Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
On 3 August 2011 07:07, Iain Sutton wrote: > To add a newline, put the closing double quote on a new line. > > content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet", > > becomes > > content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet > ", > Or, cleaner IMHO: content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet\n", -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
To add a newline, put the closing double quote on a new line.
content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet",
becomes
content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
",
On 2 August 2011 09:59, treydock wrote:
> Ok , so this was actually two problems...
>
> The first , can't have quotes around the folder location in
> #includedir...
>
> Second is the way I was populating those files...
>
> Here's the sudo module definition...
>
> define sudo::directive (
> $ensure=present,
> $content="",
> $source=""
> ) {
>
> # sudo skipping file names that contain a "."
> $dname = regsubst($name, '\.', '-', 'G')
>
> file {"/etc/sudoers.d/${dname}":
> ensure => $ensure,
> owner => root,
> group => root,
> mode => 0440,
> content => $content ? {
> "" => undef,
> default => $content,
> },
> source => $source ? {
> "" => undef,
> default => $source,
> },
> require => Package["sudo"],
> }
>
> }
>
> The "content" method doesn't work, or at least not in the way I've
> implemented it...
>
> So this doesn't work...
>
> sudo::directive { "zabbix-puppet":
> ensure => present,
> content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
> start_puppet",
> #source => "puppet:///files/zabbix_sudocmd",
> }
>
>
> And this works...
>
> sudo::directive { "zabbix-puppet":
> ensure => present,
> #content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
> start_puppet",
> source => "puppet:///files/zabbix_sudocmd",
> }
>
>
> The file "zabbix_sudocmd" contains the same text as the "Content"
> line, however it seems to not add a necessary new line character, as
> this is the debug output from puppet when I change from "source" to
> "content"...
>
> debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
> File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/
> sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0'
> --- /etc/sudoers.d/zabbix-puppet 2011-08-01 18:45:16.248138294 -0500
> +++ /tmp/puppet-file20110801-18801-1wfv1td-0 2011-08-01
> 18:53:53.566133754 -0500
> @@ -1 +1 @@
> -zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
> +zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
> \ No newline at end of file
> debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson
> raw yaml; using yaml
> info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
> File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix-
> puppet to main with sum 2ecb3670db9e458970153bf00d64b325
> notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
> File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5}
> 2ecb3670db9e458970153bf00d64b325' to '{md5}
> 348da8bc5d9eacaf6334b092d95001eb'
>
>
> Notice the "No newline at end of file"...
>
> I can use "content" if I add a "\n" to the end of the line, which
> doesn't seem like it should be necessary, but it works.
>
> Thanks!!
> - Trey
>
>
> On Aug 1, 6:35 pm, vagn scott wrote:
>> On 08/01/2011 01:41 PM, treydock wrote:
>>
>> > #includedir "/etc/sudoers.d"
>>
>> Maybe without the quotation marks?
>>
>> --
>> vagn
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing sudo via puppet using #includedir
Ok , so this was actually two problems...
The first , can't have quotes around the folder location in
#includedir...
Second is the way I was populating those files...
Here's the sudo module definition...
define sudo::directive (
$ensure=present,
$content="",
$source=""
) {
# sudo skipping file names that contain a "."
$dname = regsubst($name, '\.', '-', 'G')
file {"/etc/sudoers.d/${dname}":
ensure => $ensure,
owner => root,
group => root,
mode=> 0440,
content => $content ? {
"" => undef,
default => $content,
},
source => $source ? {
"" => undef,
default => $source,
},
require => Package["sudo"],
}
}
The "content" method doesn't work, or at least not in the way I've
implemented it...
So this doesn't work...
sudo::directive { "zabbix-puppet":
ensure => present,
content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
start_puppet",
#source => "puppet:///files/zabbix_sudocmd",
}
And this works...
sudo::directive { "zabbix-puppet":
ensure => present,
#content => "zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
start_puppet",
source => "puppet:///files/zabbix_sudocmd",
}
The file "zabbix_sudocmd" contains the same text as the "Content"
line, however it seems to not add a necessary new line character, as
this is the debug output from puppet when I change from "source" to
"content"...
debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/
sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0'
--- /etc/sudoers.d/zabbix-puppet2011-08-01 18:45:16.248138294 -0500
+++ /tmp/puppet-file20110801-18801-1wfv1td-02011-08-01
18:53:53.566133754 -0500
@@ -1 +1 @@
-zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
+zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
\ No newline at end of file
debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson
raw yaml; using yaml
info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix-
puppet to main with sum 2ecb3670db9e458970153bf00d64b325
notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5}
2ecb3670db9e458970153bf00d64b325' to '{md5}
348da8bc5d9eacaf6334b092d95001eb'
Notice the "No newline at end of file"...
I can use "content" if I add a "\n" to the end of the line, which
doesn't seem like it should be necessary, but it works.
Thanks!!
- Trey
On Aug 1, 6:35 pm, vagn scott wrote:
> On 08/01/2011 01:41 PM, treydock wrote:
>
> > #includedir "/etc/sudoers.d"
>
> Maybe without the quotation marks?
>
> --
> vagn
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Managing sudo via puppet using #includedir
These are the perms we're using for that functionality: dr-xr-x--- 2 root root 4096 Jul 7 18:09 /etc/sudoers.d -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Mon, Aug 1, 2011 at 2:49 PM, treydock wrote: > From the sudoer docs it mentioned making the files in /etc/sudoers.d > be 440, but what about the folder? Here's the perms on /etc/sudoers.d > > drwxr-xr-x 2 root root 4096 Jul 26 19:16 . > drwxr-xr-x. 64 root root 4096 Jul 26 19:16 .. > -r--r- 1 root root 53 Jul 26 19:16 zabbix-puppet > > - Trey > > On Aug 1, 3:47 pm, Len Rugen wrote: > > It's working here for RHEL 5 & 6. Check the owner and perms of > sudoers.d, > > that's probably not your problem, but it's the only one we've had. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing sudo via puppet using #includedir
>From the sudoer docs it mentioned making the files in /etc/sudoers.d be 440, but what about the folder? Here's the perms on /etc/sudoers.d drwxr-xr-x 2 root root 4096 Jul 26 19:16 . drwxr-xr-x. 64 root root 4096 Jul 26 19:16 .. -r--r- 1 root root 53 Jul 26 19:16 zabbix-puppet - Trey On Aug 1, 3:47 pm, Len Rugen wrote: > It's working here for RHEL 5 & 6. Check the owner and perms of sudoers.d, > that's probably not your problem, but it's the only one we've had. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
