5

TLDR version: Given a normal use of fileserver.conf, how do I build a puppet URL that will actually work?

.

I'm trying to get started with Puppet and a few virtual instances. For a first task, I'm trying to distribute an authorized_keys file using the file type. Yes, it can be done with the ssh authorized key type, but this is about file distribution for now, right?

The file serving wiki implies the paths I should be constructing. First, here's what puppetmasterd knows:

$ grep -B 1 path /etc/puppet/fileserver.conf 
[files]
  path /etc/puppet

Second, I created a file, /etc/puppet/modules/ssh/manifests/init.pp, that contains the following:

$ cat /etc/puppet/modules/ssh/manifests/init.pp
class ssh {
  file { "/home/ubuntu/.ssh/authorized_keys":
    source => "puppet:///modules/ssh/authorized_keys",
    mode => 400,
    owner => ubuntu,
    group => ubuntu
  }

  file { "/home/ubuntu/.ssh":
    ensure => directory,
    mode => 700,
    owner => ubuntu,
    group => ubuntu
  }

  notify {"all done.":}

}

# declare class
class {'ssh':}

When I run the file directly, it fails in the following way:

$ puppet apply --verbose /etc/puppet/modules/ssh/manifests/init.pp
info: Applying configuration version '1357516270'
notice: all done.
notice: /Stage[main]/Ssh/Notify[all done.]/message: defined 'message' as 'all done.'
err: /Stage[main]/Ssh/File[/home/ubuntu/.ssh/authorized_keys]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///modules/ssh/authorized_keys at /etc/puppet/modules/ssh/manifests/init.pp:7
notice: Finished catalog run in 0.04 seconds

I've tried several versions of the puppet source link. For instance:

puppet:///modules/ssh/authorized_keys
puppet:///authorized_keys

Here's where the authorized_keys file actually resides:

$ ls -l /etc/puppet/modules/ssh/files/authorized_keys
-rw------- 1 root root 796 Jan  6 23:30 authorized_keys

This pattern of "init.pp" and "files/*" appears to match the Advanced Puppet Pattern wiki entry.

Here's my puppet version, for completeness.

$ puppet --version
2.7.18

To show I'm not doing the "fix my simple question" or "do my homework" thing, I've been working to find answers to this basic question. I have included links above to reference sources, and I've looked at other answers too. I've seen failures that are cert issues (1, 2), but this is local. Annoyingly, this looks very close but takes a hard turn into Vagrant, though there's an answer that talks about a [modules] section instead of a [files] section, which doesn't exist in the wiki. Here's a recent "official mailing list" thread, but I couldn't figure out what I'm doing wrong.

Community
  • 1
tedder42
  • 853
  • 1
  • 9
  • 20

2 Answers2

2

Any logs on your master?

That location is correct, but I suspect the 600 mode on the file is preventing the file server from being able to read it, since the puppet master process usually runs as a non-root user (puppet by default).

Check the logs, but a mode change on the file will probably do the trick.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
2

Make sure something like this is set to the path of your modules in puppet.conf on your master

  modulepath = /etc/puppet/modules

If you then do something like

 source => "puppet:///modules/ssh/authorized_keys",

If will look for the file in 

 /etc/puppet/modules/ssh/files/authorized_keys

EDIT:

you are mixing up files with modules btw.. they are two completely different things. Generally everyone uses modules these days and never touches [files] since it is too messy.

Mike
  • 22,310
  • 7
  • 56
  • 79
  • yep, this did it. (though I've backed the modulepath change out and it still seems to work). It's nice to know what people use, not just what's out there- thanks! – tedder42 Jan 07 '13 at 03:49
  • This also fixed a Could not evaluate: Could not retrieve information from environment production source(s) problem that I was having. The fact that "files" doesn't show up in the URL was throwing me. Thanks! – brokenbeatnik Jun 14 '13 at 14:50