Puppet users - May 2008 - require ignored

Hi

I am trying to get puppet running with the Authorized Keys based
recipe. My goal is to have a list of keys in /root/.ssh/
authorized_keys

I have the following setup:
http://pastie.caboo.se/196054

However when I start puppet on the client it crashes with:
puppetd[31546]: Could not create echo ...  >> ''/root/.ssh/
authorized_keys'': Parameter unless failed: ''grep -qFx
''ssh-rsa

Because the file /root/.ssh/authorized keys doesn''t exist.

So my questions are:
1) why does puppet run the included root-setup(which created the
needed directories and files) after the authorized-key run? How can I
fix this?
2) why does it ignore the require from the line call in authorized-key
run? Shouldn''t it stop once it doesn''t find the file?

--
Marcelo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On May 13, 2008, at 8:53 AM, Marcelo Barbudas wrote:
> 1) why does puppet run the included root-setup(which created the
> needed directories and files) after the authorized-key run? How can I
> fix this?
You''ll need to trim your example down so it just includes the  
problematic code, and then provide output from the full run.  Normally  
you would just use ''require'' to get the ordering right.
>
> 2) why does it ignore the require from the line call in authorized-key
> run? Shouldn''t it stop once it doesn''t find the file?

''require'' verifies that you''re managing the file, not
that it exists.

-- 
The most overlooked advantage to owning a computer is that if they foul
up there''s no law against wacking them around a little. -- Joe Martin
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, May 13, 2008 at 11:50 AM, Luke Kanies <luke@madstop.com>
wrote:
>
>  On May 13, 2008, at 8:53 AM, Marcelo Barbudas wrote:
>
>  > 1) why does puppet run the included root-setup(which created the
>  > needed directories and files) after the authorized-key run? How can I
>  > fix this?
>
>  You''ll need to trim your example down so it just includes the
>  problematic code, and then provide output from the full run.  Normally
>  you would just use ''require'' to get the ordering right.
>
>
>  >
>  > 2) why does it ignore the require from the line call in
authorized-key
>  > run? Shouldn''t it stop once it doesn''t find the
file?
>
>
>  ''require'' verifies that you''re managing the
file, not that it exists.
>
You probably also want to use recurse => false to keep from playing
havok with your file and directory permissions.

Evan

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
> You''ll need to trim your example down so it just includes the
> problematic code, and then provide output from the full run.  Normally
> you would just use ''require'' to get the ordering right.
>
>
A basic example is this:
node default {
          include root-server-class

          root-account-setup::authorized-keys {
                   "xxx":    key_owner => "radu",
auth_user => "root",
ensure => present;
                   "dirvish": key_owner => "dirvish",
auth_user =>
"root", ensure => present;
    }
}

class  root-account-setup {
           file {
                 homeroot, homeroot/.ssh, homeroot/.ssh/
authorized_Keys
           }
           define authorized-keys(..) {
                     ....
                    line { "add-key-${name}":
                                 ensure  => $ensure,
                                 file    => "/root/.ssh/
authorized_keys",
                                 line    => $key,
                                 require => [ User["root"],
File["/
root/.ssh"], File["/root/.ssh/authorized_keys" ] ],
                    }
           }
}

When it runs it returns:
Info: Facts have changed; recompiling
debug: Retrieving catalog
debug: Calling puppetmaster.getconfig
debug: Retrieved catalog in 0.25 seconds

!!! err: Could not create echo ''ssh-rsa keyid'' >>
''/root/.ssh/
authorized_keys'': Parameter unless failed: ''grep -qFx
''ssh-rsa key_Id''
''/root/.ssh/authorized_keys'''' is both unqualifed and
specified no
search path at /etc/puppet/modules/common/manifests/defines/line.pp:32

debug: Creating default schedules
debug: Finishing transaction -614276858 with 0 changes
warning: Configuration could not be instantiated: Parameter unless
failed: ''grep -qFx ''ssh-rsa key_id''
''/root/.ssh/authorized_keys'''' is
both unqualifed and specified no search path at /etc/puppet/modules/
common/manifests/defines/line.pp:32; using cached catalog
notice: Starting catalog run
debug: Loaded state in 0.00 seconds
debug: //Node[default]/root-account-setup/File[/root/.ssh/
authorized_keys]/require: requires File[/root/.ssh]
debug: //Node[default]/root-account-setup/File[/root/.ssh]/require:
requires File[/root]
debug: //Node[default]/root-account-setup/File[/root/.ssh/
authorized_keys2]/require: requires File[/root/.ssh/authorized_keys]
debug: //Node[default]/root-account-setup/File[/root/.ssh/
authorized_keys2]: Autorequiring File[/root/.ssh]
....

--
M.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I found the problem.

I was using the line definition from the complete configuration
module. The command wasn''t fully qualified. Maybe someone should
notify the author to update the code.

--
M.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
> I found the problem.
> 
> I was using the line definition from the complete configuration
> module. The command wasn''t fully qualified. Maybe someone should
> notify the author to update the code.
maybe you?
at least post a patch to the mailinglist. thanks!

greets pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marcelo Barbudas wrote:
> I found the problem.
> 
> I was using the line definition from the complete configuration
> module. The command wasn''t fully qualified. Maybe someone should
> notify the author to update the code.
> 
If you have found an issue I recommend you notify the author.  David is
always open to patches.

Regards

James Turnbull

- --
James Turnbull (james@lovedthanlost.net)
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKs5B9hTGvAxC30ARApB4AJ45tYx32DLqH7Bdi5puBHbPy6dbrACeKUGE
nV70pzDGndO6THMPFYc/hcA=Tzse
-----END PGP SIGNATURE-----

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 14 May 2008, Marcelo Barbudas wrote:
> I found the problem.
>
> I was using the line definition from the complete configuration
> module. The command wasn''t fully qualified. Maybe someone should
> notify the author to update the code.
Since paths are quite system dependent, I don''t think it''s
apropriate to nail
them down in a define. Please put something like

Exec { path 
=> "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" }

or something similar at the top of you site.pp.




Regards, DavidS
- -- 
The primary freedom of open source is not the freedom from cost, but the free-
dom to shape software to do what you want. This freedom is /never/ exercised
without cost, but is available /at all/ only by accepting the very different
costs associated with open source, costs not in money, but in time and effort.
- -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIMs0n/Pp1N6Uzh0URAkqTAJ9a2fW12yLTeATRjHTLpT4koFDuqgCfQddn
Go7X5HldqkKDkDCg2tTPYhY=nXdB
-----END PGP SIGNATURE-----

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---