Ask Your Question
0

How do I get the contents of a file on the PuppetMaster ?

asked 2012-12-31 12:45:38 -0500

The file function dumps the contents of a file on the client/agent into a variable. Is there a less ugly way to do it for a file on the puppet master than this:

foo => generate ("/bin/cat","/full/path/to/the/file/wanted"),

edit retag flag offensive close merge delete

Comments

Is there a reason that source, content (details on both of those at http://docs.puppetlabs.com/references/stable/type.html#file) or the file server (http://docs.puppetlabs.com ...(more)

llowder gravatar imagellowder ( 2012-12-31 12:55:33 -0500 )edit

Those are all aspects of the file resource. I need the contents of a file dumped into a variable. I want to use this for sshauthorizedkey resources to ...(more)

LinuxDan gravatar imageLinuxDan ( 2012-12-31 13:04:12 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted
2

answered 2013-01-02 12:46:01 -0500

Stefan gravatar image

To answer your original question, every function (and file is no exception here) is evaluated on your master side, so your initial statement is not correct. Please note that the file function has nothing to do with the file resourcetype. So you can e.g. do

ssh_authorized_key { 'bob':
  ensure => present,
  user   => root,
  type   => rsa,
  key    => file('/path_to_public_keys/bob')
}

The file function will in this case read the file /path_to_public_keys/bob on your master. The filename does not appear in the compiled catalog that is handed down to your puppet agent, the property value will have already been replaced with the ... (more)

edit flag offensive delete link more

Comments

Silly me. I am sure I tried exactly that and got an error. Well, I tried it again, and ... Would you believe it worked ?!! :P

LinuxDan gravatar imageLinuxDan ( 2013-01-02 13:45:26 -0500 )edit
0

answered 2012-12-31 13:32:28 -0500

llowder gravatar image

I would recommend using hiera in this case.

You can either insert the keys into your main yaml files, or make use of backends such as hiera-gpg or hiera-file

If the keys are generated on one or more nodes (rather than the master), I would suggest taking a look at puppet-concat combined with exported resources.

edit flag offensive delete link more

Comments

That puts the huge ugly string in the hiera file instead of in the manifest. And using concat sounds uglier yet.

LinuxDan gravatar imageLinuxDan ( 2012-12-31 15:14:14 -0500 )edit
0

answered 2012-12-31 13:31:01 -0500

jlambert121 gravatar image

You are able to use the puppet file server (http://docs.puppetlabs.com/guides/fileserving.html) to retrieve files from a puppet server. This will allow you to copy files (such as an authorizedkeys file) without having to have the text directly in your manifest.

Another option would be to use hiera where you can retrieve a string into a variable by doing: $foo = hiera('keyforkeyyouwant')

In case you aren't aware of it, the user type (http://docs.puppetlabs.com/references/3.0.latest/type.html#user) will also manage the authorized_keys file ... (more)

edit flag offensive delete link more

Comments

That would put an additional copy onto the client/agent in addition to /home/$user/.ssh/authorized_keys. I am trying to eliminate duplication and keep all the public keys on ...(more)

LinuxDan gravatar imageLinuxDan ( 2012-12-31 15:15:17 -0500 )edit

I think you are mistaken about user managing ssh_authorized key. I am using Puppet 3 and those are two separate types.

LinuxDan gravatar imageLinuxDan ( 2012-12-31 15:21:18 -0500 )edit

I'm not sure I understand what you mean by "an additional copy on the client". You are correct, sshauthorizedkey is a separate resource - sorry about that, I ...(more)

jlambert121 gravatar imagejlambert121 ( 2012-12-31 16:22:14 -0500 )edit

The file resource will copy the key to the client to a file somewhere. Then, by whatever means, it gets copied into ~user/.ssh/authorized_keys. That puts two copies of ...(more)

LinuxDan gravatar imageLinuxDan ( 2012-12-31 18:41:54 -0500 )edit

I don't believe this is true when using the file resource. Do you have a reference showing where it is? file { ~/user/.ssh/authorized_keys: mode => '0400', owner => 'user', group ...(more)

jlambert121 gravatar imagejlambert121 ( 2013-01-01 15:17:50 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

3 followers

Stats

Asked: 2012-12-31 12:45:38 -0500

Seen: 6,884 times

Last updated: Jan 02 '13