Re: [Puppet Users] ssh_authorized_key and NIS user
I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user= nagios, type= ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/**localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/**idmapd.conf]/content) content changed '{md5}**3e94f238294cc61b047e7ae50115df**fc' to '{md5}** 6d9c69f38eca81ab0f879c2771d5d5**43' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd] **/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd] **) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/* *yp.conf]/ensure) defined content as '{md5}** 9c23d37f431c0788c212d3c0ab8a48**af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_ **if_no_such_line[sudoers_**nagios_smartctl]/Exec[/bin/**echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/* *ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/* *nsswitch.conf]/content) content changed '{md5}** 295c15c4bdac80e50b37689ef08f35**9c' to '{md5}** 250a1851aec43bcc5f73e8a01b2141**bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis] **) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@**login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@** googlegroups.com puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/** group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Its just using the Ruby Etc library to do the lookup according to puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a feature request if you want this support. You can work around this by using something like: $username = bob ssh_authorized_key { keyfor-${username}: key = ..., target = /user/home/dirs/${username}/.ssh/authorized_keys, } The issue being you need prior knowledge of path to the key. You can glean this by producing a fact that uses something like 'getent' instead of /etc/passwd - but this is less then optimal. ken. On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote: I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user = nagios, type = ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Ken Barber wrote: Its just using the Ruby Etc library to do the lookup according to puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a feature request if you want this support. its #8081 You can work around this by using something like: $username = bob ssh_authorized_key { keyfor-${username}: key = ..., target = /user/home/dirs/${username}/.ssh/authorized_keys, } Will look into this. The issue being you need prior knowledge of path to the key. For my simple usecase this is not a problem. (At least atm. I don't see one.) Thanks, Andreas glean this by producing a fact that uses something like 'getent' instead of /etc/passwd - but this is less then optimal. ken. On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote: I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user= nagios, type= ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key and NIS user
Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user= nagios, type= ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.