Hello. I am configuring my puppetmaster with the authorized_keys
management recipe from the recipes repository on the Puppet site. So
far, it does what it should *except* generate a keypair for new users,
and I''m unsure of how to proceed from here. Any suggestions would be
greatly appreciated.
I have used the recipe as-is from
http://reductivelabs.com/trac/puppet/wiki/Recipes/Authorized_keys
Adding one user ("newguy" in this example), my puppet client produces
the following debug output:
als@platform2:~$ sudo puppetd --server platform2 --test --verbose --
debug --waitforcert 60
debug: Creating default schedules
<snipped unrelated output>
debug: Creating default schedules
warning: Not using cache on failed catalog
warning: Configuration could not be instantiated: Could not find
dependency File[/home/newguy/] for Exec[Building /home/newguy/.ssh/
authorized_keys] at /etc/puppet/manifests/definitions/sshkeygen:37
Which seems odd because the user''s account and home directory do
exist. In this example, the puppet client and puppetmaster are the
same machine. I can reproduce the problem with a second machine as the
client, as well.
definitions/sshkeygen lines 31-37 contain:
exec { "Building $authorized_keys":
command => "cp $public_key $authorized_keys",
creates => $authorized_keys,
subscribe => File[$public_key],
require => [ User[$name], File[$public_key], File["$
{homeroot}/$name/"], File["${homeroot}/$name/.ssh"] ],
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
> Which seems odd because the user''s account and home directory do > exist. In this example, the puppet client and puppetmaster are the > same machine. I can reproduce the problem with a second machine as the > client, as well.do exists, means that you have an actual file-resource managing it? If not then you should have one, otherwise you can''t specify a relationship. Are you using 0.25? Then you might also hit a current bug where traling slashes are stripped of but not in relationships. So you might want to change File["${homeroot}/$name/"], to File["${homeroot}/$name"], cheers pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
> Are you using 0.25? Then you might also hit a current bug where traling > slashes are stripped of but not in relationships. So you might want to > change File["${homeroot}/$name/"], to File["${homeroot}/$name"],ftr: http://projects.reductivelabs.com/issues/2675 cheers pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Nov 12, 2:35 am, Peter Meier <peter.me...@immerda.ch> wrote:> > Which seems odd because the user''s account and home directory do > > exist. In this example, the puppet client and puppetmaster are the > > same machine. I can reproduce the problem with a second machine as the > > client, as well. > > do exists, means that you have an actual file-resource managing it? If > not then you should have one, otherwise you can''t specify a relationship.Hi, Pete. Thank you for your help. I believe the line in definitions/ account manages the /home/username/.ssh/authorized_keys structure. It looks like this (unmodified from the recipe posted to the Puppet recipes page): file { "${homeroot}/$name": ensure => directory, owner => $home_owner, group => $home_group, mode => 750, require => User[$name]; "${homeroot}/$name/.ssh": ensure => directory, owner => $home_owner, group => $home_group, mode => 700, require => File["${homeroot}/$name"]; "${homeroot}/$name/.ssh/authorized_keys": ensure => present, owner => "root", group => "root", mode => 644, require => File["${homeroot}/$name/.ssh"]; "${homeroot}/$name/.ssh/authorized_keys2": ensure => "${homeroot}/$name/.ssh/authorized_keys", require => File["${homeroot}/$name/.ssh/authorized_keys"], }> Are you using 0.25? Then you might also hit a current bug where traling > slashes are stripped of but not in relationships. So you might want to > change File["${homeroot}/$name/"], to File["${homeroot}/$name"],I am using puppet 0.24.8 as packaged with Ubuntu 9.10. I did try playing with the trailing slash prior to emailing the list and it didn''t seem to matter (and I guess it shouldn''t if the bug was in 0.25.) -Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---