Hi;
This one should be easy; but, so far, it's eluding me.
I would like to configure ssh to use a different directory for authorized
keys files. I have the file resource which that works on its own. I want
the file resource to call the exec to set the selinux type on the directory
when needed. Here's what I have:
class ssh::config
{
define sshdir_selinux() {
exec { "/usr/bin/chcon -R -t ssh_home_t
$ssh::params::ssh_authkey_dir": }
}
# exec { 'sshdir_selinux':
# command => "chcon -R -t ssh_home_t $ssh::params::ssh_authkey_dir",
# path => '/usr/bin',
# require => File["$ssh::params::ssh_authkey_dir"],
# }
file { $ssh::params::ssh_authkey_dir:
ensure => directory,
owner => root,
group => root,
mode => '0755',
}
file { $ssh::params::ssh_rootkeys:
ensure => present,
owner => root,
group => sys,
mode => '0750',
source => 'puppet:///modules/ssh/authorized_keys.root',
sshdir_selinux { },
}
}
My searches
(particularly:https://support.mayfirst.org/wiki/how-to/puppet/layout#defines)
seem to indicate this is the right syntax; but I keep getting:
# ptest
Error: Syntax error at '{'; expected '}' at
/root/modules/ssh/manifests/config.pp:62 on node puppet.olearycomputers.com
Error: Syntax error at '{'; expected '}' at
/root/modules/ssh/manifests/config.pp:62 on node puppet.olearycomputers.com
when I run it.
I have made the process work by using the straight exec that's commented in
the code above; but, that'll call chcon every time that puppet's run (as I
understand it). I would rather have it called only when a key file is
added.
Appreciate any hints/tips/suggestions.
Doug O'Leary
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e40a6bc4-170f-4be6-bacb-73e13c483ce9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
