serving files through Puppet: "Could not evaluate"
TLDR version: Given a normal use of fileserver.conf, how do I build a puppet URL that will actually work?
.
I'm trying to get started with Puppet and a few virtual instances. For a first task, I'm trying to distribute an authorized_keys file using the file type. Yes, it can be done with the ssh authorized key type, but this is about file distribution for now, right?
The file serving wiki implies the paths I should be constructing. First, here's what puppetmasterd knows:
$ grep -B 1 path /etc/puppet/fileserver.conf
[files]
path /etc/puppet
Second, I created a file, /etc/puppet/modules/ssh/manifests/init.pp
, that contains the following:
$ cat /etc/puppet/modules/ssh/manifests/init.pp
class ssh {
file { "/home/ubuntu/.ssh/authorized_keys":
source => "puppet:///modules/ssh/authorized_keys",
mode => 400,
owner => ubuntu,
group => ubuntu
}
file { "/home/ubuntu/.ssh":
ensure => directory,
mode => 700,
owner => ubuntu,
group => ubuntu
}
notify {"all done.":}
}
# declare class
class {'ssh':}
When I run the file directly, it fails in the following way:
$ puppet apply --verbose /etc/puppet/modules/ssh/manifests/init.pp
info: Applying configuration version '1357516270'
notice: all done.
notice: /Stage[main]/Ssh/Notify[all done.]/message: defined 'message' as 'all done.'
err: /Stage[main]/Ssh/File[/home/ubuntu/.ssh/authorized_keys]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///modules/ssh/authorized_keys at /etc/puppet/modules/ssh/manifests/init.pp:7
notice: Finished catalog run in 0.04 seconds
I've tried several versions of the puppet source link. For instance:
puppet:///modules/ssh/authorized_keys
puppet:///authorized_keys
Here's where the authorized_keys file actually resides:
$ ls -l /etc/puppet/modules/ssh/files/authorized_keys
-rw------- 1 root root 796 Jan 6 23:30 authorized_keys
This pattern of "init.pp" and "files/*" appears to match the Advanced Puppet Pattern wiki entry.
Here's my puppet version, for completeness.
$ puppet --version
2.7.18
To show I'm not doing the "fix my simple question" or "do my homework" thing, I've been working to find answers to this basic question. I have included links above to reference sources, and I've looked at other answers too. I've seen failures that are cert issues (1, 2), but this is local. Annoyingly, this looks very close but takes a hard turn into Vagrant, though there's an answer that talks about a [modules]
section instead of a [files]
section, which doesn't exist in the wiki. Here's a recent "official mailing list" thread, but I couldn't figure out what I'm doing wrong.
Make sure something like this is set to the path of your modules in puppet.conf on your master
modulepath = /etc/puppet/modules
If you then do something like
source => "puppet:///modules/ssh/authorized_keys",
If will look for the file in
/etc/puppet/modules/ssh/files/authorized_keys
EDIT:
you are mixing up files with modules btw.. they are two completely different things. Generally everyone uses modules these days and never touches [files] since it is too messy.
Any logs on your master?
That location is correct, but I suspect the 600
mode on the file is preventing the file server from being able to read it, since the puppet master process usually runs as a non-root user (puppet
by default).
Check the logs, but a mode change on the file will probably do the trick.