On Jul 5, 2013, at 1:11 PM, Mark Lamourine <markllama gmail com> wrote:
Yes - that's either a new set of mcollective endpoints, or a type based plugin to the node to handle key propagation in two ways, ssh public key vs. principal.
Another potential wrinkle is that the user's default principal should be provisioned on user creation. It's possible but not clean today.
Ultimately the modeling decisions revolve around the following questions
1) is this tied to an Openshift user account
2) do you support multiple principals per user
3) is the principal discoverable automatically / an implicit property of the user, or a choice the user always has to make
4) are there potentially different ways to treat the same principal on each gear across different customer deployments (krb5login file vs. ???)
5) are there "keys" aside from principals that will also be potentially settable on each user.
6) is the distribution mechanism to the nodes identical (vs how they are used on the nodes)
Given the answers above, the decision about whether ssh_key in the broker is currently not generic enough (the root object should be a key for use with ssh) can be answered.