Grzegorz Marszałek
2008-Oct-16 11:18 UTC
[Puppet Users] virutal resources and ssh_authorized_key
Hello!
I''ve got question - how to use ssh_autorized_key as a virtual resource?
I''ve got bunch of users and ssh_authorized_key virtual resources, but
only users gets to the target system - ssh keys not...
I write something like:
class admins {
@user { "username":
...
}
@ssh_authorized_key { "username":
ensure => present,
key => "...",
type => "...",
user => username,
tag => admin
}
}
and then, in other class:
class bb::new {
...
include "admins"
User <| tag==admin |>
Ssh_authorized_key <| tag==admin |>
...
}
node bb {
include bb::new
}
but nothing is happening.
---
Grzegorz Marszałek
graf0@post.pl
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Francois Deppierraz
2008-Oct-20 13:32 UTC
[Puppet Users] Re: virutal resources and ssh_authorized_key
Hi Grzegorz, Grzegorz Marszałek wrote:> I''ve got question - how to use ssh_autorized_key as a virtual resource? > I''ve got bunch of users and ssh_authorized_key virtual resources, but > only users gets to the target system - ssh keys not...Unfortunately I cannot reproduce your problem. Could you write a self-contained recipe showing this bug ? The following recipe worked as expected on my system running puppet 0.24.5. ---- class admins { @ssh_authorized_key{"francois": ensure => present, key => "blahhh", type => "rsa", user => "francois", tag => "admin" } } include admins Ssh_authorized_key <| tag==admin |> ---- François --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Grzegorz Marszałek
2008-Oct-20 14:44 UTC
[Puppet Users] Re: virutal resources and ssh_authorized_key
Hello!
This is how I''m trying to do that:
class admins {
# tagowanie:
# admin - user jest adminem i pojawia się na wszystkich host''ach!
# tech - user jest technikiem i pojawia się na bb
# uid - od 1500 w górę
# graf0 - Grzegorz Marszałek
@user {
"graf0":
ensure => present,
uid => 1500,
comment => "Grzegorz Marszałek",
home => "/home/graf0",
managehome=> true,
shell => "/bin/bash",
password => ''...'',
groups => admin,
tag => admin
}
@ssh_authorized_key {
"graf0":
ensure => present,
key => "...",
type => "ssh-rsa",
user => graf0,
tag => admin
;
}
@user {
"zigzag":
ensure => present,
uid => 1501,
comment => "Zbyszek Żygadło",
home => "/home/zigzag",
managehome=> true,
shell => "/bin/bash",
password => ''...'',
groups => admin,
tag => tech
}
@user {
"tom":
ensure => present,
uid => 1502,
comment => "Tomek Jerkiewicz",
home => "/home/tom",
managehome=> true,
shell => "/bin/bash",
password => ''$1$D2J.G3jc$asQ9pIQ.IF/zuA7FeZ7ko/'',
groups => admin,
tag => tech
}
@user {
"bb":
ensure => present,
comment => "system user",
home => "/home/bb",
shell => "/bin/bash",
password=> ''...'',
tag => tech
}
# ssh authorized keys - żeby można było wejść na bb
# klucz graf0 :)
@ssh_authorized_key {
"bb":
ensure => present,
key => "...",
type => "ssh-rsa",
user => bb,
tag => tech
;
}
}
Then in other file:
class bb::new {
include "router"
include "slapd::master"
include "pdns"
include "dhcpd"
include "pam_nss::local"
include "ssh_access"
include "apache2"
include "phpldapadmin"
apache2::site {
"127.0.0.1":
ensure => present,
content => "NameVirtualHost *:80
<VirtualHost *:80>
ServerName 127.0.0.1
ServerAdmin admin@dragonfly.pl
DocumentRoot /var/www
ErrorLog /var/log/apache2/127.0.0.1-errors.log
CustomLog /var/log/apache2/127.0.0.1-access.log common
Include /etc/phpldapadmin/apache.conf
</VirtualHost>",
require => Package["apache2"],
}
include "admins"
User <| tag==tech or tag==admin |>
Ssh_auhtorized_key <| tag==tech or tag==admin |>
}
And in site.pp:
node "bb.0000.i.dragonfly.pl" inherits site_0000 {
$pdns_bind_ip="127.0.0.1,10.0.2.4,$ipaddress_lan0"
include "bb::new"
}
Wiadomość napisana w dniu 2008-10-20, o godz. 15:32, przez Francois
Deppierraz:
>
> Hi Grzegorz,
>
> Grzegorz Marszałek wrote:
>
>> I''ve got question - how to use ssh_autorized_key as a virtual
>> resource?
>> I''ve got bunch of users and ssh_authorized_key virtual
resources, but
>> only users gets to the target system - ssh keys not...
>
> Unfortunately I cannot reproduce your problem. Could you write a
> self-contained recipe showing this bug ?
>
> The following recipe worked as expected on my system running puppet
> 0.24.5.
>
> ----
> class admins {
> @ssh_authorized_key{"francois":
> ensure => present,
> key => "blahhh",
> type => "rsa",
> user => "francois",
> tag => "admin"
> }
> }
>
> include admins
> Ssh_authorized_key <| tag==admin |>
> ----
>
> François
>
> >
---
Grzegorz Marszałek
alias Ojciec Dyrektor ;)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Francois Deppierraz
2008-Oct-20 16:39 UTC
[Puppet Users] Re: virutal resources and ssh_authorized_key
Grzegorz Marszałek wrote:> This is how I''m trying to do that: > class admins { > [...]Sorry, my request was probably not clear enough. It will be much easier if I could reproduce your problem using a simple standalone recipe running directly with the puppet interpreter instead of the full puppetd/puppetmasterd client-server stuff. You can easily run such a recipe using "puppet --debug blah.pp" or even by adding "#!/usr/bin/puppet" at the beginning of the file and setting the execute bit. By the way, I haven''t yet made use of virtual resources. Perhaps this problem has nothing to do with that particular type ? François --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Paul Lathrop
2008-Oct-20 16:44 UTC
[Puppet Users] Re: virutal resources and ssh_authorized_key
Grzegorz, You misspelled Ssh_authorized_key in this line: Ssh_auhtorized_key <| tag==tech or tag==admin |> Could that be your problem? --Paul On Mon, Oct 20, 2008 at 7:44 AM, Grzegorz Marszałek <graf0@post.pl> wrote:> > Hello! > > This is how I'm trying to do that: > class admins { > # tagowanie: > # admin - user jest adminem i pojawia się na wszystkich host'ach! > # tech - user jest technikiem i pojawia się na bb > # uid - od 1500 w górę > > # graf0 - Grzegorz Marszałek > @user { > "graf0": > ensure => present, > uid => 1500, > comment => "Grzegorz Marszałek", > home => "/home/graf0", > managehome=> true, > shell => "/bin/bash", > password => '...', > groups => admin, > tag => admin > } > > @ssh_authorized_key { > "graf0": > ensure => present, > key => "...", > type => "ssh-rsa", > user => graf0, > tag => admin > ; > } > > @user { > "zigzag": > ensure => present, > uid => 1501, > comment => "Zbyszek Żygadło", > home => "/home/zigzag", > managehome=> true, > shell => "/bin/bash", > password => '...', > groups => admin, > tag => tech > } > > @user { > "tom": > ensure => present, > uid => 1502, > comment => "Tomek Jerkiewicz", > home => "/home/tom", > managehome=> true, > shell => "/bin/bash", > password => '$1$D2J.G3jc$asQ9pIQ.IF/zuA7FeZ7ko/', > groups => admin, > tag => tech > } > > @user { > "bb": > ensure => present, > comment => "system user", > home => "/home/bb", > shell => "/bin/bash", > password=> '...', > tag => tech > } > > # ssh authorized keys - żeby można było wejść na bb > # klucz graf0 :) > @ssh_authorized_key { > "bb": > ensure => present, > key => "...", > type => "ssh-rsa", > user => bb, > tag => tech > ; > } > } > > Then in other file: > class bb::new { > include "router" > include "slapd::master" > include "pdns" > include "dhcpd" > include "pam_nss::local" > include "ssh_access" > include "apache2" > include "phpldapadmin" > apache2::site { > "127.0.0.1": > ensure => present, > content => "NameVirtualHost *:80 > <VirtualHost *:80> > ServerName 127.0.0.1 > ServerAdmin admin@dragonfly.pl > DocumentRoot /var/www > ErrorLog /var/log/apache2/127.0.0.1-errors.log > CustomLog /var/log/apache2/127.0.0.1-access.log common > Include /etc/phpldapadmin/apache.conf > </VirtualHost>", > require => Package["apache2"], > } > include "admins" > User <| tag==tech or tag==admin |> > Ssh_auhtorized_key <| tag==tech or tag==admin |> > } > > > And in site.pp: > node "bb.0000.i.dragonfly.pl" inherits site_0000 { > $pdns_bind_ip="127.0.0.1,10.0.2.4,$ipaddress_lan0" > include "bb::new" > } > > > > Wiadomość napisana w dniu 2008-10-20, o godz. 15:32, przez Francois > Deppierraz: > >> >> Hi Grzegorz, >> >> Grzegorz Marszałek wrote: >> >>> I've got question - how to use ssh_autorized_key as a virtual >>> resource? >>> I've got bunch of users and ssh_authorized_key virtual resources, but >>> only users gets to the target system - ssh keys not... >> >> Unfortunately I cannot reproduce your problem. Could you write a >> self-contained recipe showing this bug ? >> >> The following recipe worked as expected on my system running puppet >> 0.24.5. >> >> ---- >> class admins { >> @ssh_authorized_key{"francois": >> ensure => present, >> key => "blahhh", >> type => "rsa", >> user => "francois", >> tag => "admin" >> } >> } >> >> include admins >> Ssh_authorized_key <| tag==admin |> >> ---- >> >> François >> >> > > > --- > Grzegorz Marszałek > alias Ojciec Dyrektor ;) > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Grzegorz Marszałek
2008-Oct-23 22:07 UTC
[Puppet Users] Re: virutal resources and ssh_authorized_key
Wiadomość napisana w dniu 2008-10-20, o godz. 18:44, przez Paul Lathrop:> Grzegorz, > > You misspelled Ssh_authorized_key in this line: > > Ssh_auhtorized_key <| tag==tech or tag==admin |> > > Could that be your problem?Yes, that was exactly my problem :) Thanks. --- Grzegorz Marszałek graf0@post.pl --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---