Re: [Puppet Users] augeas onlyif problem
On Monday, November 11, 2013 5:06:30 PM UTC-5, Dominic Cleal wrote:
On 11/11/13 15:18, Jist Anidiot wrote:
On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote:
On 06/11/13 21:17, Jist Anidiot wrote:
I'm trying to make sure a specific user has a special ssh key used
as
his identity file.
so I'm trying something like:
augeas{user_second_key:
context = /files/home/user/.ssh/config,
changes = [ ins IdentityFile after
/files/home/user/.ssh/config/IdentityFile[last()],
set
/files/home/user/.ssh/config/IdentityFile[last()]
~/.ssh/user2nd_rsa,
],
onlyif = match /files/home/user/.ssh/config/IdentityFile
not_include ~/.ssh/user2nd_rsa,
}
However it adds the line every puppet run. I'm wondering what I
might
be doing wrong.
Try:
onlyif = match
/files/home/user/.ssh/config/IdentityFile[.='~/.ssh/user2nd_rsa']
size == 0
Thanks that works.
So what's the point of include and not_include if you have to do this
weird size thing?
include/not_include check the return value of the match arg command
and whether it includes or doesn't include the argument.
A match API call in Augeas' API returns a list of paths that match the
argument you pass, so you're actually checking whether those paths
include or don't include a certain value. It doesn't return the values
of those nodes, which is what you expected.
Well I expected match /files/home/user/.ssh/config/IdentityFile
not_include ~/.ssh/user2nd_rsa to be true if ~/.ssh/user2nd_rsa wasn't
one of the values found with the match (and false if it was). That
obviously isn't how it works in practice.
In augtool match /files/home/user/.ssh/config/IdentityFile returns:
/files/home/user/.ssh/config/IdentityFile[1] = ~/.ssh/id_rsa
/files/home/user/.ssh/config/IdentityFile[2] = ~/.ssh/user2nd_rsa
/files/home/user/.ssh/config/IdentityFile[3] = ~/.ssh/git_user_rsa
so I'm still not understanding why the not_include in the onlyif returns
false in my case -- Unless it is trying to check against the entire line
where I'll never be certain if it is [2] or [3] or something else so it
will be fairly useless for me in this case.
On the bright side the size thing works (just that I would have never
thought of trying it.).
It's possible the get arg command would work better with
include/not_include, except that API call will only match a single path
and return one value value - so isn't much help with include.
We could do with something better here in the provider for sure, care to
raise a feature request? Please add me to the watchlist if you do.
I suspect the only features I need are more examples in the documentation.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e8e76f79-00d2-47ca-b2c2-2b230fbd1cbc%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] augeas onlyif problem
On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote:
On 06/11/13 21:17, Jist Anidiot wrote:
I'm trying to make sure a specific user has a special ssh key used as
his identity file.
so I'm trying something like:
augeas{user_second_key:
context = /files/home/user/.ssh/config,
changes = [ ins IdentityFile after
/files/home/user/.ssh/config/IdentityFile[last()],
set /files/home/user/.ssh/config/IdentityFile[last()]
~/.ssh/user2nd_rsa,
],
onlyif = match /files/home/user/.ssh/config/IdentityFile
not_include ~/.ssh/user2nd_rsa,
}
However it adds the line every puppet run. I'm wondering what I might
be doing wrong.
Try:
onlyif = match
/files/home/user/.ssh/config/IdentityFile[.='~/.ssh/user2nd_rsa'] size ==
0
Thanks that works.
So what's the point of include and not_include if you have to do this weird
size thing?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/88458230-d854-4d01-a548-0294357de04c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] augeas onlyif problem
I'm trying to make sure a specific user has a special ssh key used as his
identity file.
so I'm trying something like:
augeas{user_second_key:
context = /files/home/user/.ssh/config,
changes = [ ins IdentityFile after
/files/home/user/.ssh/config/IdentityFile[last()],
set /files/home/user/.ssh/config/IdentityFile[last()]
~/.ssh/user2nd_rsa,
],
onlyif = match /files/home/user/.ssh/config/IdentityFile not_include
~/.ssh/user2nd_rsa,
}
However it adds the line every puppet run. I'm wondering what I might be
doing wrong.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/84ee6cf2-0e49-41ee-84b4-5a960335bee9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter fact within a custom provider
I have a custom package provider. However within the ruby code, I need
access a custom facter fact (which has the path to the executable which
handles the package installation).
I tried doing lookupvar('bin_path' ) but it complained undefined method
`lookupvar'
So how do I reference a facter fact from within a custom provider?
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Security considerations for basing decisions on facts
On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote: You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. Do you mean the $clientcert variable which is described at http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter I don't seem to have a $certname variable (I'm using puppet 3). Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/s2DSmxqSpmYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth and other ways of managing ssh keys
Thoughts? (1) https://github.com/boklm/puppet-sshkeys (2) https://github.com/vurbia/puppet-sshauth (3) https://github.com/ashleygould/puppet-sshauth (4) http://projects.puppetlabs.com/projects/1/wiki/Module_Ssh_Auth_Patterns#detailed-usage I checked out all of these and I still opted to use the puppet builtin ssh_authorized_key and sshkey. Not quite the most powerful, but good enough. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QPoNr2wYOVAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh::auth and other ways of managing ssh keys
With puppet 3.x I was wondering if the ssh::auth module (http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns) is still the preferred way of creating and distributing ssh keys. The module hasn't been updated since 2010 and I've seen several other possible solutions. Should I just use thes sh_authorized_key type? What are people using now? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BmJHy-KOXC8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] shouldn't this be considered a bug?
So I thought puppet didn't care about the order of things unless
specifically told. However I've come across one case where it apparently
does care.
This works as expected:
node /^univ\d+\.foo\.edu$/ {
$myvar = foo
include module_that_uses_myvar
}
This one doesn't work as expected
node /^univ\d+\.foo\.edu$/ {
include module_that_uses_myvar
$myvar = foo
}
In the 2nd one, module_that_uses_myvar seems to think $myvar is undef or
null or something that is most certainly not foo If it matters any,
$myvar is actually used in an erb template that the module has. Our puppet
master is 2.7.12 and the client is 2.6.17.
I didn't see any bug reports about this. Is this a known problem or just
not considered a bug?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Q_pDE14z0CYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passing multiple arrays to define
On Wednesday, July 25, 2012 9:29:18 AM UTC-4, jcbollinger wrote:
Something is very strange with that. It is routine practice for
definition bodies to set local variables, and for such definitions to be
instantiated multiple times. Among other things, it is sometimes used to
mangle definitions' properties. For that matter, definitions' property
variables are defined separately for each instance, too.
To troubleshoot your problem, I will need to see the exact code you
tested, including the corresponding manifest file layout, and the exact
error message Puppet emitted.
Yes something was very strange. I did something wrong. I've got it
working now. The only major problem I had was that puppet didn't like
mything { regsubst($versions, '^.*$', $name:\0): }
I had to take out the regsubst function and do $foo = regsubst(...) mything
{ $foo: } I don't understand why that was necessary. It would say
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Syntax error at ':'; expected '}' at
/etc/puppet/modules/mything/manifests/init.pp:6 on node test.domain.tld
Here are my files:
/etc/puppet/manifests/nodes.d/test.domain.tld.pp
node web1test.vcu.edu {
include base
include mything
$u = [ A, B, C]
$v = [ 1.5, 2.0, 4.2, 0.01 ]
# $u = A
# $v = 1.5
mything::mythings {$u:
versions = $v }
}
and /etc/puppet/modules/mything/manifests/init.pp
class mything {
define mythings($versions) {
# $name == $title == the user
# this didn't work
# mything { regsubst($versions, '^.*$', $name:\0): }
# this works
foo = regsubst($versions, '^.*$', $name:\0)
mything { $foo: }
}
define mything () {
# $name == $title == the version
$user_and_version = split($name, ':')
$user = $user_and_version[0]
$version = $user_and_version[1]
exec { mything_${name}_${user}_${version}:
command = /bin/date /tmp/mything.txt; echo /bin/echo mything v.
$version for $user /tmp/mything.txt; /bin/echo '' /tmp/mything.txt
}
}
}
Can anyone tell me why it wouldn't let me use regsubst(...) as the name
when calling mything. If I could use it, so many possibilities would open
up.
Puppet on the client machine is 2.6.16 and the puppet master is 2.7.12
Thanks.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/0IUOimQ80TcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Passing multiple arrays to define
Thanks for the reply. More info inline.
On Tuesday, July 24, 2012 5:02:19 AM UTC-4, Felix.Frank wrote:
If I'm reading this right, you're trying to join two arrays in a
distinct fashion. I'm afraid puppet cannot easily do that.
Your best bet is the create_resources function, if your puppet is recent
enough. Even then you cannot use arrays per se, but have to structure
your data accordingly:
$users = {
A = 1.5,
B = 2.0,
...
}
I wasn't exactly clear with what I'm trying to do. If I understand based
on your example, I'd want something like:
$users = {
A = [ 1.5, 2.0, 4.2, 0.01 ],
B = [ 1.5, 2.0, 4.2, 0.01 ],
...
}
Then you can feed this hash to create_resources. With this structure,
your mything define would expect the user name to be the resource title.
mything($version) {
exec { create_mything_for_${name}_with_version_${version}: ... }
}
HTH,
Felix
I'm not at all understanding what to do with this create_resources
function.
I'm trying something like:
create_resources(mythingmodule::mything, $users)
where $user and mything are as described above.
I get an error that looks like it is still taking the version array and
squishing it together. It complains it can't execute
create_mything_for_A_with_version_1.52.04.20.01
What can I try now?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/-CWze7lQYScJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passing multiple arrays to define
On Tuesday, July 24, 2012 9:31:39 AM UTC-4, jcbollinger wrote:
I think it important to not only come up with a means to your end, but
also to understand what you've done once you get there. What you need to
know in this case is that Puppet provides a shortcut for declaring multiple
resources of the same type and with the same parameters. If you give it an
array -- whether a literal one or a variable or function result -- as the
title of a resource, then Puppet creates one resource for each element of
the array. That can be used similarly to a 'for' loop in a procedural
language, though it isn't a loop at all.
However this still means I'd have to do one for each version (and figure
out how to avoid a Duplicate definition problem.
Is there an easy or a right way to do what I'm trying to do?
Depending on the details of what you're trying to do, Felix's suggestion
of the create_resources() function might be your best bet. On the other
hand, you can also do it by interposing another defined type, and using
Puppet's built-in regsubst() and split() functions. That obtains simpler
data at the expense of more complex resources:
define mythings_user($versions) {
# $name == $title == the user
mything { regsubst($versions, '^.*$', $name:\0): }
}
define mything () {
# $name == $title == the version
$user_and_version = split($name, ':')
$user = $user_and_version[0]
$version = $user_and_version[1]
exec { mything $name:
command = echo mything v. $version for $user
}
}
When the first argument to regsubst() is an array, it performs the
specified substitution on each element, and returns an array of the
results. Thus, its usage in definition Mythings_user creates an array of
strings of the form user:version, which are suitable distinct titles for
all the needed Mything resources. The Mything definition then splits its
name/title to get the user and version pieces. Kinda ugly, really.
John
This almost worked, except when it is called the 2nd or 3rd time, puppet
complains that it cannot reassign variable user_and_version.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/UhsTYg8vRzQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Passing multiple arrays to define
I'm trying to make a defined type with two parameters and pass an array for
each parameter.
My first try was something like this:
init.pp
define mything ($user, $version) {
exec {$user_$version:
command = something needing both $user and $version
}
}
in the node file:
$user = [ A, B, C, D]
$version = [ 1.5, 2.0, 4.2, 0.01 ]
mything { thing:
user = $user,
version = $version,
}
Now of course this didn't do what I want it to do (give all the users in
$users all of the versions in $version)
Searching I came across a post that said do something using $title like
init.pp
define mything ($version) {
exec {$version:
command = something using $foo and $title
}
}
and the node file
$user = [ A, B, C, D ]
mything { $user:
version = 1.5
}
However this still means I'd have to do one for each version (and figure
out how to avoid a Duplicate definition problem.
Is there an easy or a right way to do what I'm trying to do?
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/9_zxAPURFbIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
