defined? I know that opscode is using a data bag, so you could just add a field in there and have a recipe walk the user list and drop in the ssh key for each user. Remember if your using a nfs home share only run the recipe on one system to save a lot of data bag processing.

Joshua

On Jul 29, 2010, at 3:10 AM, Dmitry V'yal wrote:

Greetings,

Is there a convenient way to extend built-in chef resources? Right now I'm thinking about the User resource. For my purposes it would be nice to have an attribute for managing contents of ~/.ssh/authorized_keys. Of course, I could have patched chef sources, but maybe a better way exists.

Thanks,
Dmitry

Yo,

On 30 July 2010 10:29, Joshua Miller jassinpain@gmail.com wrote:

how are your users defined? I know that opscode is using a data bag, so
you could just add a field in there and have a recipe walk the user list and
drop in the ssh key for each user. Remember if your using a nfs home share
only run the recipe on one system to save a lot of data bag processing.

This is how we proceeded too: NFS home directories, Data-driven Users
cookbook (+ multiple data bags per-team), SSH pub keys loaded into the
accounts via dbag on the NFS servers: accounts created everywhere else (for
NFS to work) without .ssh to avoid a chef norootsquash
anonymous-NFS-client-access-requiring scenario.

Cheers,

AJ

Joshua

On Jul 29, 2010, at 3:10 AM, Dmitry V'yal wrote:

Greetings,

Is there a convenient way to extend built-in chef resources? Right now
I'm thinking about the User resource. For my purposes it would be nice to
have an attribute for managing contents of ~/.ssh/authorized_keys. Of
course, I could have patched chef sources, but maybe a better way exists.

Thanks,
Dmitry