Puppet users - Aug 2012 - troubleshooting resource collection

Hi,

I''m new to Puppet. And I''m trying out an ssh module: 
https://github.com/saz/puppet-ssh.
It collects ssh keys like this:

class ssh::knownhosts {
    Sshkey <<| |>> {
        ensure => present,
    }
        notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
}

I can see it echoes the host key of the host the puppet agent runs on. But 
the /etc/ssh/ssh_known_hosts file isn''t actually written - I can add an
sshkey resource "manually" in a manifest somewhere and then puppet
does
write the file though. 

I reckon when compiling the catalog, Puppet doesn''t actually use the 
collected resource to include in another host''s configuration. But why
not?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/xIajfCY6vaYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme
wrote:
>
> Hi,
>
> I''m new to Puppet. And I''m trying out an ssh module: 
> https://github.com/saz/puppet-ssh.
> It collects ssh keys like this:
>
> class ssh::knownhosts {
>     Sshkey <<| |>> {
>         ensure => present,
>     }
>         notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
> }
>
> I can see it echoes the host key of the host the puppet agent runs on. But 
> the /etc/ssh/ssh_known_hosts file isn''t actually written - I can
add an
> sshkey resource "manually" in a manifest somewhere and then
puppet does
> write the file though. 
>
> I reckon when compiling the catalog, Puppet doesn''t actually use
the
> collected resource to include in another host''s configuration. But
why not?
>
The code you present collects all available exported resources of type 
''sshkey'', but it does not declare any such resources.  If
you''re not
managing your nodes'' ssh host keys, then Puppet knows nothing about
them.
For this to work, therefore, in addition to the above your manifest should 
contain something like

@@sshkey { "${hostname}":
  key => ''<the-key>'',
  type => ''<probably-dsa-or-rsa>''
}


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/SIJ1apuqsu0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger
wrote:
>
>
>
> On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote:
>>
>> Hi,
>>
>> I''m new to Puppet. And I''m trying out an ssh module: 
>> https://github.com/saz/puppet-ssh.
>> It collects ssh keys like this:
>>
>> class ssh::knownhosts {
>>     Sshkey <<| |>> {
>>         ensure => present,
>>     }
>>         notify{"knownhosts class: $fqdn $hostname $ipaddress
":}
>> }
>>
>> I can see it echoes the host key of the host the puppet agent runs on. 
>> But the /etc/ssh/ssh_known_hosts file isn''t actually written -
I can add an
>> sshkey resource "manually" in a manifest somewhere and then
puppet does
>> write the file though. 
>>
>> I reckon when compiling the catalog, Puppet doesn''t actually
use the
>> collected resource to include in another host''s configuration.
But why not?
>>
>
> The code you present collects all available exported resources of type 
> ''sshkey'', but it does not declare any such resources.  If
you''re not
> managing your nodes'' ssh host keys, then Puppet knows nothing
about them.
> For this to work, therefore, in addition to the above your manifest should 
> contain something like
>
> @@sshkey { "${hostname}":
>   key => ''<the-key>'',
>   type => ''<probably-dsa-or-rsa>''
> }
>
>
> John
>
There is, in another class (and as I wrote, the collection sort of works 
because I see the output of the ''notify{"knownhosts class: $fqdn
$hostname
$ipaddress ":}'' above):

 class ssh::hostkeys {
    @@sshkey { "${fqdn}_rsa":
        host_aliases => [ "$fqdn", "$hostname",
"$ipaddress" ],
        type         => rsa,
        key          => $sshrsakey,
    }
}

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/TpECFT6hA5QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, August 29, 2012 9:34:24 AM UTC-5, Frank Van Damme
wrote:
>
> On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger wrote:
>>
>>
>>
>> On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote:
>>>
>>> Hi,
>>>
>>> I''m new to Puppet. And I''m trying out an ssh
module:
>>> https://github.com/saz/puppet-ssh.
>>> It collects ssh keys like this:
>>>
>>> class ssh::knownhosts {
>>>     Sshkey <<| |>> {
>>>         ensure => present,
>>>     }
>>>         notify{"knownhosts class: $fqdn $hostname $ipaddress
":}
>>> }
>>>
>>> I can see it echoes the host key of the host the puppet agent runs
on.
>>> But the /etc/ssh/ssh_known_hosts file isn''t actually
written - I can add an
>>> sshkey resource "manually" in a manifest somewhere and
then puppet does
>>> write the file though. 
>>>
>>> I reckon when compiling the catalog, Puppet doesn''t
actually use the
>>> collected resource to include in another host''s
configuration. But why not?
>>>
>>
>> The code you present collects all available exported resources of type 
>> ''sshkey'', but it does not declare any such resources.
If you''re not
>> managing your nodes'' ssh host keys, then Puppet knows nothing
about them.
>> For this to work, therefore, in addition to the above your manifest
should
>> contain something like
>>
>> @@sshkey { "${hostname}":
>>   key => ''<the-key>'',
>>   type => ''<probably-dsa-or-rsa>''
>> }
>>
>>
>> John
>>
>
> There is, in another class (and as I wrote, the collection sort of works 
> because I see the output of the ''notify{"knownhosts class:
$fqdn $hostname
> $ipaddress ":}'' above)
>

That you see the output of your ''notify'' proves only that
class
''ssh::knownhosts'' is included in the target node''s
catalog.  It therefore
compiled successfully, but that says nothing about what resources were 
actually collected.

If nothing is showing up in /etc/ssh/ssh_known_hosts, then that almost 
certainly means that no Sshkey resources are being collected.  The most 
likely explanations then are that your class ''ssh:hostkeys'' is
not being
included in your nodes'' catalogs, or else that you do not have 
[thin]storeconfigs configured.

If the target node''s key is showing up but no other nodes''
are, then the
most likely explanations are that your other nodes are not getting class 
''ssh::hostkeys'' in their catalogs, that they have not checked
in with the
Puppetmaster since that class was assigned to them, or that you do not have 
[thin]storeconfigs configured.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/-ZWQiLll4nkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, August 29, 2012 11:12:12 PM UTC+2, jcbollinger
wrote:
>
>
>
> On Wednesday, August 29, 2012 9:34:24 AM UTC-5, Frank Van Damme wrote:
>>
>> On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger wrote:
>>>
>>>
>>>
>>>
>> There is, in another class (and as I wrote, the collection sort of
works
>> because I see the output of the ''notify{"knownhosts
class: $fqdn $hostname
>> $ipaddress ":}'' above)
>>
>
>
> That you see the output of your ''notify'' proves only that
class
> ''ssh::knownhosts'' is included in the target
node''s catalog.  It therefore
> compiled successfully, but that says nothing about what resources were 
> actually collected.
>
> If nothing is showing up in /etc/ssh/ssh_known_hosts, then that almost 
> certainly means that no Sshkey resources are being collected.  The most 
> likely explanations then are that your class
''ssh:hostkeys'' is not being
> included in your nodes'' catalogs, or else that you do not have 
> [thin]storeconfigs configured.
>
>  
> If the target node''s key is showing up but no other
nodes'' are, then the
> most likely explanations are that your other nodes are not getting class 
> ''ssh::hostkeys'' in their catalogs, that they have not
checked in with the
> Puppetmaster since that class was assigned to them, or that you do not have
> [thin]storeconfigs configured.
>
That turned out to be the problem, storeconfigs was still disabled! Thank 
you!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/V2jzFnLi_EIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.