Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
On 3 August 2011 07:07, Iain Sutton wrote: > To add a newline, put the closing double quote on a new line. > > content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet", > > becomes > > content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet > ", > Or, cleaner IMHO: content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet\n", -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
To add a newline, put the closing double quote on a new line. content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet", becomes content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet ", On 2 August 2011 09:59, treydock wrote: > Ok , so this was actually two problems... > > The first , can't have quotes around the folder location in > #includedir... > > Second is the way I was populating those files... > > Here's the sudo module definition... > > define sudo::directive ( > $ensure=present, > $content="", > $source="" > ) { > > # sudo skipping file names that contain a "." > $dname = regsubst($name, '\.', '-', 'G') > > file {"/etc/sudoers.d/${dname}": > ensure => $ensure, > owner => root, > group => root, > mode => 0440, > content => $content ? { > "" => undef, > default => $content, > }, > source => $source ? { > "" => undef, > default => $source, > }, > require => Package["sudo"], > } > > } > > The "content" method doesn't work, or at least not in the way I've > implemented it... > > So this doesn't work... > > sudo::directive { "zabbix-puppet": > ensure => present, > content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ > start_puppet", > #source => "puppet:///files/zabbix_sudocmd", > } > > > And this works... > > sudo::directive { "zabbix-puppet": > ensure => present, > #content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ > start_puppet", > source => "puppet:///files/zabbix_sudocmd", > } > > > The file "zabbix_sudocmd" contains the same text as the "Content" > line, however it seems to not add a necessary new line character, as > this is the debug output from puppet when I change from "source" to > "content"... > > debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ > File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/ > sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0' > --- /etc/sudoers.d/zabbix-puppet 2011-08-01 18:45:16.248138294 -0500 > +++ /tmp/puppet-file20110801-18801-1wfv1td-0 2011-08-01 > 18:53:53.566133754 -0500 > @@ -1 +1 @@ > -zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet > +zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet > \ No newline at end of file > debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson > raw yaml; using yaml > info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ > File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix- > puppet to main with sum 2ecb3670db9e458970153bf00d64b325 > notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ > File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5} > 2ecb3670db9e458970153bf00d64b325' to '{md5} > 348da8bc5d9eacaf6334b092d95001eb' > > > Notice the "No newline at end of file"... > > I can use "content" if I add a "\n" to the end of the line, which > doesn't seem like it should be necessary, but it works. > > Thanks!! > - Trey > > > On Aug 1, 6:35 pm, vagn scott wrote: >> On 08/01/2011 01:41 PM, treydock wrote: >> >> > #includedir "/etc/sudoers.d" >> >> Maybe without the quotation marks? >> >> -- >> vagn > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing sudo via puppet using #includedir
Ok , so this was actually two problems... The first , can't have quotes around the folder location in #includedir... Second is the way I was populating those files... Here's the sudo module definition... define sudo::directive ( $ensure=present, $content="", $source="" ) { # sudo skipping file names that contain a "." $dname = regsubst($name, '\.', '-', 'G') file {"/etc/sudoers.d/${dname}": ensure => $ensure, owner => root, group => root, mode=> 0440, content => $content ? { "" => undef, default => $content, }, source => $source ? { "" => undef, default => $source, }, require => Package["sudo"], } } The "content" method doesn't work, or at least not in the way I've implemented it... So this doesn't work... sudo::directive { "zabbix-puppet": ensure => present, content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ start_puppet", #source => "puppet:///files/zabbix_sudocmd", } And this works... sudo::directive { "zabbix-puppet": ensure => present, #content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ start_puppet", source => "puppet:///files/zabbix_sudocmd", } The file "zabbix_sudocmd" contains the same text as the "Content" line, however it seems to not add a necessary new line character, as this is the debug output from puppet when I change from "source" to "content"... debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/ sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0' --- /etc/sudoers.d/zabbix-puppet2011-08-01 18:45:16.248138294 -0500 +++ /tmp/puppet-file20110801-18801-1wfv1td-02011-08-01 18:53:53.566133754 -0500 @@ -1 +1 @@ -zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet +zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet \ No newline at end of file debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson raw yaml; using yaml info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix- puppet to main with sum 2ecb3670db9e458970153bf00d64b325 notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5} 2ecb3670db9e458970153bf00d64b325' to '{md5} 348da8bc5d9eacaf6334b092d95001eb' Notice the "No newline at end of file"... I can use "content" if I add a "\n" to the end of the line, which doesn't seem like it should be necessary, but it works. Thanks!! - Trey On Aug 1, 6:35 pm, vagn scott wrote: > On 08/01/2011 01:41 PM, treydock wrote: > > > #includedir "/etc/sudoers.d" > > Maybe without the quotation marks? > > -- > vagn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
These are the perms we're using for that functionality: dr-xr-x--- 2 root root 4096 Jul 7 18:09 /etc/sudoers.d -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Mon, Aug 1, 2011 at 2:49 PM, treydock wrote: > From the sudoer docs it mentioned making the files in /etc/sudoers.d > be 440, but what about the folder? Here's the perms on /etc/sudoers.d > > drwxr-xr-x 2 root root 4096 Jul 26 19:16 . > drwxr-xr-x. 64 root root 4096 Jul 26 19:16 .. > -r--r- 1 root root 53 Jul 26 19:16 zabbix-puppet > > - Trey > > On Aug 1, 3:47 pm, Len Rugen wrote: > > It's working here for RHEL 5 & 6. Check the owner and perms of > sudoers.d, > > that's probably not your problem, but it's the only one we've had. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing sudo via puppet using #includedir
>From the sudoer docs it mentioned making the files in /etc/sudoers.d be 440, but what about the folder? Here's the perms on /etc/sudoers.d drwxr-xr-x 2 root root 4096 Jul 26 19:16 . drwxr-xr-x. 64 root root 4096 Jul 26 19:16 .. -r--r- 1 root root 53 Jul 26 19:16 zabbix-puppet - Trey On Aug 1, 3:47 pm, Len Rugen wrote: > It's working here for RHEL 5 & 6. Check the owner and perms of sudoers.d, > that's probably not your problem, but it's the only one we've had. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.