Hi Folks,
I have used many configuration management systems in the past.
One of the greatest features was the purge value for resources in puppet
that removes all _unmanaged_ resources of the type (file, user, ssh-Key,
...)
Especially for security reasons that is an absolute need for some stuff.
I tried to implement that feature in ansible but the play looks really
ugly. Further more, it could be archived in just a narrow
implementation.
For ssh-authorized keys I use a template currently instead of
authorized_key.
But this all is incomplete as it does not allow to add resources in
difference roles and purge all the unmanaged ones at the end.
Is there any idea about that?
-- Klaus