Hello all.
I''m currently working on setting up LDAP authentication, within a
chroot for
a webserver.
LDAP is to authenticate users by connecting to an AD server, and this will
be done over an SSL connection.
In order for the SSL connection to work, it is necessary to have a
/dev/*random device located in the chroot.
This is being done on a CentOS5 linux installation.
So, my question. Is there any existing method to create an actual device
file? I couldn''t find anything under the file{} documentation
So far, the best I have been able to come up with is to do an exec, so my
definition looks something like this:
file {"/var/chroot/dev/urandom":
mode => "0444"
}
exec { "create-urandom":
command => "[ -f /var/chroot/dev/urandom ] &&
rm -f
/var/chroot/dev/urandom && mknod -m 0444 /var/chroot/dev/urandom c 1 9
||
mknod -m 0444 /var/chroot/dev/urandom c 1 9" ,
path => "/bin",
subscribe => File["/var/chroot/dev/urandom"]
}
Thanks for any advice you may have,
Dan.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
On Wed, Aug 6, 2008 at 9:34 AM, Dan Dubovik <dandubo@gmail.com> wrote:> Hello all. > > I''m currently working on setting up LDAP authentication, within a chroot for > a webserver. > > LDAP is to authenticate users by connecting to an AD server, and this will > be done over an SSL connection. > > In order for the SSL connection to work, it is necessary to have a > /dev/*random device located in the chroot. > > This is being done on a CentOS5 linux installation. > > So, my question. Is there any existing method to create an actual device > file? I couldn''t find anything under the file{} documentation > > So far, the best I have been able to come up with is to do an exec, so my > definition looks something like this: > > file {"/var/chroot/dev/urandom": > mode => "0444" > } > > exec { "create-urandom": > command => "[ -f /var/chroot/dev/urandom ] && rm -f > /var/chroot/dev/urandom && mknod -m 0444 /var/chroot/dev/urandom c 1 9 || > mknod -m 0444 /var/chroot/dev/urandom c 1 9" , > path => "/bin", > subscribe => File["/var/chroot/dev/urandom"] > } > > > Thanks for any advice you may have,Using an exec is probably the best option here, Dan. Puppet doesn''t have a native device file type, so you''ll need to go this route. If you''re going to wind up creating lots of devices (which I imagine you might, since you''re creating jails,) you might want to put this in a definition, something like: define device_node($type="c",$major,$minor,$mode) { exec { "create-device-${name}": command => "[ -f ${name} ] && rm -f ${name} && mknod -m ${mode} ${name} ${type} ${major} ${minor} || mknod -m ${mode} ${name} ${type} ${major} ${minor}" , path => "/bin", creates => $name, } } Would let you then call: device_node { "/var/chroot/dev/urandom": type => c, major => 1 minor => 9 mode => 0444 } Any time you needed a new device node. (The above has not been tested at all, btw, so ymmv!) Regards, Adam -- HJK Solutions - We Launch Startups - http://www.hjksolutions.com Adam Jacob, Senior Partner T: (206) 508-4759 E: adam@hjksolutions.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2008/8/6 Adam Jacob <adam@hjksolutions.com>:> define device_node($type="c",$major,$minor,$mode) { > exec { "create-device-${name}": > command => "[ -f ${name} ] && rm -f ${name} && mknod -m ${mode} > ${name} ${type} ${major} ${minor} || mknod -m ${mode} ${name} ${type} > ${major} ${minor}" , > path => "/bin", > creates => $name, > } > } >Please forgive my daftness, but wouldn''t the creates => $name preclude the ''[ -f ${name} ]''? Seems like you''d want to use unless and have something that verifies that the device node is setup correctly (perl''s stat comes to mind) .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Wed, Aug 6, 2008 at 12:30 PM, RijilV <rijilv@gmail.com> wrote:> > 2008/8/6 Adam Jacob <adam@hjksolutions.com>: >> define device_node($type="c",$major,$minor,$mode) { >> exec { "create-device-${name}": >> command => "[ -f ${name} ] && rm -f ${name} && mknod -m ${mode} >> ${name} ${type} ${major} ${minor} || mknod -m ${mode} ${name} ${type} >> ${major} ${minor}" , >> path => "/bin", >> creates => $name, >> } >> } >> > > Please forgive my daftness, but wouldn''t the creates => $name preclude > the ''[ -f ${name} ]''? Seems like you''d want to use unless and have > something that verifies that the device node is setup correctly > (perl''s stat comes to mind)Probably - I was really just marking up his example code. :) Adam -- HJK Solutions - We Launch Startups - http://www.hjksolutions.com Adam Jacob, Senior Partner T: (206) 508-4759 E: adam@hjksolutions.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hey guys,
Just wanted to say thanks a ton for the quick and helpful responses.
Since this is the only device file I should need to create, I haven''t
made a
custom type for it. I have modified the exec a bit though, and now have the
definitions as follows:
file {"/var/chroot/dev/urandom":
notify => exec["create-urandom"]
}
exec { "create-urandom":
command => "rm -f /var/chroot/dev/urandom; mknod -m
0444
/var/chroot/dev/urandom c 1 9",
unless => "/usr/bin/test -c
''/var/chroot/dev/urandom''",
path => "/bin",
subscribe => File["/var/chroot/dev/urandom"]
}
The command is a bit cleaner, and the conditions are more obvious with using
unless for the test condition.
On Wed, Aug 6, 2008 at 6:06 PM, Adam Jacob <adam@hjksolutions.com> wrote:
>
> On Wed, Aug 6, 2008 at 12:30 PM, RijilV <rijilv@gmail.com> wrote:
> >
> > 2008/8/6 Adam Jacob <adam@hjksolutions.com>:
> >> define device_node($type="c",$major,$minor,$mode) {
> >> exec { "create-device-${name}":
> >> command => "[ -f ${name} ] && rm -f ${name}
&& mknod -m ${mode}
> >> ${name} ${type} ${major} ${minor} || mknod -m ${mode} ${name}
${type}
> >> ${major} ${minor}" ,
> >> path => "/bin",
> >> creates => $name,
> >> }
> >> }
> >>
> >
> > Please forgive my daftness, but wouldn''t the creates =>
$name preclude
> > the ''[ -f ${name} ]''? Seems like you''d
want to use unless and have
> > something that verifies that the device node is setup correctly
> > (perl''s stat comes to mind)
>
> Probably - I was really just marking up his example code. :)
>
> Adam
>
> --
> HJK Solutions - We Launch Startups - http://www.hjksolutions.com
> Adam Jacob, Senior Partner
> T: (206) 508-4759 E: adam@hjksolutions.com
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---