wwkimball / wwkimball-sshfs Goto Github PK
View Code? Open in Web Editor NEWPuppet module for managing sshfs servers and clients
Puppet module for managing sshfs servers and clients
I create a client mount with puppet code such as:
class profiles::example {
$sftp_storage_private_key = lookup('profiles::example::sftp_storage_private_key')
class { '::sshfs::client':
local_mount_point => '/mnt/example',
manage_private_key => true,
private_key_path => '/root/credentials/sshfs.key',
remote_share_host => 'server.example.com',
remote_share_path => '/',
remote_share_user_name => 'example',
private_key => $sftp_storage_private_key
}
}
First puppet run completes without error.
Notice: /Stage[main]/Sshfs::Client::Mount/File[/mnt/example]/ensure: created (corrective)
Notice: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]/ensure: ensure changed 'unmounted' to 'mounted' (corrective)
Info: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Scheduling refresh of Mount[/mnt/example]
Info: Mount[/mnt/example](provider=parsed): Remounting
Notice: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Triggered 'refresh' from 1 event
Info: /Stage[main]/Sshfs::Client::Mount/Mount[/mnt/example]: Scheduling refresh of Mount[/remote/apps-sftpxfr]
If the remote sshfs share has filesystem permission of 755 after the initial successful puppet run the next and all subsequent puppet runs report an error:
Error: failed to set mode 0755 on /remote/apps-sftpxfr: Permission denied @ apply2files - /remote/apps-sftpxfr
Error: /Stage[main]/Sshfs::Client::Mount/File[/remote/apps-sftpxfr]/mode: change from '0755' to '0775' failed: failed to set mode 0755 on /remote/apps-sftpxfr: Permission denied @ apply2files - /remote/apps-sftpxfr (corrective)
I believe that this is due to the hardcoded permissions mode of 0775 in manifests/client/mount.pp
file { $sshfs::client::local_mount_point:
ensure => directory,
owner => $sshfs::client::local_share_user_name,
group => $sshfs::client::local_share_group_name,
mode => '0775',
}
I'll create a Pull request to change this to a variable (defaulting to 0775)
Thanks!
I create a client mount with puppet code such as:
class profiles::example {
$sftp_storage_private_key = lookup('profiles::example::sftp_storage_private_key')
class { '::sshfs::client':
local_mount_point => '/mnt/example',
manage_private_key => true,
private_key_path => '/root/credentials/sshfs.key',
remote_share_host => 'server.example.com',
remote_share_path => '/',
remote_share_user_name => 'example',
private_key => $sftp_storage_private_key
}
}
The run from the puppet agent run includes the cleartext private key. I've generated a throwaway private key for this issue report
Notice: /Stage[main]/Sshfs::Client::User/File[/root/credentials/sshfs.key]/content:
--- /root/credentials/sshfs.key 2022-01-31 17:01:25.664174962 +0000
+++ /tmp/puppet-file20220131-126323-uhhuq1 2022-01-31 17:01:43.275610991 +0000
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEApb6csXjogK5tniz2OCQW4CAENbC5/M9fbXIXves3QaGTccHZ
+DykqOLALXVgpQnm5MsuK25ZBUJYjrvQvi9YVR8H512r9p6hydQ5SVAYLdkgQ2/Lo
+6veYCmbrGECOVoWE0KzS+mMiTK/OSp8HFQLQnyqddBAdAy2syhRj0TzNkCZdpvNe
+59yILaL+Y+0BvAhaB/iW2YzMszm1j4g5Z5s/46HuEA5b0VJNsxRFqnKuq3EAoX4C
+Pg8Higc7eh4o0t4AlyVMjr6NxaBi4dVyD3w0Bth94byagFz379d5OCScu2ErVBgG
+41UvBZxuPyNrcDoUGPeUFYiLSVZEyf03b3M1GQIDAQABAoIBAEMVE9xsoEW801cK
+wZjVWoDZ1Hpajdw5nljwrZVLhzDEEaYgHBcbxR/ueJsOHJzwITni0c+wT70rF0Qv
+RrMlMbW6V8GNZx6deb3Qzxd83tS/tDshZI39KgdDwnEtZ66zGZ9P45A94VsCaM8g
+8D/bxM429EVOZD+uE9oySHgeUOC/T2ACCRSqANdtvvTLeA+ULuacKz5MxzaBij86
+o0CeJT31F0Y/pANd8AdQbMKLjkFgiHCgSmmz0fsXAtVIfTFNgrMPHkP72JZStJku
+kLIuCL9ns9OQQpjwGJ51n8hDbKTY9RAmoN8DBHe9s1WfaqzdJwsZ7wi3nTSN09z1
+UeGjYBUCgYEA26va86pgP+dIGylCNLlTVKkmbNAo59l5/6laJtcN1GnbYsNk5eZN
+nWQFg0pTTQ5SSVokO80OZYCuI3BxSOqUVFaK1P9xl7rboffnUwsohE9ed9RoNDHe
+XIAqnnmuBKNvfwIQ77WIPQSk0IPhXxJv/SF8fi+ForQTl0hd4sdDFfsCgYEAwSeu
+KFSvsw1lrwUs/PyRCVHbzqdmj/l8ETFYXpDi6YK6jhXc48TMvIjYWD2gOkuMqj0B
+0p8TTTPkEq2yD/t8rghHwxvjv0AKb79nswzytgsv/IsB+elI3Q88wyNYlF2SeU2B
+FRkDRwE+2fi6tx0tAan2RehDdPz2i2Qiz7/tePsCgYBqT6ieRjVgl+jwpC4TYCFx
+Fo+vF6rEUh7V2Tr1ExzxUO3IxXF+RdAIPNDiMkVQRH8UWtiwTFQMUZN1OUTKGiUB
+EAUOgjWSTe9fWp+MNBk+tz6r1ZM8t2m68JgvrAnI2uPp3rEdoYg2p5mwBDM9FKo4
+Ik2isBMHpAjbLT2qs+7GowKBgAu9LKF43CDGrKphZyWM+AeX+QLrO5l+cSLeW9+L
+cK7+afYesAkLueGvc26ReD5yvv7NrGGvl0223KKh+dNs1lwBVtMty76g1sGJ4XSJ
+UersbSMtE5arrej5dxjo+gYyVaeXpUOx/HgBRF+c9UQRut2CBdyjzA29HgLEuDTm
+FjmnAoGAS0K6BBuQFahC4N3wpRNbxtxFe4yh6ZbHOg7/aVVp8UeGAs8Zen+BWSZ5
+U3TZno0/uI0hJSrCfU/Zb0RINqis0pRYvczjPLveycsDg1hcNVf6u3xyVJvUpes3
+eZN4lJZ9KSzlZ9aQsp96jOxbG989DqvBKYoQnfe4Ix7V04/nkJM=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
I suggest adding show_diff => false to manifests/client/user.pp
file { $sshfs::client::private_key_path:
ensure => file,
content => $sshfs::client::private_key,
owner => 'root',
group => 'root',
mode => '0400',
require => [ File[$key_path] ],
show_diff => false,
}
This will result in the output similar to
Notice: /Stage[main]/Sshfs::Client::User/File[/root/credentials/sshfs.key]/content: content changed '{sha256}e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' to '{sha256}76297943d84739a 726fd786b0a84ab8611c526ca6abed627073bfd8816ba1e5f' (corrective)
I'll create a Pull request for this change.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.