Hi Andrew,
Just noticed that ssh::auth::server doesn't require the resource for ~/.ssh
directory. Considering the documentation says it does (in Examples -> 1. With
account management at the bottom mentions that 'require => [User[$title],
File["$home/.ssh"]]' is implicitly included in both client and server), I
thought I'll report it.
This works fine for ssh::auth::server because it uses a file resource for the
~/.ssh/$filename file, so ~/.ssh is autorequired by puppet (if defined).
Also, while I'm at it, I wanted to ask a question related to scoping. Don't
know if it's another difference between puppet 0.24.8 and 0.25.x, can't find
any
docs mentioning that. Anyway the problem manifests itself in that simple
manifest:
----
import "auth.pp"
include ssh::auth
Ssh::Auth::Key { length => 4096 }
ssh::auth::key { 'foo': }
include ssh::auth::keymaster
file { '/home/foo/.ssh': ensure => directory, mode => 700, owner => 'foo',
group => 'puppet' }
ssh::auth::client { 'foo': group => 'foo' }
----
this is a simplified manifest which I ran with standalone puppet and it
produces the following error:
Only subclasses can override parameters at /root/puppet-
tests/sshauth/auth.pp:113 on node ...
The problem here is the "group => 'foo'" param passed to ssh::auth::client.
It doesn't really matter which parameter it is though as the issue seems to be
that the ssh::auth::client (or ssh::auth::server) define cannot override
properties of a resource declared in ssh::auth::key define.
I searched a bit for something on defines overriding parameters of resources
and found a thread here on puppet-users [1] which implies this isn't possible.
Does that work in 0.25.x ?
[1] http://groups.google.com/group/puppet-
users/browse_thread/thread/4836b517cd7b5010
--
Michael Gliwinski
Henderson Group Information Services
9-11 Hightown Avenue, Newtownabby, BT36 4RT
Phone: 028 9034 3319
**********************************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee and access to the email by anyone else
is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it, is prohibited and
may be unlawful.
When addressed to our clients, any opinions or advice contained in this e-mail
are subject to the terms and conditions expressed in the governing client
engagement leter or contract.
If you have received this email in error please notify
[email protected]
John Henderson (Holdings) Ltd
Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland,
BT36 4RT.
Registered in Northern Ireland
Registration Number NI010588
Vat No.: 814 6399 12
*********************************************************************************
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
