Collector not realizing own exported resources when filtering on tags

92 views
Skip to first unread message

Chuck Bredestege

unread,
Aug 13, 2013, 1:29:51 PM8/13/13
to puppet...@googlegroups.com
I'm trying to create a ssh class where the /etc/ssh/ssh_known_hosts and /etc/ssh/shosts.equiv stays updated.  The issue i'm finding is that if I include a "tag == anything" in the Collector filter, it collects all resources EXCEPT it's own.  In this case, the known_hosts and .equiv files will have all the other hostnames, but not it's own hostname.  If I remove the "tag ==" line it works as expected.  I tested this with a common tag "ssh" which I verified is in puppetdb on both exports.

[root@csep0501 ssh]# rpm -qa | grep puppet
puppet-3.2.3-1.el5

(where $dsitename is the lowercase version of a global fact)

    @@sshkey{ "${::fqdn}-ssh-pubkey" :
        tag          => $dsitename,

        ensure       => present,
        host_aliases => [ $::hostname ],
        key          => $::sshrsakey,
        name         => $::fqdn,
        type         => 'ssh-rsa',
    }

    @@file_line{ "${::fqdn}-shosts.equiv" :
        tag     => $dsitename,
        path    => "/etc/ssh/shosts.equiv",
        ensure  => present,
        line    => "+${::fqdn}",
    }

    notify { 'testmessage' :
        message => "Downcased sitename is $dsitename",
    }

    Sshkey <<| tag == 'ssh' and tag == $dsitename |>> {
        require => File['/etc/ssh/ssh_known_hosts'],
    }
    File_line <<| tag == 'ssh' and tag == $dsitename and path == "/etc/ssh/shosts.equiv" |>>  {
        require => File['/etc/ssh/shosts.equiv'],
    }

jcbollinger

unread,
Aug 14, 2013, 1:07:50 PM8/14/13
to puppet...@googlegroups.com

Why do you need parameter overrides for 'require'?  Does it not work to declare those directly in the original resource declarations?

Anyway, this looks similar to http://projects.puppetlabs.com/issues/11049.  Can you work around it by explicitly collecting the node's own resources?  For example, add

Sshkey <<| title == "${::fqdn}-ssh-pubkey" |>>
File_line <<| title == "${::fqdn}-shosts.equiv" |>>

(with the 'require' override too, if that turns out to be necessary).


John

Chuck Bredestege

unread,
Aug 15, 2013, 11:37:26 AM8/15/13
to puppet...@googlegroups.com
You were right about the require overrides, I moved those into the exported sources instead (looks cleaner that way anyway)

and adding 2 collector lines, one for "everyone else" and one "for myself" worked as you suggested, thanks.
Reply all
Reply to author
Forward
0 new messages