FAQ
I'm trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
/etc/ssh/shosts.equiv stays updated. The issue i'm finding is that if I
include a "tag == anything" in the Collector filter, it collects all
resources EXCEPT it's own. In this case, the known_hosts and .equiv files
will have all the other hostnames, but not it's own hostname. If I remove
the "tag ==" line it works as expected. I tested this with a common tag
"ssh" which I verified is in puppetdb on both exports.

[root@csep0501 ssh]# rpm -qa | grep puppet
puppet-3.2.3-1.el5

(where $dsitename is the lowercase version of a global fact)

     @@sshkey{ "${::fqdn}-ssh-pubkey" :
         tag => $dsitename,

         ensure => present,
         host_aliases => [ $::hostname ],
         key => $::sshrsakey,
         name => $::fqdn,
         type => 'ssh-rsa',
     }

     @@file_line{ "${::fqdn}-shosts.equiv" :
         tag => $dsitename,
         path => "/etc/ssh/shosts.equiv",
         ensure => present,
         line => "+${::fqdn}",
     }

     notify { 'testmessage' :
         message => "Downcased sitename is $dsitename",
     }

     Sshkey <<| tag == 'ssh' and tag == $dsitename |>> {
         require => File['/etc/ssh/ssh_known_hosts'],
     }
     File_line <<| tag == 'ssh' and tag == $dsitename and path ==
"/etc/ssh/shosts.equiv" |>> {
         require => File['/etc/ssh/shosts.equiv'],
     }

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Jcbollinger at Aug 14, 2013 at 5:07 pm

    On Tuesday, August 13, 2013 12:29:51 PM UTC-5, Chuck Bredestege wrote:
    I'm trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
    /etc/ssh/shosts.equiv stays updated. The issue i'm finding is that if I
    include a "tag == anything" in the Collector filter, it collects all
    resources EXCEPT it's own. In this case, the known_hosts and .equiv files
    will have all the other hostnames, but not it's own hostname. If I remove
    the "tag ==" line it works as expected. I tested this with a common tag
    "ssh" which I verified is in puppetdb on both exports.

    [root@csep0501 ssh]# rpm -qa | grep puppet
    puppet-3.2.3-1.el5

    (where $dsitename is the lowercase version of a global fact)

    @@sshkey{ "${::fqdn}-ssh-pubkey" :
    tag => $dsitename,

    ensure => present,
    host_aliases => [ $::hostname ],
    key => $::sshrsakey,
    name => $::fqdn,
    type => 'ssh-rsa',
    }

    @@file_line{ "${::fqdn}-shosts.equiv" :
    tag => $dsitename,
    path => "/etc/ssh/shosts.equiv",
    ensure => present,
    line => "+${::fqdn}",
    }

    notify { 'testmessage' :
    message => "Downcased sitename is $dsitename",
    }

    Sshkey <<| tag == 'ssh' and tag == $dsitename |>> {
    require => File['/etc/ssh/ssh_known_hosts'],
    }
    File_line <<| tag == 'ssh' and tag == $dsitename and path ==
    "/etc/ssh/shosts.equiv" |>> {
    require => File['/etc/ssh/shosts.equiv'],
    }
    Why do you need parameter overrides for 'require'? Does it not work to
    declare those directly in the original resource declarations?

    Anyway, this looks similar to http://projects.puppetlabs.com/issues/11049.
    Can you work around it by explicitly collecting the node's own resources?
    For example, add

    Sshkey <<| title == "${::fqdn}-ssh-pubkey" |>>
    File_line <<| title == "${::fqdn}-shosts.equiv" |>>

    (with the 'require' override too, if that turns out to be necessary).


    John

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Chuck Bredestege at Aug 15, 2013 at 3:37 pm
    You were right about the require overrides, I moved those into the exported
    sources instead (looks cleaner that way anyway)

    and adding 2 collector lines, one for "everyone else" and one "for myself"
    worked as you suggested, thanks.
    On Wednesday, August 14, 2013 1:07:50 PM UTC-4, jcbollinger wrote:


    On Tuesday, August 13, 2013 12:29:51 PM UTC-5, Chuck Bredestege wrote:

    I'm trying to create a ssh class where the /etc/ssh/ssh_known_hosts and
    /etc/ssh/shosts.equiv stays updated. The issue i'm finding is that if I
    include a "tag == anything" in the Collector filter, it collects all
    resources EXCEPT it's own. In this case, the known_hosts and .equiv files
    will have all the other hostnames, but not it's own hostname. If I remove
    the "tag ==" line it works as expected. I tested this with a common tag
    "ssh" which I verified is in puppetdb on both exports.

    [root@csep0501 ssh]# rpm -qa | grep puppet
    puppet-3.2.3-1.el5

    (where $dsitename is the lowercase version of a global fact)

    @@sshkey{ "${::fqdn}-ssh-pubkey" :
    tag => $dsitename,

    ensure => present,
    host_aliases => [ $::hostname ],
    key => $::sshrsakey,
    name => $::fqdn,
    type => 'ssh-rsa',
    }

    @@file_line{ "${::fqdn}-shosts.equiv" :
    tag => $dsitename,
    path => "/etc/ssh/shosts.equiv",
    ensure => present,
    line => "+${::fqdn}",
    }

    notify { 'testmessage' :
    message => "Downcased sitename is $dsitename",
    }

    Sshkey <<| tag == 'ssh' and tag == $dsitename |>> {
    require => File['/etc/ssh/ssh_known_hosts'],
    }
    File_line <<| tag == 'ssh' and tag == $dsitename and path ==
    "/etc/ssh/shosts.equiv" |>> {
    require => File['/etc/ssh/shosts.equiv'],
    }
    Why do you need parameter overrides for 'require'? Does it not work to
    declare those directly in the original resource declarations?

    Anyway, this looks similar to http://projects.puppetlabs.com/issues/11049.
    Can you work around it by explicitly collecting the node's own resources?
    For example, add

    Sshkey <<| title == "${::fqdn}-ssh-pubkey" |>>
    File_line <<| title == "${::fqdn}-shosts.equiv" |>>

    (with the 'require' override too, if that turns out to be necessary).


    John
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 13, '13 at 5:30p
activeAug 15, '13 at 3:37p
posts3
users2
websitepuppetlabs.com

2 users in discussion

Chuck Bredestege: 2 posts Jcbollinger: 1 post

People

Translate

site design / logo © 2022 Grokbase