Hi all,
Full path:
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb
Two problems:
1) Even if filebucketing is disabled, this (still) tries to backup
authorized_keys to /var/lib/puppet/clientbucket/[...]; no other
modules are doing filebucketing when it''s disabled but they
(correctly) do when it is enabled.
2) The filebucketing is (still) being done with euid set to the user
that owns the authorized_keys file, which means it fails since a
normal user could never write to /var/lib/puppet.
I don''t know enough ruby to be more detailed than that.
The original line 64 in the file above is:
Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
The equivalent line didn''t work in 0.25.4 or 0.25.5 and it still
doesn''t work in 2.6.0rc3 (RHEL5.5, rpm from tmz.fedoraproject.org).
If I replace line 64 with the following line, it all works nicely. Of
course, the real problem is that it shouldn''t be trying to filebucket
in the first place when that feature is disabled. The only reason I
turned off filebucket at all was to try to get this working and, well,
it continued to try to filebucket, rather annoyingly. :)
Puppet::Util::SUIDManager.asuser(''root'') { super }
Am I perhaps doing something wrong or do one or both of these appear
to be a genuine bug(s)?
-Jim
Here''s the stack trace from puppetd -d output (filebucket is currently
enabled; the output doesn''t change when filebucket is disabled):
notice:
/Stage[main]//Sshuser[someuser]/Ssh::Auth::Key[someuser@here.com]/Ssh_auth_key_server[someuser@here.com]/Ssh_authorized_key[someuser@here.com]/ensure:
created
debug: Flushing ssh_authorized_key provider target
/home/someuser/.ssh/authorized_keys
info: FileBucket got a duplicate file
/home/someuser/.ssh/authorized_keys
({md5}d41d8cd98f00b204e9800998ecf8427e)
err:
/Stage[main]//Sshuser[someuser]/Ssh::Auth::Key[someuser@here.com]/Ssh_auth_key_server[someuser@here.com]/Ssh_authorized_key[someuser@here.com]:
Could not evaluate: Could not back up
/home/someuser/.ssh/authorized_keys: Permission denied -
/var/lib/puppet/clientbucket/d/4/1/d/8/c/d/9/d41d8cd98f00b204e9800998ecf8427e/paths
notice:
/Stage[main]//Sshuser[otheruser]/Ssh::Auth::Key[otheruser@here.com]/Ssh_auth_key_server[otheruser@here.com]/Ssh_authorized_key[otheruser@here.com]/ensure:
created
debug: Flushing ssh_authorized_key provider target
/home/someuser/.ssh/authorized_keys
/usr/lib/ruby/1.8/fileutils.rb:1404:in `stat''
/usr/lib/ruby/1.8/fileutils.rb:1404:in `fu_same?''
/usr/lib/ruby/1.8/fileutils.rb:1378:in `fu_each_src_dest''
/usr/lib/ruby/1.8/fileutils.rb:1395:in `fu_each_src_dest0''
/usr/lib/ruby/1.8/fileutils.rb:1377:in `fu_each_src_dest''
/usr/lib/ruby/1.8/fileutils.rb:382:in `cp''
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:109:in `write''
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:56:in `real_write''
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:56:in `write''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:95:in
`flush_target''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:69:in `flush''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:67:in `each''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:67:in `flush''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:339:in
`flush''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb:64:in
`flush''
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser''
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb:64:in
`flush''
/usr/lib/ruby/site_ruby/1.8/puppet/type.rb:628:in `flush''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:93:in
`evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:49:in `apply''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:114:in
`eval_children_and_apply_resource''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:92:in `eval_resource''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:143:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:414:in `thinmark''
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure''
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:413:in `thinmark''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:135:in `each''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:135:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:152:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:175:in `benchmark''
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure''
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:174:in `benchmark''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:151:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run''
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:101:in `with_client''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:37:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in `call''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in
`controlled_run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:35:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:114:in
`onetime''
/usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:88:in
`run_command''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:398:in `exit_on_fail''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run''
/usr/sbin/puppetd:4
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Peter Meier
2010-Jul-17 05:21 UTC
Re: [Puppet Users] 2.6.0rc3 ssh_authorized_users/parsed.rb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Am I perhaps doing something wrong or do one or both of these appear > to be a genuine bug(s)?I would say these are 2 bugs, can you file the reports? Thanks. cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxBPfIACgkQbwltcAfKi3/mnwCeMJib4/HZk2KBpUHyC7EhRDIe WGIAnjnb6KxbMtnCCZXhmfh8WcTzOWbV =Hljb -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Done. http://projects.puppetlabs.com/issues/4266 http://projects.puppetlabs.com/issues/4267 Also: for those that''ve never gone through this process before (such as me), could use a hint somewhere on the bugtracker (at least on the "Issues" page) that you need to register to create a new issue. Since the "New Issue" link doesn''t show up at all until you''ve registered and signed in, it''s not obvious at all that''s what needs to be done. That said, it''s possible I missed the hint, though I did look around pretty thoroughly. -Jim On Jul 16, 2010, at 10:21 PM, Peter Meier wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> Am I perhaps doing something wrong or do one or both of these appear >> to be a genuine bug(s)? > > I would say these are 2 bugs, can you file the reports? Thanks. > > cheers pete > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkxBPfIACgkQbwltcAfKi3/mnwCeMJib4/HZk2KBpUHyC7EhRDIe > WGIAnjnb6KxbMtnCCZXhmfh8WcTzOWbV > =Hljb > -----END PGP SIGNATURE----- > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2010-Jul-17 21:08 UTC
Re: [Puppet Users] 2.6.0rc3 ssh_authorized_users/parsed.rb
Jim Bala wrote:> Also: for those that''ve never gone through this process before (such > as me), could use a hint somewhere on the bugtracker (at least on the > "Issues" page) that you need to register to create a new issue. > Since the "New Issue" link doesn''t show up at all until you''ve > registered and signed in, it''s not obvious at all that''s what needs > to be done. That said, it''s possible I missed the hint, though I did > look around pretty thoroughly. >It''s mentioned on the bottom of the home page but I can how it might have been missed. I will call it out more clearly. Regards James Turnbull -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
At least to me, the optimal placement would be under the "New Issue" tab, which is always there regardless of login status. If you aren''t logged in, it says, "Please login or register for an account to create a new issue." Just seems counterintuitive to hide the tab/link. -Jim On Jul 17, 2010, at 2:08 PM, James Turnbull wrote:> Jim Bala wrote: >> Also: for those that''ve never gone through this process before (such >> as me), could use a hint somewhere on the bugtracker (at least on the >> "Issues" page) that you need to register to create a new issue. >> Since the "New Issue" link doesn''t show up at all until you''ve >> registered and signed in, it''s not obvious at all that''s what needs >> to be done. That said, it''s possible I missed the hint, though I did >> look around pretty thoroughly. >> > > It''s mentioned on the bottom of the home page but I can how it might > have been missed. I will call it out more clearly. > > Regards > > James Turnbull > > -- > Puppet Labs - http://www.puppetlabs.com > C: 503-734-8571 > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2010-Jul-17 21:23 UTC
Re: [Puppet Users] 2.6.0rc3 ssh_authorized_users/parsed.rb
Jim Bala wrote:> At least to me, the optimal placement would be under the "New Issue" > tab, which is always there regardless of login status. If you aren''t > logged in, it says, "Please login or register for an account to > create a new issue." Just seems counterintuitive to hide the > tab/link. >Can''t be done unfortunately with Redmine. Regards James Turnbull -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.