Re: [Puppet Users] ssh_authorized_key and NIS user
I'm wondering if the User provider has the capability to look up accounts
via NIS. It's been a long time since I've used NIS, however, so I don't know
if this is the problem for sure.
--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community
On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk
andreas.kuntz...@mdc-berlin.de wrote:
I'm wondering if my description was not clear enough or nobody knows an
answer to this. Did I stumble across a bug here and should open a ticket?
regards, Andreas
Andreas Kuntzagk wrote:
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user= nagios,
type= ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by
puppet and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/**localhome/nagios/]/ensure)
created
Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_
**key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/**idmapd.conf]/content)
content changed '{md5}**3e94f238294cc61b047e7ae50115df**fc' to '{md5}**
6d9c69f38eca81ab0f879c2771d5d5**43'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]
**/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]
**) Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/*
*yp.conf]/ensure) defined content as '{md5}**
9c23d37f431c0788c212d3c0ab8a48**af'
Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_
**if_no_such_line[sudoers_**nagios_smartctl]/Exec[/bin/**echo 'nagios
ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/*
*ensure) ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/*
*nsswitch.conf]/content) content changed '{md5}**
295c15c4bdac80e50b37689ef08f35**9c' to '{md5}**
250a1851aec43bcc5f73e8a01b2141**bd'
Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]
**) Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_
**key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_
**key[nagios@login2]) Could not evaluate: User 'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@**login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@**
googlegroups.com puppet-users%2bunsubscr...@googlegroups.com.
For more options, visit this group at http://groups.google.com/**
group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en
.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Its just using the Ruby Etc library to do the lookup according to
puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a
feature request if you want this support.
You can work around this by using something like:
$username = bob
ssh_authorized_key { keyfor-${username}:
key = ...,
target = /user/home/dirs/${username}/.ssh/authorized_keys,
}
The issue being you need prior knowledge of path to the key. You can
glean this by producing a fact that uses something like 'getent'
instead of /etc/passwd - but this is less then optimal.
ken.
On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote:
I'm wondering if the User provider has the capability to look up accounts
via NIS. It's been a long time since I've used NIS, however, so I don't know
if this is the problem for sure.
--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community
On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk
andreas.kuntz...@mdc-berlin.de wrote:
I'm wondering if my description was not clear enough or nobody knows an
answer to this. Did I stumble across a bug here and should open a ticket?
regards, Andreas
Andreas Kuntzagk wrote:
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user = nagios,
type = ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by
puppet and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/idmapd.conf]/content) content changed
'{md5}3e94f238294cc61b047e7ae50115dffc' to
'{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
'{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]:
(/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]:
(/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
'{md5}295c15c4bdac80e50b37689ef08f359c' to
'{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]:
(/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Ken Barber wrote:
Its just using the Ruby Etc library to do the lookup according to
puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a
feature request if you want this support.
its #8081
You can work around this by using something like:
$username = bob
ssh_authorized_key { keyfor-${username}:
key = ...,
target = /user/home/dirs/${username}/.ssh/authorized_keys,
}
Will look into this.
The issue being you need prior knowledge of path to the key.
For my simple usecase this is not a problem. (At least atm. I don't see one.)
Thanks, Andreas
glean this by producing a fact that uses something like 'getent'
instead of /etc/passwd - but this is less then optimal.
ken.
On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote:
I'm wondering if the User provider has the capability to look up accounts
via NIS. It's been a long time since I've used NIS, however, so I don't know
if this is the problem for sure.
--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community
On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk
andreas.kuntz...@mdc-berlin.de wrote:
I'm wondering if my description was not clear enough or nobody knows an
answer to this. Did I stumble across a bug here and should open a ticket?
regards, Andreas
Andreas Kuntzagk wrote:
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user= nagios,
type= ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by
puppet and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/idmapd.conf]/content) content changed
'{md5}3e94f238294cc61b047e7ae50115dffc' to
'{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
'{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]:
(/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]:
(/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
'{md5}295c15c4bdac80e50b37689ef08f359c' to
'{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]:
(/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key and NIS user
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user= nagios,
type= ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet
and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/idmapd.conf]/content) content changed
'{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd])
Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
'{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]:
(/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure)
ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
'{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis])
Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
