Hello
First up the file type supports selinux roles etc so you might not need any
of that.
If you did make the exec resource refreshonly and notify it from the file
resource.
Anyway the parser is right the syntax is bad. Inside the curly its always
like
type{'name':
var => value,
Followed by more of the same pairs
}
Neil
On 17 Nov 2013 20:34, "dkoleary" <dkole...@olearycomputers.com> wrote:
> Hi;
>
> This one should be easy; but, so far, it's eluding me.
>
> I would like to configure ssh to use a different directory for authorized
> keys files. I have the file resource which that works on its own. I want
> the file resource to call the exec to set the selinux type on the directory
> when needed. Here's what I have:
>
> class ssh::config
> {
> define sshdir_selinux() {
> exec { "/usr/bin/chcon -R -t ssh_home_t
> $ssh::params::ssh_authkey_dir": }
> }
> # exec { 'sshdir_selinux':
> # command => "chcon -R -t ssh_home_t
> $ssh::params::ssh_authkey_dir",
> # path => '/usr/bin',
> # require => File["$ssh::params::ssh_authkey_dir"],
> # }
> file { $ssh::params::ssh_authkey_dir:
> ensure => directory,
> owner => root,
> group => root,
> mode => '0755',
> }
> file { $ssh::params::ssh_rootkeys:
> ensure => present,
> owner => root,
> group => sys,
> mode => '0750',
> source => 'puppet:///modules/ssh/authorized_keys.root',
> sshdir_selinux { },
> }
> }
>
> My searches (particularly:
> https://support.mayfirst.org/wiki/how-to/puppet/layout#defines) seem to
> indicate this is the right syntax; but I keep getting:
>
> # ptest
> Error: Syntax error at '{'; expected '}' at
> /root/modules/ssh/manifests/config.pp:62 on node
> puppet.olearycomputers.com
> Error: Syntax error at '{'; expected '}' at
> /root/modules/ssh/manifests/config.pp:62 on node
> puppet.olearycomputers.com
>
> when I run it.
>
> I have made the process work by using the straight exec that's commented
> in the code above; but, that'll call chcon every time that puppet's run (as
> I understand it). I would rather have it called only when a key file is
> added.
>
> Appreciate any hints/tips/suggestions.
>
> Doug O'Leary
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e40a6bc4-170f-4be6-bacb-73e13c483ce9%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAohVBdUM7fxVh_JJAupoPx7U9Y%3DsuhEZ9wVjR0VGxNU-qcvBw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
