thr3ads.net - Puppet users - [Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback) [Oct 2012]

If this information is useful, please help other people find it:
Share via:

Lukas Hetzenecker

2012-Oct-24 09:28 UTC

[Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)

Hello,

I am a big fan of Puppet (btw, congratulations to your 3.0 release), but 
there was always one thing that bothered me: the imperfect handling of the 
authorized_keys of SSH.
To support more than one local user account for one SSH user some ugly 
workarounds were needed. 

So I decided to fix this issue and published my attempt here:

https://github.com/lukas-hetzenecker/puppet-module-ssh_authorized_key

The module allows you to specify an array for the user or target attributes 
and uses the SSH key fingerprint as resource identifier (optionally the 
comment can be made unique too).
This should fix the issues mentioned in bug #1531 ( 
http://projects.puppetlabs.com/issues/1531 )

Please note that this module is my first experience with Ruby and Puppet 
module development, so it may contain bad code. Therefore I''m glad
about
any feedback you give me about this code.

Greetings,
Lukas

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/abK8Ag0yM4oJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Dawn Foster

2012-Oct-24 23:36 UTC

head link

Re: [Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)

On Wed, Oct 24, 2012 at 2:28 AM, Lukas Hetzenecker
<lukas.hetzenecker@gmail.com> wrote:> Hello,
>
> I am a big fan of Puppet (btw, congratulations to your 3.0 release), but
> there was always one thing that bothered me: the imperfect handling of the
> authorized_keys of SSH.
> To support more than one local user account for one SSH user some ugly
> workarounds were needed.
>
> So I decided to fix this issue and published my attempt here:
>
> https://github.com/lukas-hetzenecker/puppet-module-ssh_authorized_key
>
> The module allows you to specify an array for the user or target attributes
> and uses the SSH key fingerprint as resource identifier (optionally the
> comment can be made unique too).
> This should fix the issues mentioned in bug #1531 (
> http://projects.puppetlabs.com/issues/1531 )
>
> Please note that this module is my first experience with Ruby and Puppet
> module development, so it may contain bad code. Therefore I''m glad
about any
> feedback you give me about this code.
Thanks for sharing your module!

You might get some additional feedback if you also upload your module
to the Forge: http://forge.puppetlabs.com/

Here''s a link to the how-to for publishing a module on the forge:
http://docs.puppetlabs.com/puppet/2.7/reference/modules_publishing.html

Dawn

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Lukas Hetzenecker

2012-Nov-07 14:27 UTC

head link

Re: [Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)

Hello,

my module is now available from puppet forge too, thanks for your 
suggestion: http://forge.puppetlabs.com/hetzeneckerl/ssh_authorized_key

However, I''m still having one problem developing this module:

On *every* run I get some of these messages:

/Stage[main]/Ssh::Hetzeneckerl/Ssh[long_ssh_key]/Pxp_ssh_authorized_key_base[long_ssh_key]/user:
defined ''type'' as ''ssh-rsa''
/Stage[main]/Ssh::Hetzeneckerl/Ssh[long_ssh_key]/Pxp_ssh_authorized_key_base[long_ssh_key]/user:
defined ''user'' as ''root''

or when running with the noop flag: current_value absent, should be ssh-rsa 
(noop)
So basically the resource does not remember the previous records 
("historical values") and/or does not know the actual current values.

These messages are generated by the apply_parameter method in 
resource_harness.rb where historical_value is set to nil, the full 
stacktrace is at the end of this message.

Could anybody have a look at the code uploaded to github and help me 
debugging this error and give me some clues how I can change the records 
returned by the fileparser?

Thanks for your help,
Lukas Hetzenecker

---- STACKTRACE ----

/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:62:in 
`perform_changes''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:60:in 
`each''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:60:in 
`perform_changes''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:137:in 
`evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:49:in `apply''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:84:in `eval_resource''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:104:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:348:in `thinmark''
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:347:in `thinmark''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:104:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:383:in `traverse''
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:99:in `evaluate''
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:122:in `apply_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark''
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:178:in `benchmark''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:121:in `apply_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:179:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:265:in 
`apply_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:213:in `main''
/usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:146:in
`run_command''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:438:in `plugin_hook''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:500:in `exit_on_fail''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:87:in `execute''
/usr/bin/puppet:4

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/T-n6MU6q49UJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Puppet users - Oct 2012 - SSH authorized key module with support for multiple local accounts (Request for Feedback)

[Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)

Re: [Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)

Re: [Puppet Users] SSH authorized key module with support for multiple local accounts (Request for Feedback)