On Sunday, November 17, 2013 2:33:54 PM UTC-6, dkoleary wrote:
>
> Hi;
>
> This one should be easy; but, so far, it's eluding me.
>
> I would like to configure ssh to use a different directory for authorized
> keys files. I have the file resource which that works on its own. I want
> the file resource to call the exec to set the selinux type on the directory
> when needed.
>
That is not the Puppet way.
You seem to be approaching Puppet as if it were a script engine. It is
not. One resource does not call another; in fact no resource, not even one
of defined type, is "called" by anything. Your manifests simply describe
the target state you want Puppet to enforce. Where one aspect of the
target state depends on another, your manifests may also direct the agent
to synchronize some resources before others. Whatever the state you
describe, however, Puppet figures out most of the details of what to do on
its own.
Moreover, I suspect you are confusing Puppet defined types with macros.
Puppet DSL does not have a macro facility. The "define" keyword introduces
a user-defined *resource type*, with substantially the same usage rules as
any of the built-in resource types.
> Here's what I have:
>
[...]
>
> file { $ssh::params::ssh_rootkeys:
> ensure => present,
> owner => root,
> group => sys,
> mode => '0750',
> source => 'puppet:///modules/ssh/authorized_keys.root',
> sshdir_selinux { },
>
Right there ^^^^ is the syntax error Puppet is complaining about. A
resource declaration's parameter list may contain only parameters. Even if
you could declare another resource there, your syntax is incorrect for
that, too, because it is missing a resource title.
As Neil suggested, do look into the SELinux support built directly into the
File type. Puppet splits the context information across several parameters
(selrole, etc.), and it will probably be much easier and more consistent to
use those than to set up an Exec to modify the context after the fact. It
will likely be a lot faster, too, when the file already exists with the
correct context.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3811c406-3693-40e2-8030-4f816bdf37ba%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
