Dear puppet wizards,
http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does not
suggest to me that nested parametrized defines would be forbidden, hence I
expected the following code to work:
add_to_ssh_authorized_keys.pp:
--------
define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home",
$targetuser="root", $keyowner, $keyownername,
$state="present" ) {
$sshdir = "$homebasedir/$targetuser/.ssh"
$authfile = "$sshdir/authorized_keys"
ssh_authorized_key {"$keyowner@censhare.de($keyownername 4096) as
$targetuser":
key => template("ssh_public_keys/$keyowner"),
ensure => "$state",
name => "$keyownername",
type => ''ssh-rsa'',
target => $authfile,
user => $targetuser,
} }
---------
it_services_admins.pp:
---------
define a::ssh_keys::it_services_admins($user=''root''){
censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah":
targetuser => "$user",
keyowner => ''blah'',
keyownername => ''blah'',
}
}
---------
class file:
------------
class ….{
censhare::ssh_keys::it_services_admins{ ''b'':
user => ''b''
}
censhare::ssh_keys::it_services_admins { ''root'':
user => ''root''
}
}
-----
I do however get: "Invalid resource type
a::ssh_keys::add_to_ssh_authorized_keys at
/etc/puppet/modules/censhare/manifests/ssh_keys/:7"
Any hints? If parametrized defines in fact can''t be nested I would
appreciate it if the documentation clearly said so, would safe a lot of
headache. If it should work I can''t figure out the correct syntax and
would appreciate an example.
Here''s what I actually try to do, perhaps some of you comes up with a
smarter suggestion:
- I''d like to define ssh public keys in one place and avoid duplicates.
- These ssh key resources should be usable wrapped in ''groups''
(e.g. "all keys used to access the b user''s account", ...)
and on their own (for use with the Unix account of this one specific user)
- There''s a one-to-many relation, i.e. the key x might be used on one
node in her own Unix account x, together with all other members of the
''group'' "all keys used to access the b user''s
account" in Unix accounts c and d, and together with "all keys used
to access the b user''s account" in Unix account b.
- Some of the key owners will have a Unix account on the appropriate node, but
most won''t, hence it''s not possible to connect user and
ssh_authorized_key resources.
Thank you for helping me out!
Patricia
--
Patricia Jung
Senior Software and Support Engineer
censhare AG
Paul-Gerhardt-Allee 50, 81245 Muenchen, Germany
Fon +49 89 568236-311
Fax +49 89 568236-501
http://www.censhare.com
http://blog.censhare.com
Vorstand: Walter Bauer, Robert Motzke, Dieter Reichert
Aufsichtsratsvorsitzender: Matthias Zimmermann
Handelsregister: Amtsgericht Muenchen HRB 140617
USt-ID: DE219222021
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/D47029F0-D745-4594-A14F-07452104B9CC%40censhare.com.
For more options, visit https://groups.google.com/groups/opt_out.
On 2013-14-11 12:32, Patricia Jung wrote:> Dear puppet wizards, > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does not suggest to me that nested parametrized defines would be forbidden, hence I expected the following code to work: > > add_to_ssh_authorized_keys.pp: > -------- > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", $targetuser="root", $keyowner, $keyownername, $state="present" ) { > $sshdir = "$homebasedir/$targetuser/.ssh" > $authfile = "$sshdir/authorized_keys" > > ssh_authorized_key {"$keyowner@censhare.de($keyownername 4096) as $targetuser": > key => template("ssh_public_keys/$keyowner"), > ensure => "$state", > name => "$keyownername", > type => ''ssh-rsa'', > target => $authfile, > user => $targetuser, > } } > --------- > > it_services_admins.pp: > --------- > define a::ssh_keys::it_services_admins($user=''root''){ > > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > targetuser => "$user", > keyowner => ''blah'', > keyownername => ''blah'', > } > } > > --------- > > class file: > ------------ > class ….{ > censhare::ssh_keys::it_services_admins{ ''b'': > user => ''b'' > } > censhare::ssh_keys::it_services_admins { ''root'': > user => ''root'' > } > } >Looks like you are missing a:: before censhare::ssh_keys... - henrik -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/l63n0g%246tf%241%40ger.gmane.org. For more options, visit https://groups.google.com/groups/opt_out.
On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote:> > Dear puppet wizards, > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.htmldoes not suggest to me that nested parametrized defines would be forbiddenYou are correct. Defined type bodies may declare resources of any type, including defined types.> , hence I expected the following code to work: > > add_to_ssh_authorized_keys.pp: > -------- > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", > $targetuser="root", $keyowner, $keyownername, $state="present" ) { >To be clear, that should appear in <module path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the autoloader to be able to find it.> it_services_admins.pp: > --------- > define a::ssh_keys::it_services_admins($user=''root''){ >Likewise, that should appear in <module path>/a/manifests/ssh_keys/it_services_admins.pp> > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > targetuser => "$user", > keyowner => ''blah'', > keyownername => ''blah'', > } >That resource type is not declared among the manifest fragments you presented, although there is a similarly-named one in your module "a".> } > > --------- > > class file: >I suppose you mean that this is the file of the module main class, <module path>/<module_name>/manifests/init.pp> ------------ > class ….{ > censhare::ssh_keys::it_services_admins{ ''b'': > user => ''b'' > } > censhare::ssh_keys::it_services_admins { ''root'': > user => ''root'' > } > } > >If you change "censhare" to "a" in those declarations then they will match up with the defined types you presented earlier.> ----- > I do however get: "Invalid resource type > a::ssh_keys::add_to_ssh_authorized_keys at > /etc/puppet/modules/censhare/manifests/ssh_keys/:7" > >My first guess would be that the file containing the definition is not where the autoloader expects it to be.> Any hints? If parametrized defines in fact can''t be nested I would > appreciate it if the documentation clearly said so, would safe a lot of > headache. If it should work I can''t figure out the correct syntax and would > appreciate an example. >Have you attempted to obfuscate the manifest fragments you presented? Because they don''t seem to line up with each other with respect to names. If those are literal excerpts from your manifests then the name mismatches are at least part of your problem. If you have attempted to obfuscate, then please stop. Do remove sensitive information (keys, passwords) and reduce the example to a simple form that exhibits the issue, but we''re going to have trouble helping you if you introduce new errors that are not present in the original manifests. Also, it will be helpful to present file paths relative to the module path, as the locations of your manifest files are significant to Puppet. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/76295f76-8c92-462a-902e-96b2a93c0ecc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Dear John and all, Am 15.11.2013 um 15:47 schrieb jcbollinger <John.Bollinger@stJude.org>:> > On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote: > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does not suggest to me that nested parametrized defines would be forbidden > > > You are correct. Defined type bodies may declare resources of any type, including defined types. > > > , hence I expected the following code to work: > > add_to_ssh_authorized_keys.pp: > -------- > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", $targetuser="root", $keyowner, $keyownername, $state="present" ) { > > > To be clear, that should appear in <module path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the autoloader to be able to find it.Yes, this is true: it''s located in /etc/puppet/modules/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp> > > > it_services_admins.pp: > --------- > define a::ssh_keys::it_services_admins($user=''root''){ > > > Likewise, that should appear in <module path>/a/manifests/ssh_keys/it_services_admins.ppThis file is located in etc/puppet/modules/a/manifests/ssh_keys/it_services_admins.pp> > > > > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah":Sorry, my fault, the line above reads a::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah":> > targetuser => "$user", > keyowner => ''blah'', > keyownername => ''blah'', > } > } > > --------- > > class file: > > > I suppose you mean that this is the file of the module main class, <module path>/<module_name>/manifests/init.pp > >Not necessarily init.pp, and it''s outside the a module, e.g.: /etc/puppet/modules/c/manifests/nodes/saas.pp. Perhaps this is the problem?> ------------class c::nodes::saas{ a::ssh_keys::it_services_admins{ ''b'': user => ''b'' } a::ssh_keys::it_services_admins{ ''root'': user => ''root'' } } The error message reads: Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at /etc/puppet/modules/a/manifests/ssh_keys/:7">> Have you attempted to obfuscate the manifest fragments you presented?Sorry -- my intention was to strip the problem down mentally, and I admit to have failed… Thanks for helping anyway! Patricia -- Patricia Jung Senior Software and Support Engineer censhare AG Paul-Gerhardt-Allee 50, 81245 Muenchen, Germany Fon +49 89 568236-311 Fax +49 89 568236-501 http://www.censhare.com http://blog.censhare.com Vorstand: Walter Bauer, Robert Motzke, Dieter Reichert Aufsichtsratsvorsitzender: Matthias Zimmermann Handelsregister: Amtsgericht Muenchen HRB 140617 USt-ID: DE219222021 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7703E42A-DEBC-4C89-8853-2103151F5F23%40censhare.com. For more options, visit https://groups.google.com/groups/opt_out.
On Monday, November 18, 2013 3:40:46 AM UTC-6, Patricia Jung wrote:> > Dear John and all, > > Am 15.11.2013 um 15:47 schrieb jcbollinger: > > > > On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote: > > > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.htmldoes not suggest to me that nested parametrized defines would be forbidden > > > > > > You are correct. Defined type bodies may declare resources of any type, > including defined types. > > > > > > , hence I expected the following code to work: > > > > add_to_ssh_authorized_keys.pp: > > -------- > > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", > $targetuser="root", $keyowner, $keyownername, $state="present" ) { > > > > > > To be clear, that should appear in <module > path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the > autoloader to be able to find it. > Yes, this is true: it''s located in > /etc/puppet/modules/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp > > > > > > > > it_services_admins.pp: > > --------- > > define a::ssh_keys::it_services_admins($user=''root''){ > > > > > > Likewise, that should appear in <module > path>/a/manifests/ssh_keys/it_services_admins.pp > This file is located in > etc/puppet/modules/a/manifests/ssh_keys/it_services_admins.pp > > > > > > > > > > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > Sorry, my fault, the line above reads > a::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > > > > targetuser => "$user", > > keyowner => ''blah'', > > keyownername => ''blah'', > > } > > } > > > > --------- > > > > class file: > > > > > > I suppose you mean that this is the file of the module main class, > <module path>/<module_name>/manifests/init.pp > > > > > Not necessarily init.pp, and it''s outside the a module, e.g.: > /etc/puppet/modules/c/manifests/nodes/saas.pp. Perhaps this is the > problem? >Ah, ok. I understand now. No, it should not be a problem for instances of your defined type to be declared by classes from other modules or even no module at all. Besides, the declaration in c::nodes::saas is not the locus of the problem.> > ------------ > > class c::nodes::saas{ > a::ssh_keys::it_services_admins{ ''b'': > user => ''b'' > } > a::ssh_keys::it_services_admins{ ''root'': > user => ''root'' > } > } > > The error message reads: > > Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at > /etc/puppet/modules/a/manifests/ssh_keys/:7" > > >"Invalid resource type" for a defined type, supposing that it''s not altogether a red herring, means that Puppet does not recognize the type as a native one (which it isn''t), and cannot find a definition for that name. There are a few alternatives for why it might not find the definition, among them - The definition does not appear in the file the autoloader expects to find it in. You report, however, that it does appear in the correct file. - The definition is not declared with the expected name. The definition should use the correct fully-qualified name, as indeed you show it to do. If there were some mixup, however -- say the file defined censhare::... when it should have declared a::... -- then you would probably get an error such as you report. - The Puppet master cannot read the file, or perhaps cannot read some directory in the path to it. Unlike the Puppet agent, the master can and normally does run as an unprivileged user, often named "puppet". If file permissions, ownership, SELinux context, ACLs, or some other access control mechanism prevents the Puppet master process from reading the file, then you might get an error such as you describe. - As a special case, it is conceivable (though unlikely) that UTF-8 encoded file names containing characters above U+00FF might cause trouble if they appear in the same directory as the definition''s file. - The contents of the file containing the definition are not parsed successfully. I would actually expect a more localized error in this case, but if for some reason none was emitted then the error you report would be a likely fallback outcome. You can test this by running "puppet parser validate <manifest file>" on the file containing the definition. If the problem is not one of the above then I''m stumped. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5f3f7e9d-ca6e-4575-a1fc-d20d53cb89a0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Dear John and all, Am 18.11.2013 um 17:26 schrieb jcbollinger <John.Bollinger@stJude.org>:> > Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at /etc/puppet/modules/a/manifests/ssh_keys/:7" > > > "Invalid resource type" for a defined type, supposing that it''s not altogether a red herring, means that Puppet does not recognize the type as a native one (which it isn''t), and cannot find a definition for that name. There are a few alternatives for why it might not find the definition, among them > • The definition does not appear in the file the autoloader expects to find it in. You report, however, that it does appear in the correct file.I rewrote the entire stuff, and the problem indeed turned out to be an almost invisible mismatch between define name and file name. I wish I had the time to dive into the puppet code and change error messages to something more specific and useful… Thanks a lot, John! Patricia -- Patricia Jung Senior Software and Support Engineer censhare AG Paul-Gerhardt-Allee 50, 81245 Muenchen, Germany Fon +49 89 568236-311 Fax +49 89 568236-501 http://www.censhare.com http://blog.censhare.com Vorstand: Walter Bauer, Robert Motzke, Dieter Reichert Aufsichtsratsvorsitzender: Matthias Zimmermann Handelsregister: Amtsgericht Muenchen HRB 140617 USt-ID: DE219222021 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/003BE9E4-BE3E-4CCE-ABAF-978D7B446560%40censhare.com. For more options, visit https://groups.google.com/groups/opt_out.