Re: [Puppet Users] augeas onlyif problem
On Monday, November 11, 2013 5:06:30 PM UTC-5, Dominic Cleal wrote: On 11/11/13 15:18, Jist Anidiot wrote: On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote: On 06/11/13 21:17, Jist Anidiot wrote: I'm trying to make sure a specific user has a special ssh key used as his identity file. so I'm trying something like: augeas{user_second_key: context = /files/home/user/.ssh/config, changes = [ ins IdentityFile after /files/home/user/.ssh/config/IdentityFile[last()], set /files/home/user/.ssh/config/IdentityFile[last()] ~/.ssh/user2nd_rsa, ], onlyif = match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa, } However it adds the line every puppet run. I'm wondering what I might be doing wrong. Try: onlyif = match /files/home/user/.ssh/config/IdentityFile[.='~/.ssh/user2nd_rsa'] size == 0 Thanks that works. So what's the point of include and not_include if you have to do this weird size thing? include/not_include check the return value of the match arg command and whether it includes or doesn't include the argument. A match API call in Augeas' API returns a list of paths that match the argument you pass, so you're actually checking whether those paths include or don't include a certain value. It doesn't return the values of those nodes, which is what you expected. Well I expected match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa to be true if ~/.ssh/user2nd_rsa wasn't one of the values found with the match (and false if it was). That obviously isn't how it works in practice. In augtool match /files/home/user/.ssh/config/IdentityFile returns: /files/home/user/.ssh/config/IdentityFile[1] = ~/.ssh/id_rsa /files/home/user/.ssh/config/IdentityFile[2] = ~/.ssh/user2nd_rsa /files/home/user/.ssh/config/IdentityFile[3] = ~/.ssh/git_user_rsa so I'm still not understanding why the not_include in the onlyif returns false in my case -- Unless it is trying to check against the entire line where I'll never be certain if it is [2] or [3] or something else so it will be fairly useless for me in this case. On the bright side the size thing works (just that I would have never thought of trying it.). It's possible the get arg command would work better with include/not_include, except that API call will only match a single path and return one value value - so isn't much help with include. We could do with something better here in the provider for sure, care to raise a feature request? Please add me to the watchlist if you do. I suspect the only features I need are more examples in the documentation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e8e76f79-00d2-47ca-b2c2-2b230fbd1cbc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] augeas onlyif problem
On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote: On 06/11/13 21:17, Jist Anidiot wrote: I'm trying to make sure a specific user has a special ssh key used as his identity file. so I'm trying something like: augeas{user_second_key: context = /files/home/user/.ssh/config, changes = [ ins IdentityFile after /files/home/user/.ssh/config/IdentityFile[last()], set /files/home/user/.ssh/config/IdentityFile[last()] ~/.ssh/user2nd_rsa, ], onlyif = match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa, } However it adds the line every puppet run. I'm wondering what I might be doing wrong. Try: onlyif = match /files/home/user/.ssh/config/IdentityFile[.='~/.ssh/user2nd_rsa'] size == 0 Thanks that works. So what's the point of include and not_include if you have to do this weird size thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/88458230-d854-4d01-a548-0294357de04c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] augeas onlyif problem
I'm trying to make sure a specific user has a special ssh key used as his identity file. so I'm trying something like: augeas{user_second_key: context = /files/home/user/.ssh/config, changes = [ ins IdentityFile after /files/home/user/.ssh/config/IdentityFile[last()], set /files/home/user/.ssh/config/IdentityFile[last()] ~/.ssh/user2nd_rsa, ], onlyif = match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa, } However it adds the line every puppet run. I'm wondering what I might be doing wrong. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/84ee6cf2-0e49-41ee-84b4-5a960335bee9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter fact within a custom provider
I have a custom package provider. However within the ruby code, I need access a custom facter fact (which has the path to the executable which handles the package installation). I tried doing lookupvar('bin_path' ) but it complained undefined method `lookupvar' So how do I reference a facter fact from within a custom provider? Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Security considerations for basing decisions on facts
On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote: You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. Do you mean the $clientcert variable which is described at http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter I don't seem to have a $certname variable (I'm using puppet 3). Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/s2DSmxqSpmYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth and other ways of managing ssh keys
Thoughts? (1) https://github.com/boklm/puppet-sshkeys (2) https://github.com/vurbia/puppet-sshauth (3) https://github.com/ashleygould/puppet-sshauth (4) http://projects.puppetlabs.com/projects/1/wiki/Module_Ssh_Auth_Patterns#detailed-usage I checked out all of these and I still opted to use the puppet builtin ssh_authorized_key and sshkey. Not quite the most powerful, but good enough. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QPoNr2wYOVAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh::auth and other ways of managing ssh keys
With puppet 3.x I was wondering if the ssh::auth module (http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns) is still the preferred way of creating and distributing ssh keys. The module hasn't been updated since 2010 and I've seen several other possible solutions. Should I just use thes sh_authorized_key type? What are people using now? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BmJHy-KOXC8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] shouldn't this be considered a bug?
So I thought puppet didn't care about the order of things unless specifically told. However I've come across one case where it apparently does care. This works as expected: node /^univ\d+\.foo\.edu$/ { $myvar = foo include module_that_uses_myvar } This one doesn't work as expected node /^univ\d+\.foo\.edu$/ { include module_that_uses_myvar $myvar = foo } In the 2nd one, module_that_uses_myvar seems to think $myvar is undef or null or something that is most certainly not foo If it matters any, $myvar is actually used in an erb template that the module has. Our puppet master is 2.7.12 and the client is 2.6.17. I didn't see any bug reports about this. Is this a known problem or just not considered a bug? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Q_pDE14z0CYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passing multiple arrays to define
On Wednesday, July 25, 2012 9:29:18 AM UTC-4, jcbollinger wrote: Something is very strange with that. It is routine practice for definition bodies to set local variables, and for such definitions to be instantiated multiple times. Among other things, it is sometimes used to mangle definitions' properties. For that matter, definitions' property variables are defined separately for each instance, too. To troubleshoot your problem, I will need to see the exact code you tested, including the corresponding manifest file layout, and the exact error message Puppet emitted. Yes something was very strange. I did something wrong. I've got it working now. The only major problem I had was that puppet didn't like mything { regsubst($versions, '^.*$', $name:\0): } I had to take out the regsubst function and do $foo = regsubst(...) mything { $foo: } I don't understand why that was necessary. It would say err: Could not retrieve catalog from remote server: Error 400 on SERVER: Syntax error at ':'; expected '}' at /etc/puppet/modules/mything/manifests/init.pp:6 on node test.domain.tld Here are my files: /etc/puppet/manifests/nodes.d/test.domain.tld.pp node web1test.vcu.edu { include base include mything $u = [ A, B, C] $v = [ 1.5, 2.0, 4.2, 0.01 ] # $u = A # $v = 1.5 mything::mythings {$u: versions = $v } } and /etc/puppet/modules/mything/manifests/init.pp class mything { define mythings($versions) { # $name == $title == the user # this didn't work # mything { regsubst($versions, '^.*$', $name:\0): } # this works foo = regsubst($versions, '^.*$', $name:\0) mything { $foo: } } define mything () { # $name == $title == the version $user_and_version = split($name, ':') $user = $user_and_version[0] $version = $user_and_version[1] exec { mything_${name}_${user}_${version}: command = /bin/date /tmp/mything.txt; echo /bin/echo mything v. $version for $user /tmp/mything.txt; /bin/echo '' /tmp/mything.txt } } } Can anyone tell me why it wouldn't let me use regsubst(...) as the name when calling mything. If I could use it, so many possibilities would open up. Puppet on the client machine is 2.6.16 and the puppet master is 2.7.12 Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0IUOimQ80TcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Passing multiple arrays to define
Thanks for the reply. More info inline. On Tuesday, July 24, 2012 5:02:19 AM UTC-4, Felix.Frank wrote: If I'm reading this right, you're trying to join two arrays in a distinct fashion. I'm afraid puppet cannot easily do that. Your best bet is the create_resources function, if your puppet is recent enough. Even then you cannot use arrays per se, but have to structure your data accordingly: $users = { A = 1.5, B = 2.0, ... } I wasn't exactly clear with what I'm trying to do. If I understand based on your example, I'd want something like: $users = { A = [ 1.5, 2.0, 4.2, 0.01 ], B = [ 1.5, 2.0, 4.2, 0.01 ], ... } Then you can feed this hash to create_resources. With this structure, your mything define would expect the user name to be the resource title. mything($version) { exec { create_mything_for_${name}_with_version_${version}: ... } } HTH, Felix I'm not at all understanding what to do with this create_resources function. I'm trying something like: create_resources(mythingmodule::mything, $users) where $user and mything are as described above. I get an error that looks like it is still taking the version array and squishing it together. It complains it can't execute create_mything_for_A_with_version_1.52.04.20.01 What can I try now? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-CWze7lQYScJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passing multiple arrays to define
On Tuesday, July 24, 2012 9:31:39 AM UTC-4, jcbollinger wrote: I think it important to not only come up with a means to your end, but also to understand what you've done once you get there. What you need to know in this case is that Puppet provides a shortcut for declaring multiple resources of the same type and with the same parameters. If you give it an array -- whether a literal one or a variable or function result -- as the title of a resource, then Puppet creates one resource for each element of the array. That can be used similarly to a 'for' loop in a procedural language, though it isn't a loop at all. However this still means I'd have to do one for each version (and figure out how to avoid a Duplicate definition problem. Is there an easy or a right way to do what I'm trying to do? Depending on the details of what you're trying to do, Felix's suggestion of the create_resources() function might be your best bet. On the other hand, you can also do it by interposing another defined type, and using Puppet's built-in regsubst() and split() functions. That obtains simpler data at the expense of more complex resources: define mythings_user($versions) { # $name == $title == the user mything { regsubst($versions, '^.*$', $name:\0): } } define mything () { # $name == $title == the version $user_and_version = split($name, ':') $user = $user_and_version[0] $version = $user_and_version[1] exec { mything $name: command = echo mything v. $version for $user } } When the first argument to regsubst() is an array, it performs the specified substitution on each element, and returns an array of the results. Thus, its usage in definition Mythings_user creates an array of strings of the form user:version, which are suitable distinct titles for all the needed Mything resources. The Mything definition then splits its name/title to get the user and version pieces. Kinda ugly, really. John This almost worked, except when it is called the 2nd or 3rd time, puppet complains that it cannot reassign variable user_and_version. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/UhsTYg8vRzQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Passing multiple arrays to define
I'm trying to make a defined type with two parameters and pass an array for each parameter. My first try was something like this: init.pp define mything ($user, $version) { exec {$user_$version: command = something needing both $user and $version } } in the node file: $user = [ A, B, C, D] $version = [ 1.5, 2.0, 4.2, 0.01 ] mything { thing: user = $user, version = $version, } Now of course this didn't do what I want it to do (give all the users in $users all of the versions in $version) Searching I came across a post that said do something using $title like init.pp define mything ($version) { exec {$version: command = something using $foo and $title } } and the node file $user = [ A, B, C, D ] mything { $user: version = 1.5 } However this still means I'd have to do one for each version (and figure out how to avoid a Duplicate definition problem. Is there an easy or a right way to do what I'm trying to do? Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9_zxAPURFbIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.