1

Ich was working with puppet and facter to collect information from the puppet node. Testing the *.rb script however regularly failed with

WARN backup_key.rb - Command /opt/puppetlabs/facter/facts.d/backup_key.rb completed with the following stderr message: /opt/puppetlabs/facter/facts.d/backup_key.rb: 1: Syntax error: word unexpected (expecting ")")

The content of backup_key.rb was correct:

Facter.add('backup_key') do setcode do Facter::Core::Execution.execute('/usr/bin/gpg --list-secret-keys | grep " [0-9A-Z]*$" | sed "s/\\\\s //g" | head -n1') end end

And if copying the file's content to a new file, it worked, whentesting with

facter --custom-dir /opt/puppetlabs/facter/facts.d | grep backup

Could it be the newline character? No, it was not.

Improve this question
1
  • It seems that with --list-secret-keys, this fact is intended for inventory purposes — to check whether the correct keys are deployed on the correct nodes. The name of the fact, backup_key, initially made me worry that it was being used to back up PGP secret keys via Facter, which would be highly insecure, since facts are accessible to authenticated Puppet users via PuppetDB (queriable by Puppet manifests, API users, and RBAC-controlled interfaces) and can also be read locally by any user with sufficient permissions to run facter. Commented Oct 4 at 17:53

1 Answer 1

Reset to default
0

The problem were file permissions.

As long as the script had the execute (x) permission, the error message occured.

Changing the file permission to 0600 solved the problem immediately.

file { '/opt/puppetlabs/facter/facts.d/backup_key.rb': ensure => file, owner => 'root', mode => '0600', content => epp('modulename/backup_key.rb', {}), }

It seems that facter tries to run an executable file via linux shell, not via ruby.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.