Re: troubleshooting resource collection

[jcbollinger]

On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote:

Hi,

I'm new to Puppet. And I'm trying out an ssh module: https://github.com/saz/puppet-ssh.
It collects ssh keys like this:

class ssh::knownhosts {
    Sshkey <<| |>> {
        ensure => present,
    }
        notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
}

I can see it echoes the host key of the host the puppet agent runs on. But the /etc/ssh/ssh_known_hosts file isn't actually written - I can add an sshkey resource "manually" in a manifest somewhere and then puppet does write the file though.

I reckon when compiling the catalog, Puppet doesn't actually use the collected resource to include in another host's configuration. But why not?

The code you present collects all available exported resources of type 'sshkey', but it does not declare any such resources.  If you're not managing your nodes' ssh host keys, then Puppet knows nothing about them.  For this to work, therefore, in addition to the above your manifest should contain something like

@@sshkey { "${hostname}":
  key => '<the-key>',
  type => '<probably-dsa-or-rsa>'
}


John

[Frank Van Damme]

There is, in another class (and as I wrote, the collection sort of works because I see the output of the 'notify{"knownhosts class: $fqdn $hostname $ipaddress ":}' above):

 class ssh::hostkeys {
    @@sshkey { "${fqdn}_rsa":
        host_aliases => [ "$fqdn", "$hostname", "$ipaddress" ],
        type         => rsa,
        key          => $sshrsakey,
    }
}

[jcbollinger]

On Wednesday, August 29, 2012 9:34:24 AM UTC-5, Frank Van Damme wrote:

On Wednesday, August 29, 2012 4:14:27 PM UTC+2, jcbollinger wrote:

On Wednesday, August 29, 2012 6:25:35 AM UTC-5, Frank Van Damme wrote:

Hi,

I'm new to Puppet. And I'm trying out an ssh module: https://github.com/saz/puppet-ssh.
It collects ssh keys like this:

class ssh::knownhosts {
    Sshkey <<| |>> {
        ensure => present,
    }
        notify{"knownhosts class: $fqdn $hostname $ipaddress ":}
}

I can see it echoes the host key of the host the puppet agent runs on. But the /etc/ssh/ssh_known_hosts file isn't actually written - I can add an sshkey resource "manually" in a manifest somewhere and then puppet does write the file though.

I reckon when compiling the catalog, Puppet doesn't actually use the collected resource to include in another host's configuration. But why not?

The code you present collects all available exported resources of type 'sshkey', but it does not declare any such resources.  If you're not managing your nodes' ssh host keys, then Puppet knows nothing about them.  For this to work, therefore, in addition to the above your manifest should contain something like

@@sshkey { "${hostname}":
  key => '<the-key>',
  type => '<probably-dsa-or-rsa>'
}


John

There is, in another class (and as I wrote, the collection sort of works because I see the output of the 'notify{"knownhosts class: $fqdn $hostname $ipaddress ":}' above)

That you see the output of your 'notify' proves only that class 'ssh::knownhosts' is included in the target node's catalog.  It therefore compiled successfully, but that says nothing about what resources were actually collected.

If nothing is showing up in /etc/ssh/ssh_known_hosts, then that almost certainly means that no Sshkey resources are being collected.  The most likely explanations then are that your class 'ssh:hostkeys' is not being included in your nodes' catalogs, or else that you do not have [thin]storeconfigs configured.

If the target node's key is showing up but no other nodes' are, then the most likely explanations are that your other nodes are not getting class 'ssh::hostkeys' in their catalogs, that they have not checked in with the Puppetmaster since that class was assigned to them, or that you do not have [thin]storeconfigs configured.


John

[Frank Van Damme]

That turned out to be the problem, storeconfigs was still disabled! Thank you!