Puppet users - Apr 2011 - ssh_authorized_keys - not adding keys ... (??)

Hey folks -

I''m running into some weirdness getting ssh keys realized properly.
The manifest I''m working with is here: http://www.pastie.org/1744771 .
I''m using 2.6.3 epel repo on a Centos 5.5 box .

The expected behaviour is to have the user created and their public
key put in their authorized_keys as well as the studio_app user''s
authorized_keys.

What ends up happening is the user''s key does not get into their
authorized_keys file but it does end up in the studio_app user''s.
Puppetd does not show any errors or messages around adding the key to
the user''s homedir. I''ve tried running both puppetd and
puppetmasterd
in verbose mode and again there''s nothing indicating a failure. Its
almost like its just skipping it completely.

If I remove the override (last three lines), the user''s key goes into
their authorized_key file fine and there are log messages in both.

I''ve also tried overriding again:

       Ssh_authorized_key <| title == "test.user.key" |>{
                user => "test.user",
        }

There is no change though, the key ends up in the studio_app user''s
file but not in the user''s file..

Anyone have any thoughts?

Thanks!

-- Nick



-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Don''t you want to require => User["test.user"] in your
@ssh_authorized_keys
resource?
On Apr 1, 2011 12:24 PM, "Nick Steel" <nick.steel@gmail.com>
wrote:

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I thought that at one point in time as well. I did try adding a require =>
user["test.user"] with no luck. I later read that the require is
implicit
within ssh_authorized_keys...



On Fri, Apr 1, 2011 at 6:01 PM, Scott Smith <scott@ohlol.net> wrote:
> Don''t you want to require => User["test.user"] in
your @ssh_authorized_keys
> resource?
> On Apr 1, 2011 12:24 PM, "Nick Steel"
<nick.steel@gmail.com> wrote:
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

It looks like the `user` portion is overriding the original resource? I 
haven''t checked if this would work but maybe you can do something along
these lines:

       Ssh_authorized_key <| title == "test.user.key" |>{ 
                user => ["test.user","studio_app"], 
        } 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 04/02/2011 08:40 PM, Cody Robertson wrote:
> It looks like the `user` portion is overriding the original resource? I
> haven''t checked if this would work but maybe you can do something
along
> these lines:
> 
>        Ssh_authorized_key <| title == "test.user.key" |>{
>                 user => ["test.user","studio_app"],
>         }
Probably not.

Afaik, an ssh_authorized_key resource is associated with exactly one user.

What you want to do is
1. assign your key to a variable ($testkey = "AAAgwiv...")
2. declare two ssh_authorized_key resources that both use that variable
as the "key" parameter.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mon, Apr 4, 2011 at 1:54 AM, Felix Frank
<felix.frank@alumni.tu-berlin.de
> wrote:
>
>
> On 04/02/2011 08:40 PM, Cody Robertson wrote:
> > It looks like the `user` portion is overriding the original resource?
I
> > haven''t checked if this would work but maybe you can do
something along
> > these lines:
> >
> >        Ssh_authorized_key <| title == "test.user.key"
|>{
> >                 user =>
["test.user","studio_app"],
> >         }
>
> Probably not.
>
> Afaik, an ssh_authorized_key resource is associated with exactly one user.
>
> What you want to do is
> 1. assign your key to a variable ($testkey = "AAAgwiv...")
> 2. declare two ssh_authorized_key resources that both use that variable
> as the "key" parameter.
>
> HTH,
> Felix
>
>
>
Thanks Felix, that worked!

Its interesting that ssh_authorized_keys behaves this way. I would have
thought that having a single key in multiple user''s authorized_key
files
would have been a use case (albeit a bit unusual)...

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.