> Hi Andrew,
>
> Just noticed that ssh::auth::server doesn't require the resource for ~/.ssh
> directory. Considering the documentation says it does (in Examples -> 1.
> With
> account management at the bottom mentions that 'require => [User[$title],
> File["$home/.ssh"]]' is implicitly included in both client and server), I
> thought I'll report it.
>
> This works fine for ssh::auth::server because it uses a file resource for the
> ~/.ssh/$filename file, so ~/.ssh is autorequired by puppet (if defined).
OK, thanks for pointing this out. Looking back at it now, I think I was
probably counting on ssh_authorized_key requiring File[$home/.ssh]. But
that doesn't seem to be explicit anywhere, so I'll add it in explicitly for
the next point release. And the user too, while I'm at it.
> Also, while I'm at it, I wanted to ask a question related to scoping. Don't
> know if it's another difference between puppet 0.24.8 and 0.25.x, can't find
> any
> docs mentioning that. Anyway the problem manifests itself in that simple
> manifest:
>
> ----
> import "auth.pp"
>
> include ssh::auth
>
> Ssh::Auth::Key { length => 4096 }
>
> ssh::auth::key { 'foo': }
>
> include ssh::auth::keymaster
> file { '/home/foo/.ssh': ensure => directory, mode => 700, owner => 'foo',
> group => 'puppet' }
> ssh::auth::client { 'foo': group => 'foo' }
> ----
>
> this is a simplified manifest which I ran with standalone puppet and it
> produces the following error:
>
> Only subclasses can override parameters at /root/puppet-
> tests/sshauth/auth.pp:113 on node ...
>
> The problem here is the "group => 'foo'" param passed to ssh::auth::client.
> It doesn't really matter which parameter it is though as the issue seems to
> be
> that the ssh::auth::client (or ssh::auth::server) define cannot override
> properties of a resource declared in ssh::auth::key define.
>
> I searched a bit for something on defines overriding parameters of resources
> and found a thread here on puppet-users [1] which implies this isn't possible.
>
> Does that work in 0.25.x ?
I'll have to spend a little time looking into this. The whole purpose of
the way I set up the defines and virtual resources was to be able to
override parameters. The last time I tried it, it worked. I guess it's a
conflict with the file resource in your manifest? I'll see what I can
figure out and get back to you.
Andrew.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
