On Wednesday, August 29, 2012 9:34:24 AM UTC-5, Frank Van Damme wrote: > > On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger wrote: >> >> >> >> On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote: >>> >>> Hi, >>> >>> I'm new to Puppet. And I'm trying out an ssh module: >>> https://github.com/saz/puppet-ssh. >>> It collects ssh keys like this: >>> >>> class ssh::knownhosts { >>> Sshkey <<| |>> { >>> ensure => present, >>> } >>> notify{"knownhosts class: $fqdn $hostname $ipaddress ":} >>> } >>> >>> I can see it echoes the host key of the host the puppet agent runs on. >>> But the /etc/ssh/ssh_known_hosts file isn't actually written - I can add an >>> sshkey resource "manually" in a manifest somewhere and then puppet does >>> write the file though. >>> >>> I reckon when compiling the catalog, Puppet doesn't actually use the >>> collected resource to include in another host's configuration. But why not? >>> >> >> The code you present collects all available exported resources of type >> 'sshkey', but it does not declare any such resources. If you're not >> managing your nodes' ssh host keys, then Puppet knows nothing about them. >> For this to work, therefore, in addition to the above your manifest should >> contain something like >> >> @@sshkey { "${hostname}": >> key => '<the-key>', >> type => '<probably-dsa-or-rsa>' >> } >> >> >> John >> > > There is, in another class (and as I wrote, the collection sort of works > because I see the output of the 'notify{"knownhosts class: $fqdn $hostname > $ipaddress ":}' above) >
That you see the output of your 'notify' proves only that class 'ssh::knownhosts' is included in the target node's catalog. It therefore compiled successfully, but that says nothing about what resources were actually collected. If nothing is showing up in /etc/ssh/ssh_known_hosts, then that almost certainly means that no Sshkey resources are being collected. The most likely explanations then are that your class 'ssh:hostkeys' is not being included in your nodes' catalogs, or else that you do not have [thin]storeconfigs configured. If the target node's key is showing up but no other nodes' are, then the most likely explanations are that your other nodes are not getting class 'ssh::hostkeys' in their catalogs, that they have not checked in with the Puppetmaster since that class was assigned to them, or that you do not have [thin]storeconfigs configured. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-ZWQiLll4nkJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
