On Oct 21, 7:54 am, Arnaud Gomes-do-Vale <[email protected]>
wrote:
> class ssh::server {
[...]
> file { "/etc/ssh/sshd_config":
> source => "puppet:///modules/ssh/sshd_config",
> owner => "root",
> group => "root",
> mode => 0400,
> notify => Service[$servicename],
> }
>
> }
>
> class ssh::server::forceip inherits ssh::server {
>
> File["/etc/ssh/sshd_config"] {
> content => template("ssh/sshd_config.erb"),
> source => undef,
> }
>
> }
>
> Everything works as intended with 0.25.x clients (with 0.25.x or 2.6.x
> puppetmaster).
>
> I have a test puppetmaster running 2.6.x (both client and server, I use
> RPM packages from tmz-puppet repo:
> puppet{,-server}-2.6.3-0.2.rc1.el5). This host includes the
> ssh::server::forceip class. From time to time, the sshd_config file from
> the ::forceip class gets overwritten by the generic one, then comes back
> on the next run. I can't see anything changing between runs; the
> ssh::server::forceip class is still in classes.txt.
>
> What am I doing wrong?
Are you sure that your sshd_config.erb template is not to blame? That
is, could it under some circumstances produce output that looks like
the generic file?
If the template is not the problem then I would suspect the fact that
you are using both the 'source' and the 'content' properties of the
file (but if that's it, then I'd account it a Puppet bug). Even
though ::sourceip overrides 'source' to undef, it would be cleaner
either for both to use 'source' or for both to use 'content'.
Converting a static source file to a template should be trivial.
You might consider, however, doing away with the ::forceip subclass
altogether, relying instead on a single template to handle all nodes.
The template would probably be a bit more complicated than your
current one, but you would get rid of an entire class and an entire
static file from you configuration -- probably a win overall.
Cheers,
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
