search

Aethylred / puppet-keymaster

A Puppet module for generating, deploying, and managing public and private keys/certificates for DSA, RSA, and x509
Other
0 stars 3 forks source link

Silently not generating keys #6

Open Wilm0r opened 8 years ago

Wilm0r commented 8 years ago

Hello,

This module appears to have problems on Debian Stable (Puppet 3.7.2-4), or I am just doing it wrong.

This is what my Puppetmaster definition looks like:

node "mop" {
        include puppet_master

        # SSH key fancypants!
        include keymaster
        # For rsyncing builds from builders to webserver.
        keymaster::openssh::key{ "bitlbee-pbuilder": }
}

When I run Puppet, it will create the /var/lib/keymaster directory + subdirs, but not any keys.

root@mop:~# puppet agent --test --environment test
Warning: Certificate 'Puppet CA: mop' will expire on ...
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for mop.dublin.gaast.net
Info: Applying configuration version '1455271789'
Notice: /Stage[main]/Keymaster/File[key_store_base]/ensure: created
Notice: /Stage[main]/Keymaster/File[key_store_x509]/ensure: created
Notice: /Stage[main]/Keymaster/File[key_store_openssh]/ensure: created
Notice: /Stage[main]/Keymaster/File[key_store_host_key]/ensure: created
Notice: Finished catalog run in 45.25 seconds
root@mop:~# ls -lR /var/lib/keymaster/
/var/lib/keymaster/:
total 12K
drwxr-x--- 2 puppet puppet 4.0K feb 12 10:10 host_key/
drwxr-x--- 2 puppet puppet 4.0K feb 12 10:10 openssh/
drwxr-x--- 2 puppet puppet 4.0K feb 12 10:10 x509/

/var/lib/keymaster/host_key:
total 0

/var/lib/keymaster/openssh:
total 0

/var/lib/keymaster/x509:
total 0

Without any error messages I have no clue where to start looking. :-( If I understand the documentation correctly, the two lines above should be enough to get the keys generated in /var/lib/keymaster. Just in case it matters I've also added a key deployment to one of the hosts:

        user { "$user":
                ensure => present,
                comment => "BitlBee nightly snapshot builder",  
                home => $home,
        }
        keymaster::openssh::key{ "bitlbee-pbuilder": } 
        keymaster::openssh::deploy_pair{ "bitlbee-pbuilder":
                user => "$user",           
        }

Still, no luck.

Any clues on debugging this further? In case it matters, these changes are just in my test environment, not production, but as you see I am definitely invoking the test environment, and some keymaster-related things do happen (the keymaster module is not present yet at all in prod).

Wilm0r commented 8 years ago

Ok, starting to feel like the problem is storeconfigs isn't enabled. Unhelpful that A) many mentions of storeconfigs don't mention the fact that it needs to be enabled and B) that Puppet just seems to silently ignore anything related to storedconfigs if disabled.

Getting it enabled then seems to be a challenge by itself. Will keep trying.

Aethylred commented 8 years ago

Yes, keymaster requires storeconfigs, as pretty much everything is done by creating virtual resources and realizing them where they're needed.