Hi,
I have this in my sshdconfig module''s init.pp but the service is not
getting restarted even though at first connect the file sshd_config is
getting modified with the Banner entry. Can someone please help?
class sshdconfig {
file {
"/etc/ssh/sshd_config":
path => "/etc/ssh/sshd_config",
owner => root,
group => root,
mode => 600,
notify => ''Service[sshd]''
}
Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/
bin" }
exec { "/bin/echo ''Banner /etc/motd'' >>
/etc/ssh/sshd_config":
unless => "grep ''Banner /etc/motd''
/etc/ssh/sshd_config 2>/dev/
null" }
service
{ sshd:
ensure => running,
subscribe => File["/etc/ssh/sshd_config"],
hasrestart => true,
hasstatus => true,
restart => "/etc/init.d/sshd restart",
status => "/etc/init.d/sshd status"
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On May 21, 2010, at 11:23 AM, takrishnan wrote:> Hi, > > I have this in my sshdconfig module''s init.pp but the service is not > getting restarted even though at first connect the file sshd_config is > getting modified with the Banner entry. Can someone please help? > > class sshdconfig { > file { > "/etc/ssh/sshd_config": > path => "/etc/ssh/sshd_config", > owner => root, > group => root, > mode => 600, > notify => ''Service[sshd]'' > } > Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ > bin" } > > exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": > unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/ > null" } > > service > { sshd: > ensure => running, > subscribe => File["/etc/ssh/sshd_config"], > hasrestart => true, > hasstatus => true, > restart => "/etc/init.d/sshd restart", > status => "/etc/init.d/sshd status" > } > }You have two problems. The easy answer is that sshd is only subscribed to the file resource. That means it will only restart the service when the file resource changes it. You can fix it by adding the exec to subscribe like this. subscribe => [ File["/etc/ssh/sshd_config"], Exec["ssh_banner"] ] Then set "ssh_banner" as an alias in the exec statement. The file resource doesn''t actually do anything except set the permissions. Also, using notify and subscribe is redundant. Unless you really want that to force the permissions to be that, it''s easer to just remove the file resource completely. Then do this: class sshdconfig { Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ bin" } exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": alias => "ssh_banner", unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/null" } service { sshd: ensure => running, subscribe => Exec["ssh_banner"], #These four lines are probably redundant. The defaults should be fine. #It also shouldn''t hurt anything. hasrestart => true, hasstatus => true, restart => "/etc/init.d/sshd restart", status => "/etc/init.d/sshd status" } } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks for the tip Patrick. It worked fine except that without hasrestart =>true, it was using stop/start but I wanted to restart. -tak On May 21, 4:40 pm, Patrick <kc7...@gmail.com> wrote:> On May 21, 2010, at 11:23 AM, takrishnan wrote: > > > > > Hi, > > > I have this in my sshdconfig module''s init.pp but the service is not > > getting restarted even though at first connect the file sshd_config is > > getting modified with the Banner entry. Can someone please help? > > > class sshdconfig { > > file { > > "/etc/ssh/sshd_config": > > path => "/etc/ssh/sshd_config", > > owner => root, > > group => root, > > mode => 600, > > notify => ''Service[sshd]'' > > } > > Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ > > bin" } > > > exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": > > unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/ > > null" } > > > service > > { sshd: > > ensure => running, > > subscribe => File["/etc/ssh/sshd_config"], > > hasrestart => true, > > hasstatus => true, > > restart => "/etc/init.d/sshd restart", > > status => "/etc/init.d/sshd status" > > } > > } > > You have two problems. > > The easy answer is that sshd is only subscribed to the file resource. That means it will only restart the service when the file resource changes it. You can fix it by adding the exec to subscribe like this. > > subscribe => [ File["/etc/ssh/sshd_config"], Exec["ssh_banner"] ] > > Then set "ssh_banner" as an alias in the exec statement. > > The file resource doesn''t actually do anything except set the permissions. Also, using notify and subscribe is redundant. Unless you really want that to force the permissions to be that, it''s easer to just remove the file resource completely. Then do this: > > class sshdconfig { > > Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ > bin" } > > exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": > alias => "ssh_banner", > unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/null" > } > > service > { sshd: > ensure => running, > subscribe => Exec["ssh_banner"], > > #These four lines are probably redundant. The defaults should be fine. > #It also shouldn''t hurt anything. > hasrestart => true, > hasstatus => true, > restart => "/etc/init.d/sshd restart", > status => "/etc/init.d/sshd status" > } > > } > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
What OS/distro are you using? Most will have the services pre-setup. On May 23, 2010, at 8:23 AM, takrishnan wrote:> Thanks for the tip Patrick. It worked fine except that without > hasrestart =>true, it was using stop/start but I wanted to restart. > > -tak > > On May 21, 4:40 pm, Patrick <kc7...@gmail.com> wrote: >> On May 21, 2010, at 11:23 AM, takrishnan wrote: >> >> >> >>> Hi, >> >>> I have this in my sshdconfig module''s init.pp but the service is not >>> getting restarted even though at first connect the file sshd_config is >>> getting modified with the Banner entry. Can someone please help? >> >>> class sshdconfig { >>> file { >>> "/etc/ssh/sshd_config": >>> path => "/etc/ssh/sshd_config", >>> owner => root, >>> group => root, >>> mode => 600, >>> notify => ''Service[sshd]'' >>> } >>> Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ >>> bin" } >> >>> exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": >>> unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/ >>> null" } >> >>> service >>> { sshd: >>> ensure => running, >>> subscribe => File["/etc/ssh/sshd_config"], >>> hasrestart => true, >>> hasstatus => true, >>> restart => "/etc/init.d/sshd restart", >>> status => "/etc/init.d/sshd status" >>> } >>> } >> >> You have two problems. >> >> The easy answer is that sshd is only subscribed to the file resource. That means it will only restart the service when the file resource changes it. You can fix it by adding the exec to subscribe like this. >> >> subscribe => [ File["/etc/ssh/sshd_config"], Exec["ssh_banner"] ] >> >> Then set "ssh_banner" as an alias in the exec statement. >> >> The file resource doesn''t actually do anything except set the permissions. Also, using notify and subscribe is redundant. Unless you really want that to force the permissions to be that, it''s easer to just remove the file resource completely. Then do this: >> >> class sshdconfig { >> >> Exec { path => "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/ >> bin" } >> >> exec { "/bin/echo ''Banner /etc/motd'' >> /etc/ssh/sshd_config": >> alias => "ssh_banner", >> unless => "grep ''Banner /etc/motd'' /etc/ssh/sshd_config 2>/dev/null" >> } >> >> service >> { sshd: >> ensure => running, >> subscribe => Exec["ssh_banner"], >> >> #These four lines are probably redundant. The defaults should be fine. >> #It also shouldn''t hurt anything. >> hasrestart => true, >> hasstatus => true, >> restart => "/etc/init.d/sshd restart", >> status => "/etc/init.d/sshd status" >> } >> >> } >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.