[Puppet Users] Run stages implicitly include classes, is this behavior intended?
So I am using a mix of old puppet and the Ruby DSL on a new project
(loving it, new as it is!). But I've run into some behavior that
surprised me.
In my default node, (.pp), I have, among others, these lines:
node default {
class { 'amqp': stage = system }
include roles
}
(It seems that with the current Ruby DSL, the stage assignment must
happen, in a .pp file, after the 'amqp' class has been imported from
elsewhere).
In roles.rb, I have, among others, these lines:
hostclass 'roles' do
roles = scope.lookupvar('ec2_security_groups').split(':').map {|s|
s.gsub(/-/,'_') }.map(:to_sym)
include 'amqp' if roles.include? :amqp
end
What surprised me is that my clever plan to do some fun logic on
system roles is thwarted by the stage assignment. Regardless of
whether or not I include the amqp class anywhere else, the stage
assignment includes the class in the configuration. I did not expect
this--I imagined that stage assignment was metadata, not assigning the
class as a requirement for the stage. Is that intended behavior?
Woefully, if my role logic is in a .rb file, I can't even do the stage
assignment conditionally, because of the aforementioned (surely
temporary) limitations in stage assignments from the Ruby DSL.
Am I missing something? If not, can someone suggest a workaround?
Thanks,
Ben
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with multiple requires in Ruby DSL
I'm loving playing around with the DSL. There are some problems (ie 5237), but now that it's Ruby, I can fix them! woo! However, I'm stumped on this one, which may or may not be related to the DSL. When trying to have a resource have a simple dependency on two things at once, it simply fails, and I'm stumped as to why. The error message is: Parameter require failed: No title provided and [ Exec[git-/usr/local/ resque-runner], Rvm_install[1.9.2-p136]] is not a valid resource reference My definition looks like this: define :bundle_install, :rvm do rvm_exec bundle...@name}, :command = bundle install --without production, :ruby = @rvm, :path = /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin, # this alone works: #:require = rvm_install...@rvm}], # this alone also works: #:require = exec[git...@name}], # this fails: :require = [ exec[git...@name}], rvm_install...@rvm}]], :cwd = @name, :creates = #...@name}/.bundle/config end Am I missing something, or should I open a ticket? Thanks, Ben -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Running on EC2 without a puppetmaster?
Hi all, I'm setting up a buzzword-compliant auto-scaling thing on EC2, and I have something I'd like some more opinion on. Namely, I am going to be making my own AMI (getting the app set up takes ~20 mins otherwise), and it seems perfectly workable to store the entire config in /etc/puppet and just running puppet on the manifest--no puppetd, no puppetmaster, just a git pull to get any recent changes and run once at boot. This works fine, of course, but I lose the ability to push changes to the nodes without touching them manually. I'm wondering if anyone else has run this sort of setup, and if so, if you preferred it or came to regret it? Thanks, Ben -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh authorized keys fails
Can someone tell me what's wrong here? Or should I reopen #2487,
http://projects.reductivelabs.com/issues/2487 ?
I have this config:
===
class devusers {
dev_user { ben:
uid = 510,
keytype = ssh-rsa,
keyname = b...@7.106.cp,
key = blahblah
}
dev_user { yuri:
uid = 503,
keytype = ssh-rsa,
key = blahblah
keyname = y...@devhost2.dev.cp
}
}
define dev_user($uid,$keyname,$key,$keytype) {
user { $name:
ensure = present,
uid = $uid,
gid = $name,
groups = devs,
managehome = true,
}
group { $name:
gid = $uid,
ensure = present
}
# puppet bug :(
# ssh_authorized_key { $keyname:
#type = $keytype,
#key = $key,
#user = $uid,
#ensure = present,
#require = User[$name]
# }
}
===
Running this config is fine, users are created. When I uncomment the
authorized_keys bit, puppetd execution fails entirely:
[r...@devhost2 manifests]# puppetd --no-daemonize -od
debug: Failed to load library 'selinux' for feature 'selinux'
.
.
.
debug: //devusers/Dev_user[yuri]/
ssh_authorized_key[y...@devhost2.dev.cp]: Changing ensure
debug: //devusers/Dev_user[yuri]/
ssh_authorized_key[y...@devhost2.dev.cp]: 1 change(s)
debug: The required user is not yet present on the system
debug: The required user is not yet present on the system
notice: //devusers/Dev_user[yuri]/
ssh_authorized_key[y...@devhost2.dev.cp]/ensure: created
debug: The required user is not yet present on the system
err: Got an uncaught exception of type ArgumentError: user 503 doesn't
exist
debug: Storing state
debug: Stored state in 0.08 seconds
notice: Finished catalog run in 2.35 seconds
Curiously, the key file is actually created. But I have to leave this
disabled and not just live with error messages, as the exception ends
further processing by puppetd.
Thanks for any help,
Ben
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh authorized keys fails
*slap forehead* This is on 0.25.4, the latest gem as of ~2 weeks ago. Thanks, Ben On Mar 5, 2:18 pm, Peter Meier peter.me...@immerda.ch wrote: Zitat von Ben Lavender blaven...@gmail.com: Can someone tell me what's wrong here? Or should I reopen #2487, http://projects.reductivelabs.com/issues/2487? [...] . . debug: //devusers/Dev_user[yuri]/ ssh_authorized_key[y...@devhost2.dev.cp]: Changing ensure debug: //devusers/Dev_user[yuri]/ ssh_authorized_key[y...@devhost2.dev.cp]: 1 change(s) debug: The required user is not yet present on the system debug: The required user is not yet present on the system notice: //devusers/Dev_user[yuri]/ ssh_authorized_key[y...@devhost2.dev.cp]/ensure: created debug: The required user is not yet present on the system err: Got an uncaught exception of type ArgumentError: user 503 doesn't exist debug: Storing state debug: Stored state in 0.08 seconds notice: Finished catalog run in 2.35 seconds Curiously, the key file is actually created. But I have to leave this disabled and not just live with error messages, as the exception ends further processing by puppetd. which version are you running? cheers pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cannot create authorized key and user in the same go?
Hi,
I'm trying to create an authorized key and a user in one go and I'm
not getting anywhere:
class users {
user { ben :
ensure = present,
uid = 1010,
gid = users,
managehome = true,
password = blahblah
}
ssh_authorized_key { ben-key:
ensure = present,
key= blahblah,
type = ssh-dss,
user = ben,
}
}
This doesn't work, not even in the 'run it twice' kind of way:
Nov 11 23:49:04 mgmt puppetd[20300]: Could not create ben-key: user
ben doesn't exist
Nov 11 23:49:04 mgmt puppetd[20300]: Configuration could not be
instantiated: user ben doesn't exist
Commenting out the key will create the user, and uncommenting it after
user creation will create the key. Am I missing something painfully
obvious?
Puppet 24.8 on SUSE 11. I've pared the configuration down to only
this; nothing else is going on.
Thanks,
Ben
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] ensure = true not working for sshd
Hello,
I'm confused why puppet wont start a service I have configured.
In the module, which is definitely being run (everything else in it
works):
service { ssh:
name = 'sshd',
ensure = true,
enable = true
}
As I understand the docs, the ensure = true should start sshd if it
is not running (or at least try to). But when I turn off ssh on a
managed host, it's not started by puppet.
[r...@opstest-host-3 yum.repos.d]# service sshd stop
Stopping sshd: [ OK ]
[r...@opstest-host-3 yum.repos.d]# !/etc
/etc/init.d/puppet once
[r...@opstest-host-3 yum.repos.d]# !ta
tail -f /var/log/puppets.log
Sep 18 04:18:17 opstest-host-3 puppetd[13199]: Reopening log files
Sep 18 04:18:21 opstest-host-3 puppetd[13199]: Starting catalog run
Sep 18 04:18:32 opstest-host-3 puppetd[13199]: Finished catalog run in
10.93 seconds
Can anyone point me to what I'm doing wrong?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: ensure = true not working for sshd
Thanks for your response.
I went through the type reference a little more closely. I had
assumed that the provider = redhat (I am running rhel 5) would give
me service xyz start/status/stop/restart on everything, but I see now
that's not the case. Modules are being updated accordingly :)
However, even after updating this and informing puppet that sshd's
init script has a status command, sshd is not behaving correctly.
Further investigation reveals this is actually a bug in the red hat
init script. 'service sshd status' simply uses pidof to determine if
sshd is running, but sshd forks off existing ssh sessions, allowing
the daemon to be started/stopped/etc while people are still
connected. pidof finds these and reports that sshd is running, and
puppet has no reason not to believe the init script.
I am off to figure out how to file bugs against RHEL5. I suppose this
little gotcha is not a bad thing to have on the mailing list for
google to find in any case.
Thanks again for the help!
Ben
On Sep 18, 10:41 am, David Schmitt da...@dasz.at wrote:
Ben Lavender wrote:
Hello,
I'm confused why puppet wont start a service I have configured.
In the module, which is definitely being run (everything else in it
works):
service { ssh:
name = 'sshd',
ensure = true,
enable = true
}
As I understand the docs, the ensure = true should start sshd if it
is not running (or at least try to). But when I turn off ssh on a
managed host, it's not started by puppet.
[r...@opstest-host-3 yum.repos.d]# service sshd stop
Stopping sshd: [ OK ]
[r...@opstest-host-3 yum.repos.d]# !/etc
/etc/init.d/puppet once
[r...@opstest-host-3 yum.repos.d]# !ta
tail -f /var/log/puppets.log
Sep 18 04:18:17 opstest-host-3 puppetd[13199]: Reopening log files
Sep 18 04:18:21 opstest-host-3 puppetd[13199]: Starting catalog run
Sep 18 04:18:32 opstest-host-3 puppetd[13199]: Finished catalog run in
10.93 seconds
Can anyone point me to what I'm doing wrong?
Depending on your /etc/init.d/ssh's capabilities you either have to
specify hasstatus=true or provide a appropriate pattern=.
See the TypeReference for details.
Regards, DavidS
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet cannot find custom functions
Just so that it gets onto the mailing list for the next poor guy searching for this: Functions need to be in a file of the same name, it would appear. I can find nothing in the wiki that mentions this specifically, but perhaps I did not look hard enough. I renamed my file from functions.rb to minute_from_address.rb and it worked immediately. The location of the file, /etc/puppet/modules/ puppet/plugins/puppet/parser/functions/ , was evidently fine the whole time. Ben On Aug 12, 7:58 pm, Allan Marcus al...@lanl.gov wrote: Is there a solution to this? --- Thanks, Allan Marcus 505-667-5666 On Aug 5, 2009, at 10:52 PM, Ben Lavender wrote: Actually, I take that back--it would not appear to be the same issue as #2494 at all. I also have the functions file in this directory: /etc/puppet/modules/puppet/plugins/puppet/parser/functions/ That should have been loaded as well, according to http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions, but it was not. I'm starting to worry that I'm missing something terribly simple and obvious. Ben On Aug 6, 1:47 am, Ben Lavender blaven...@gmail.com wrote: Perhaps this is the same issue, but the workaround does not seem to work. Starting puppetmasterd with --libdir=/var/lib/puppet/lib does not fix the problem. On Aug 5, 9:13 pm, Larry Ludwig la...@reductivelabs.com wrote: Can someone tell me what I'm doing wrong here? According to the link referenced above, puppet should be picking up functions in these directories. Even better, is there an accepted way I can tell puppetmasterd to look for functions in a particular place? Hi I assumed your issue is related to this? http://projects.reductivelabs.com/issues/2494 -L -- Larry Ludwig Reductive Labs --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet cannot find custom functions
Hello,
I'm trying to do almost exactly what the cookbook at
http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions is
doing, namely, adding a custom hash function to determine what time
cron should run.
However, I can't get puppet to find my function. I've got it
symlinked all over:
[r...@nagios1 functions]# puppetmasterd --configprint libdir
/var/lib/puppet/lib
[r...@nagios1 functions]# ls /var/lib/puppet/lib/puppet/parser/
functions/functions.rb
/var/lib/puppet/lib/puppet/parser/functions/functions.rb
[r...@nagios1 functions]# ls /etc/puppet/modules/puppet/plugins/puppet/
parser/functions/functions.rb
/etc/puppet/modules/puppet/plugins/puppet/parser/functions/
functions.rb
The conents of the file are:
require 'digest/sha1'
module Puppet::Parser::Functions
newfunction(:minute_from_address, :type = :rvalue) do |args|
Digest::SHA1.hexdigest(lookupvar('ipaddress')).hex.to_i % 60
end
end
And the recipe calling it is:
class puppet {
cron { puppet:
command = /etc/init.d/puppet once,
user = root,
minute = minute_from_address()
}
}
But all I ever get is:
Aug 4 22:29:19 toolbox puppetd[10730]: Could not retrieve catalog:
Unknown function minute_from_address at /etc/puppet/modules/puppet/
manifests/init.pp:16 on node xyz
Can someone tell me what I'm doing wrong here? According to the link
referenced above, puppet should be picking up functions in these
directories. Even better, is there an accepted way I can tell
puppetmasterd to look for functions in a particular place?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Purging non-LDAP users, but ignore the LDAP users?
I'm trying to manage my userbase in puppet and having some trouble.
My setup: users exist in LDAP. Public keys exist in LDAP (I really
recommend this patch, see http://code.google.com/p/openssh-lpk/wiki/Main).
Some machines use NFS to mount an exported set of home directories;
others do not.
This means that very few user resources actually exist on most
servers, but PAM will still return a list of users from LDAP. So I
would like to make sure that if you are logging in, you are actually
logging in with LDAP--basically, I want to get rid of anything in /etc/
passwd. I add a resources clause to purge non-LDAP users:
resources { user:
purge = true,
unless_system_user = true,
}
Disaster, along with what appears to be a bug reporting a user found
'in both useradd and useradd' for each user that existed both on the
system and in LDAP:
Aug 5 06:22:11 nagios1 puppetd[32643]: Starting catalog run
Aug 5 06:22:11 nagios1 puppetd[32643]: User ben found in both useradd
and useradd; skipping the useradd version
Aug 5 06:22:11 nagios1 puppetd[32643]: User xyz found in both useradd
and useradd; skipping the useradd version
Aug 5 06:22:11 nagios1 puppetd[32643]: User nagios found in both
useradd and useradd; skipping the useradd version
Aug 5 06:22:16 nagios1 puppetd[32643]: (/User[xyz]/ensure) removed
... snip a bunch of LDAP users getting removed ...
Aug 5 06:22:20 nagios1 puppetd[32643]: (/User[ben]/ensure) change
from present to absent failed: Could not delete user ben: Execution of
'/usr/sbin/userdel ben' returned 8: userdel: user ben is currently
logged in
Aug 5 06:22:20 nagios1 puppetd[32643]: Finished catalog run in 8.82
seconds
Fortunately, my systems do not have write access to LDAP. Based on
this line in the type reference for resources, Any metaparams
specified here will be passed on to any generated resources, I tried
adding a 'provider' clause to the user resources but no dice. I'm not
sure manually setting it to useradd will actually do what I want
anyway.
I'm guessing puppet simply doesn't support what I'm looking for right
now, since LDAP users appear normally in most of the POSIX libraries.
Is that assumption correct?
If so, does anyone have any suggestions for how to manage this? I am
thinking I can make LDAP users be 200-300 or so and then the purge
will consider them system accounts and still purge anything over 500
created with useradd. I hate awkward solutions, though, and was
wondering if someone else has come across this before.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Purging non-LDAP users, but ignore the LDAP users?
If that's really what you want -- purging /etc/passwd -- using a File
would be much easier and directly capture your intent:
file {
/etc/passwd:
ensure = absent;
}
I'd recommend to provide at least a few system users in the default
template instead of deleting the file altogether. E.g. some packages
create users for their files.
For the reasons you just explained, this won't do. Users like daemon,
cron, and various system accounts are all still around and need to
be. I'm also not sure what pam would do with itself without passwd,
to be honest, and would hate to find out! :)
Thank you though,
Ben
Regards, DavidS
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet cannot find custom functions
Perhaps this is the same issue, but the workaround does not seem to work. Starting puppetmasterd with --libdir=/var/lib/puppet/lib does not fix the problem. On Aug 5, 9:13 pm, Larry Ludwig la...@reductivelabs.com wrote: Can someone tell me what I'm doing wrong here? According to the link referenced above, puppet should be picking up functions in these directories. Even better, is there an accepted way I can tell puppetmasterd to look for functions in a particular place? Hi I assumed your issue is related to this? http://projects.reductivelabs.com/issues/2494 -L -- Larry Ludwig Reductive Labs --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Purging non-LDAP users, but ignore the LDAP users?
Thanks. This is a good idea to try and fix this. On Aug 5, 8:34 pm, Nicolas Szalay nsza...@qualigaz.com wrote: Le mercredi 05 août 2009 à 04:01 -0700, Ben Lavender a écrit : For the reasons you just explained, this won't do. Users like daemon, cron, and various system accounts are all still around and need to be. I'm also not sure what pam would do with itself without passwd, to be honest, and would hate to find out! :) non system users are often given an UID = 1000, write a script to find these, delete them and use Exec to run it. Beware of nobody that is often given the highest UID (65534 here) Regards, Nico. signature.asc 1KViewDownload --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet cannot find custom functions
Actually, I take that back--it would not appear to be the same issue as #2494 at all. I also have the functions file in this directory: /etc/puppet/modules/puppet/plugins/puppet/parser/functions/ That should have been loaded as well, according to http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions , but it was not. I'm starting to worry that I'm missing something terribly simple and obvious. Ben On Aug 6, 1:47 am, Ben Lavender blaven...@gmail.com wrote: Perhaps this is the same issue, but the workaround does not seem to work. Starting puppetmasterd with --libdir=/var/lib/puppet/lib does not fix the problem. On Aug 5, 9:13 pm, Larry Ludwig la...@reductivelabs.com wrote: Can someone tell me what I'm doing wrong here? According to the link referenced above, puppet should be picking up functions in these directories. Even better, is there an accepted way I can tell puppetmasterd to look for functions in a particular place? Hi I assumed your issue is related to this? http://projects.reductivelabs.com/issues/2494 -L -- Larry Ludwig Reductive Labs --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Ensure that nfs mounts are nosuid
On Jul 7, 6:17 pm, Scott Smith sc...@ohlol.net wrote: Ben Lavender wrote: I'm not trying to define the mounts themselves in puppet. Why not? Because: * I do not see the point in doing necessarily per-machine configuration centrally. One day when it's all on a SAN, that might change. * Since these are virtual machines, any 'correct' config also involves correctly managing LVM/disk images/xen config on the host, none of which are currently fully supported * The security policy I am trying to implement does not really concern itself with local disks this way. * As I am trying to implement a security policy, even if I managed mounts in puppet, I would still have the problem that it was possible another administrator had defined an NFS mount that was not nosuid. We're only just starting with puppet and it's not okay at this stage to have puppet wipe out non-puppet mounts/config; we're 200 machines into it and growing and there is a lot of custom config/applications across those machines. Ben -scott --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Ensure that nfs mounts are nosuid
Hello, I'm in the process of setting up puppet for my installation. One of the things I'm tasked with doing is making sure that all network mounts are nosuid. I'm not entirely sure how to do this. I don't think I want the 'mount' type; I'm not trying to define the mounts themselves in puppet. Augeas, meanwhile, does not seem to the ability to loop through contexts to use the onlyif option, though I could set up checks for each entry in fstab, i.e. using context /files/etc/fstab/ 0, /files/etc/fstab/1, etc. I don't see another option that will work with what I'm looking for. Can anyone give me any pointers on how to make this work? Thanks, Ben --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
