Hi, I am trying to manage the file authorized_keys with puppet. I am using http://reductivelabs.com/trac/puppet/wiki/Recipes/Authorized_keys as reference. I was not able to delete an unwanted key from the file. Unfortuantely there are "/" within the key: ssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test This is a problem for the perl-command: debug: Executing ''/usr/bin/perl -ni -e ''print unless /^\Qssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test \E$/'' ''/root/.ssh/authorized_keys'''' err: //nine_authorized_keys/Nine_authorized_keys::Nine_authorized_keys::Revoke[test]/Line[remove-key-test]/Exec[remove from file remove-key-test]/returns: change from notrun to 0 failed: /usr/bin/perl -ni -e ''print unless /^\Qssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test \E$/'' ''/root/.ssh/authorized_keys'' returned 255 instead of one of [0] at /etc/puppet/development/definitions/line.pp:25 The perl-oneliner gives the following error due to the "/" in the key. Number found where operator expected at -e line 1, near "/^\Qssh-rsa AAAAB3NzaC1yc2EAA/5" (Missing operator before 5?) In order to use /bin/sed, I have to escape the "/", wich is not a problem. I have found a function for that in the SimpleTextRecipes. Unfortunately, there is an "\n" at the end of the line, so that the sed throws an error, too: debug: Executing ''/bin/sed -i ''/ssh-rsa AAAAB3NzaC1yc2EAA \/5GytXDjAR3XoxTR6uMtestkey@test /d'' ''/root/.ssh/authorized_keys'''' err: //nine_authorized_keys/Nine_authorized_keys::Nine_authorized_keys::Revoke[test]/Line[remove-key-test]/Exec[remove from file remove-key-test]/returns: change from notrun to 0 failed: /bin/sed -i ''/ssh-rsa AAAAB3NzaC1yc2EAA\/5GytXDjAR3XoxTR6uM= testkey@test /d'' ''/root/.ssh/authorized_keys'' returned 1 instead of one of [0] at /etc/puppet/development/definitions/line.pp:25 If I run the sed without the "\n" between "testkey@test" and "/d''" the sed itself works. Can anyone give me a hint how to either make perl ignore the "/" within the key or to get rid of the "/n" when using sed? Perl did not remove the line if I use the escaped "/". Greetz, Andre -- Andre Timmermann <andre@nine.ch> -- Mit freundlichen Gruessen Andre Timmermann Nine Internet Solutions AG, Albisriederstr. 243c, CH-8047 Zuerich Tel +41 44 637 40 00 | Direkt +41 44 637 40 06 | Fax +41 44 637 40 01 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
May I suggest using this recipe http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth ? It''s more recent and uses the ssh_authorized_key resource in puppet. Silviu Andre Timmermann wrote:> Hi, > > I am trying to manage the file authorized_keys with puppet. I am using > http://reductivelabs.com/trac/puppet/wiki/Recipes/Authorized_keys as > reference. > > I was not able to delete an unwanted key from the file. Unfortuantely > there are "/" within the key: > > ssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > > This is a problem for the perl-command: > > debug: Executing ''/usr/bin/perl -ni -e ''print unless /^\Qssh-rsa > AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > \E$/'' ''/root/.ssh/authorized_keys'''' > err: //nine_authorized_keys/Nine_authorized_keys::Nine_authorized_keys::Revoke[test]/Line[remove-key-test]/Exec[remove from file remove-key-test]/returns: change from notrun to 0 failed: /usr/bin/perl -ni -e ''print unless /^\Qssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > \E$/'' ''/root/.ssh/authorized_keys'' returned 255 instead of one of [0] > at /etc/puppet/development/definitions/line.pp:25 > > The perl-oneliner gives the following error due to the "/" in the key. > > Number found where operator expected at -e line 1, near "/^\Qssh-rsa > AAAAB3NzaC1yc2EAA/5" > (Missing operator before 5?) > > In order to use /bin/sed, I have to escape the "/", wich is not a > problem. I have found a function for that in the SimpleTextRecipes. > Unfortunately, there is an "\n" at the end of the line, so that the sed > throws an error, too: > > debug: Executing ''/bin/sed -i ''/ssh-rsa AAAAB3NzaC1yc2EAA > \/5GytXDjAR3XoxTR6uM> testkey@test > /d'' > ''/root/.ssh/authorized_keys'''' > err: //nine_authorized_keys/Nine_authorized_keys::Nine_authorized_keys::Revoke[test]/Line[remove-key-test]/Exec[remove from file remove-key-test]/returns: change from notrun to 0 failed: /bin/sed -i ''/ssh-rsa AAAAB3NzaC1yc2EAA\/5GytXDjAR3XoxTR6uM= testkey@test > /d'' ''/root/.ssh/authorized_keys'' returned 1 instead of one of [0] > at /etc/puppet/development/definitions/line.pp:25 > > If I run the sed without the "\n" between "testkey@test" and "/d''" the > sed itself works. > > Can anyone give me a hint how to either make perl ignore the "/" within > the key or to get rid of the "/n" when using sed? Perl did not remove > the line if I use the escaped "/". > > Greetz, > Andre > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> Hi, > > I am trying to manage the file authorized_keys with puppet. I am using > http://reductivelabs.com/trac/puppet/wiki/Recipes/Authorized_keys as > reference. > > I was not able to delete an unwanted key from the file. Unfortuantely > there are "/" within the key: > > ssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > > This is a problem for the perl-command: > > debug: Executing ''/usr/bin/perl -ni -e ''print unless /^\Qssh-rsa > AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > \E$/'' ''/root/.ssh/authorized_keys''''Change /.../ to m{...} . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to puppet-users+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Am Mittwoch, den 13.01.2010, 22:56 +0200 schrieb Silviu Paragina:> May I suggest using this recipe > http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth ? > It''s more recent and uses the ssh_authorized_key resource in puppet.Thank you for the hint. This is going far beyound what we trying to achieve. We just want to Manage /root/.ssh/authorized_keys as we don''t change the keys for the users. So we need root-keysf for backup, management-tasks and so on. I will check the routine which is used to install and revoke keys, perhaps I can reuse it. Greetz, Andre -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Am Mittwoch, den 13.01.2010, 16:01 -0500 schrieb Andrew Schulman:> > > > debug: Executing ''/usr/bin/perl -ni -e ''print unless /^\Qssh-rsa > > AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > > \E$/'' ''/root/.ssh/authorized_keys'''' > > Change /.../ to m{...} .This has no effect - it does not delete the key. I have discovered, that "testkey@test" is the problem, the "@" is interpreted as an perl-array. Unfortunately escaping it with "\" does not help... Greetz, Andre -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Andre Timmermann wrote:> Am Mittwoch, den 13.01.2010, 22:56 +0200 schrieb Silviu Paragina: > >> May I suggest using this recipe >> http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth ? >> It''s more recent and usesI will check the routine which is used to install and revoke keys, the ssh_authorized_key resource in puppet. >> > > Thank you for the hint. This is going far beyound what we trying to > achieve. We just want to Manage /root/.ssh/authorized_keys as we don''t > change the keys for the users. So we need root-keysf for backup, > management-tasks and so on. >If that is all take a look at: http://reductivelabs.com/static_files/TypeReference.html#ssh-authorized-key it does just what you need. :) Silviu> I will check the routine which is used to install and revoke keys, > perhaps I can reuse it. > > Greetz, > Andre > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Silviu, Am Donnerstag, den 14.01.2010, 12:59 +0200 schrieb Silviu Paragina:> If that is all take a look at: > http://reductivelabs.com/static_files/TypeReference.html#ssh-authorized-key > it does just what you need. :)Ok, thanks, that looks great. One single problem left ;) How do I read those keys from a file? $read_key_file file("/etc/puppet/${environment}/templates/authorized_keys/${key_file}", "/dev/null") appends an newline at the key so that the comment will be on a new line. It would be cool if I coult "type" and "name" diriectly from the keyfile. (Sorry these are my first steps with puppet and ruby) Greetz, Andre -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 14/01/10 10:34, Andre Timmermann wrote:> Am Mittwoch, den 13.01.2010, 16:01 -0500 schrieb Andrew Schulman: > >>> >>> debug: Executing ''/usr/bin/perl -ni -e ''print unless /^\Qssh-rsa >>> AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test >>> \E$/'' ''/root/.ssh/authorized_keys'''' >> >> Change /.../ to m{...} . > > This has no effect - it does not delete the key. > > I have discovered, that "testkey@test" is the problem, the "@" is > interpreted as an perl-array. Unfortunately escaping it with "\" does > not help...Hmm, that should work. I created a file named "test" containing: ssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test asdasdasd asdasdasd I then ran this (all on one line): perl -ni -e ''print unless m{^\Qssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test\E}'' test This strips the ssh-rsa line from the file, as expected. R. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Robin, Am Donnerstag, den 14.01.2010, 17:40 +0000 schrieb Robin Bowes:> Hmm, that should work. > > I created a file named "test" containing: > > ssh-rsa AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test > asdasdasd > asdasdasd > > I then ran this (all on one line): > > perl -ni -e ''print unless m{^\Qssh-rsa > AAAAB3NzaC1yc2EAA/5GytXDjAR3XoxTR6uM= testkey@test\E}'' test > > This strips the ssh-rsa line from the file, as expected.Yes, taht works. But unfortunately this is not on a single line. The parser puts an newline right after the testkey@test and this will make this statement fail. Greetz, Andre -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Andre Timmermann wrote:> Hi Silviu, > > Am Donnerstag, den 14.01.2010, 12:59 +0200 schrieb Silviu Paragina: > > >> If that is all take a look at: >> http://reductivelabs.com/static_files/TypeReference.html#ssh-authorized-key >> it does just what you need. :) >> > > Ok, thanks, that looks great. One single problem left ;) > > How do I read those keys from a file? > > $read_key_file > file("/etc/puppet/${environment}/templates/authorized_keys/${key_file}", > "/dev/null") > >You should use modules, they get the stuff more organized, not a spinning vortex of files, templates, manifests and plugins. :-) http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation - this documentation is a tad old, but the only thing different now is that you should use lib instead of plugins (if you will need those) in the directory structure. If you use templates use the template function not the file function. But I don''t know why you would have a template instead of a file in this case You can use the template function like here http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#functions . Pretty much like you used it. The advantage is that you don''t have to fully qualify the files, opposed to the file function. Example (let''s your module is called sshkeys, and you have in /etc/puppet/modules/sshkeys/templates/$key_filename the right file) ssh_authorized_key { ..... key => template(''sshkeys/$key_filename'') } Silviu> appends an newline at the key so that the comment will be on a new > line. >You probably have a newline after the key in the file, remove the newline. This will happen with templates also. As an alternative you may use the resubst function, but that will make the manifest more hard to read and uses more cpu cycles.> It would be cool if I coult "type" and "name" diriectly from the > keyfile. (Sorry these are my first steps with puppet and ruby) > > >You could with resubst, but I think it will get things more complicated, rather than easy. Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Silviu Am Freitag, den 15.01.2010, 03:31 +0200 schrieb Silviu Paragina:> You should use modules, they get the stuff more organized, not a > spinning vortex of files, templates, manifests and plugins. :-)hehe ;)> http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation - this > documentation is a tad old, but the only thing different now is that you > should use lib instead of plugins (if you will need those) in the > directory structure. > > If you use templates use the template function not the file function. > But I don''t know why you would have a template instead of a file in this > caseYes, the file() was just one try. I am using the templates function. And I wrote my own function which chomps the newline. All in all it not very easy to build modules which reflect an existing infrastructure. For example if you have apache installed, then you may wand a monit-configuration too. But puppet is not designed to detect if apache is installed, it will install apache itslef and then automatically monit. So I have to start with some basic things which are common on all machines (>500). Thank you for your help, i am sure, i will ask more advanced questions in future ;) -- Mit freundlichen Gruessen Andre Timmermann Nine Internet Solutions AG, Albisriederstr. 243c, CH-8047 Zuerich Tel +41 44 637 40 00 | Direkt +41 44 637 40 06 | Fax +41 44 637 40 01 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Andre Timmermann wrote:> Hi Silviu > > Am Freitag, den 15.01.2010, 03:31 +0200 schrieb Silviu Paragina: > > >> You should use modules, they get the stuff more organized, not a >> spinning vortex of files, templates, manifests and plugins. :-) >> > > hehe ;) > > >> http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation - this >> documentation is a tad old, but the only thing different now is that you >> should use lib instead of plugins (if you will need those) in the >> directory structure. >> >> If you use templates use the template function not the file function. >> But I don''t know why you would have a template instead of a file in this >> case >> > > Yes, the file() was just one try. I am using the templates function. And > I wrote my own function which chomps the newline. > > All in all it not very easy to build modules which reflect an existing > infrastructure. For example if you have apache installed, then you may > wand a monit-configuration too. But puppet is not designed to detect if > apache is installed, it will install apache itslef and then > automatically monit. > > So I have to start with some basic things which are common on all > machines (>500). > > Thank you for your help, i am sure, i will ask more advanced questions > in future ;) > >I''m not sure if you meant it like this but, you should separate the modules by program installed. Ie in the above case you should have a module with apache and another module with monit. Complex interactions between programs I add in a new module dir called services. I pretty much do what is exaplained here http://reductivelabs.com/trac/puppet/wiki/PuppetBestPractice as I found it to my liking. Anyhow start however you want, as you will probably decide what to do with experience. Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Oh and read the New user manifest tips. It''s a thread on the list currently (aka work in progress) but it should give you a heads-up for common rookie mistakes. Silviu Andre Timmermann wrote:> Hi Silviu > > Am Freitag, den 15.01.2010, 03:31 +0200 schrieb Silviu Paragina: > > >> You should use modules, they get the stuff more organized, not a >> spinning vortex of files, templates, manifests and plugins. :-) >> > > hehe ;) > > >> http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation - this >> documentation is a tad old, but the only thing different now is that you >> should use lib instead of plugins (if you will need those) in the >> directory structure. >> >> If you use templates use the template function not the file function. >> But I don''t know why you would have a template instead of a file in this >> case >> > > Yes, the file() was just one try. I am using the templates function. And > I wrote my own function which chomps the newline. > > All in all it not very easy to build modules which reflect an existing > infrastructure. For example if you have apache installed, then you may > wand a monit-configuration too. But puppet is not designed to detect if > apache is installed, it will install apache itslef and then > automatically monit. > > So I have to start with some basic things which are common on all > machines (>500). > > Thank you for your help, i am sure, i will ask more advanced questions > in future ;) > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.