Hi;
This one should be easy; but, so far, it's eluding me.
I would like to configure ssh to use a different directory for authorized
keys files. I have the file resource which that works on its own. I want
the file resource to call the exec to set the selinux type on the directory
when needed. Here's what I have:
class ssh::config
{
define sshdir_selinux() {
exec { "/usr/bin/chcon -R -t ssh_home_t
$ssh::params::ssh_authkey_dir": }
}
# exec { 'sshdir_selinux':
# command => "chcon -R -t ssh_home_t $ssh::params::ssh_authkey_dir",
# path => '/usr/bin',
# require => File["$ssh::params::ssh_authkey_dir"],
# }
file { $ssh::params::ssh_authkey_dir:
ensure => directory,
owner => root,
group => root,
mode => '0755',
}
file { $ssh::params::ssh_rootkeys:
ensure => present,
owner => root,
group => sys,
mode => '0750',
source => 'puppet:///modules/ssh/authorized_keys.root',
sshdir_selinux { },
}
}
My searches
(particularly:https://support.mayfirst.org/wiki/how-to/puppet/layout#defines)
seem to indicate this is the right syntax; but I keep getting:
# ptest
Error: Syntax error at '{'; expected '}' at
/root/modules/ssh/manifests/config.pp:62 on node puppet.olearycomputers.com
Error: Syntax error at '{'; expected '}' at
/root/modules/ssh/manifests/config.pp:62 on node puppet.olearycomputers.com
when I run it.
I have made the process work by using the straight exec that's commented in
the code above; but, that'll call chcon every time that puppet's run (as I
understand it). I would rather have it called only when a key file is
added.
Appreciate any hints/tips/suggestions.
Doug O'Leary
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e40a6bc4-170f-4be6-bacb-73e13c483ce9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
