when I try to update /etc/sudoers in puppet master the files it doesnt get updated! please help!

[bobby38]

Hello All,

i have created a module called Sudoers here is the content of the init.pp

File { owner => "root", group => "root", mode  => "0440" }

        file {"/etc/sudoers":

                ensure => "present",

                content => template("sudoers/sudoers.erb"),

        }

        file {  "/etc/sudoers.d":

                        ensure  => "directory",

                        owner   => "root",

                        group   => "root",

                        recurse => "false",

                        mode    => 550,

        }

and this is the content of sudoers.erb

root                            ALL=(ALL)       NOPASSWD: ALL

# Admins

user1                      ALL=(ALL)       NOPASSWD: ALL

user2                      ALL=(ALL)       NOPASSWD: ALL

now when i do puppet agent --test 

i am getting 

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for ip-10-167-26-44.

Info: Applying configuration version '1441378237'

Notice: Finished catalog run in 0.03 seconds

but when i look to content of /etc/sudeors nothing get uppdated. 

basically all my sudeors class is ignored

can you guys tell me what I am doing wrong?

Thanks a lot! 

[jcbollinger]

On Friday, September 4, 2015 at 10:26:06 AM UTC-5, bobby38 wrote:

Hello All,

i have created a module called Sudoers here is the content of the init.pp

File { owner => "root", group => "root", mode  => "0440" }

        file {"/etc/sudoers":

                ensure => "present",

                content => template("sudoers/sudoers.erb"),

        }

        file {  "/etc/sudoers.d":

                        ensure  => "directory",

                        owner   => "root",

                        group   => "root",

                        recurse => "false",

                        mode    => 550,

        }

The content of the init.pp file of a Puppet module should define a class with the same name as the module, and all (other) declarations within should be inside the body of that class:

class sudoers {

  file {"/etc/sudoers":
    ensure  => 'file',

    owner   => 'root',
    group   => 'root',

    mode    => '0440',

    content => template("sudoers/sudoers.erb"),
  }

  file {  "/etc/sudoers.d":
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    recurse => 'false',

    mode    => '0750',
  }
}

Furthermore, Puppet can know how to apply all different kinds of configurations, and generally you don't want any one machine to have them all.  To accommodate that, it is not sufficient simply for a module to be available to Puppet; rather, you must tell Puppet which classes to apply to each node.  There is a variety of ways to do that, but the quickest way for someone just getting started is to put an appropriate node block in your site manifest.  What that actually entails is actually rather configurable these days, at least with respect to which file to modify.  One reasonably likely alternative is to create or modify `/etc/puppetlabs/puppet/environments/production/manifests/site.pp`.

A node block that declares (only) the main class of your 'sudoers' module would look like this:

node 'target.node.my.com' {
  include 'sudoers'
}

You can use regular expressions to match node blocks to target nodes, too, and you can declare one 'default' node block that is matched to nodes to which no other node block can be matched.

All of this is covered in the language manual in the docs, which I strongly recommend you read.  It's a fairly easy read.  There are also all sorts of tutorial resources available from Puppetlabs and elsewhere.  Some are free, others are not, but Puppet is different enough from anything else you're likely to have experience with that you cannot expect to just muddle your way through.


John