Puppet users - Apr 2009 - ssh_authorized_key completely ignoring "require"

Hi, so I''m running into a problem since upgrading to 0.24.8 where
puppet is trying to create an authorized key for users that don''t
exist because it doesn''t do the require ( require =>
"/etc/passwd" )
first.

I''ve tried making the require a default parameter for
"ssh_autohrized_key" (yes, in the same scope), I''ve tried
making the
passwd file a requirement for every "ssh_authorized_key" and
I''ve
tried to use "before" with the passwd resource ( before => Class
[ users::ssh_keys ] ) and yet puppet insists on trying to create the
key before doing any of the prerequisites.

One other note, the ssh_authorized_key isn''t always for the same
person, so it''s not a particular key that''s causing the
problem.
Also, this was never a problem with 0.24.7.

Cheers,
Scott
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Scott,

Can you pastie the simplest code to reproduce and maybe attach the files
created by --graph to see what the relationships look like.

Is anyone else seeing a problem like this?




On Tue, Apr 21, 2009 at 9:02 PM, Scott <scott.br@gmail.com> wrote:
>
> Hi, so I''m running into a problem since upgrading to 0.24.8 where
> puppet is trying to create an authorized key for users that don''t
> exist because it doesn''t do the require ( require =>
"/etc/passwd" )
> first.
>
> I''ve tried making the require a default parameter for
> "ssh_autohrized_key" (yes, in the same scope), I''ve
tried making the
> passwd file a requirement for every "ssh_authorized_key" and
I''ve
> tried to use "before" with the passwd resource ( before =>
Class
> [ users::ssh_keys ] ) and yet puppet insists on trying to create the
> key before doing any of the prerequisites.
>
> One other note, the ssh_authorized_key isn''t always for the same
> person, so it''s not a particular key that''s causing the
problem.
> Also, this was never a problem with 0.24.7.
>
> Cheers,
> Scott
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hello,
we configured puppet with mongrel and apache as load balancer on a
debian heartbeat2 cluster. puppetmasterd is running on both nodes and
only the puppetmaster ip is switching. We start 10 mongrel servers and
we load balance only to 127.0.0.1:18140 - 18149 not to the other
clusternode. We use shared storage for confdir, files, manifests and
ssl. Everything is working but we still get these errors (sometimes -
not that often):
 
/var/log/syslog.log
Apr 22 09:16:16 demu1glcmon01 puppetmasterd[21131]: Denying
unauthenticated client localhost(127.0.0.1) access to fileserver.list
Apr 22 09:16:16 demu1glcmon01 puppetmasterd[21070]: Denying
unauthenticated client localhost(127.0.0.1) access to
fileserver.describe
Apr 22 09:16:16 demu1glcmon01 puppetmasterd[21301]: Denying
unauthenticated client localhost(127.0.0.1) access to
fileserver.describe
Apr 22 09:16:30 demu1glcmon01 puppetmasterd[20811]: Compiled catalog for
idxxxx.xxxxx.com in 0.02 seconds
Apr 22 09:16:35 demu1glcmon01 puppetmasterd[20905]: Compiled catalog for
uxxxxxx.xxxxx.com in 0.02 seconds
Apr 22 09:17:17 demu1glcmon01 puppetmasterd[21131]: Compiled catalog for
ux2xxxx.xxxxx.com in 0.02 seconds
[...]
 
 
/var/log/apache/access-vhost-puppet.log
147.151.157.130 - - [22/Apr/2009:09:16:16 +0200] "POST /RPC2 HTTP/1.1"
502 528 "-" "XMLRPC::Client (Ruby 1.8.7)"
147.151.157.130 - - [22/Apr/2009:09:16:16 +0200] "POST /RPC2 HTTP/1.1"
200 - "-" "XMLRPC::Client (Ruby 1.8.7)"
147.151.157.130 - - [22/Apr/2009:09:16:16 +0200] "POST /RPC2 HTTP/1.1"
502 528 "-" "XMLRPC::Client (Ruby 1.8.7)"
147.151.132.225 - - [22/Apr/2009:09:16:24 +0200] "POST /RPC2 HTTP/1.1"
200 149 "-" "XMLRPC::Client (Ruby 1.8.7)"
147.151.132.225 - - [22/Apr/2009:09:16:24 +0200] "POST /RPC2 HTTP/1.1"
200 175 "-" "XMLRPC::Client (Ruby 1.8.7)"
[...]

 
/var/log/apache/error-vhost-puppet.log
[Wed Apr 22 09:16:16 2009] [error] [client 147.151.157.130] (70014)End
of file found: proxy: error reading status line from remote server
127.0.0.1
[Wed Apr 22 09:16:16 2009] [error] [client 147.151.157.130] proxy: Error
reading from remote server returned by /RPC2
[Wed Apr 22 09:16:16 2009] [error] [client 147.151.157.130] (70014)End
of file found: proxy: error reading status line from remote server
127.0.0.1
[Wed Apr 22 09:16:16 2009] [error] [client 147.151.157.130] (70014)End
of file found: proxy: error reading status line from remote server
127.0.0.1
[Wed Apr 22 09:16:16 2009] [error] [client 147.151.157.130] proxy: Error
reading from remote server returned by /RPC2

 
 
Any idea what is causing this?
 
Best regards
Florian
 
 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I''m also seeing this. I''m not sure what --graph is an option
to, not my
puppet. 

First, some version info. This is an ubuntu hardy machine with a current
puppet:

  root@mta-system:~# dpkg -s puppet | grep Vers
  Version: 0.24.8-1
  root@mta-system:~# dpkg -s facter | grep Vers
  Version: 1.5.1-0.1

I have a pretty simple test. 1 user, 1 key, in a file. I have 8 variants
to test: real or virtual; requires, before, no explicit depends, and
both. I expect all 8 variants to work, but none of them do. 

Here''s the one I like best (least amount of extraneous typing):

  root@mta-system:/tmp/ordering# cat ordering-virtual.pp 
  @user { "seph":
    ensure     => "present",
    uid        => "2001",
    comment    => "seph",
    home       => "/home/seph",
    shell      => "/bin/bash",
    allowdupe  => false,
    managehome => true,
    password   => ''!!'',
  }

  @ssh_authorized_key { "seph-2008":
    ensure  => present,
    key     => "foo==",
    type    => "ssh-dss",
    name    => "seph@macbook-2008",
    user    => seph,
  }

  realize(
    User["seph"],
    Ssh_authorized_key["seph-2008"],
  )


  root@mta-system:/tmp/ordering# puppet --verbose ordering-virtual.pp  
  info: Loading fact virtual
  sh: Syntax error: Bad fd number
  sh: Syntax error: Bad fd number
  err: Could not create seph-2008: user seph doesn''t exist
  user seph doesn''t exist

That same file does create the user, if there''s no ssh key, likewise if
the user already exists it will add the key.

And since I did actually try all 8 variants, here''s there''s
logs:
real, no depends: http://pastie.org/454576
real, require: http://pastie.org/454579
real, before: http://pastie.org/454581
real, both: http://pastie.org/454597
virtual, no depends: http://pastie.org/454582
virtual, require: http://pastie.org/454585
virtual, before: http://pastie.org/454587
virtual, both: http://pastie.org/454600

seph

Andrew Shafer <andrew@reductivelabs.com> writes:
> Scott,
>
> Can you pastie the simplest code to reproduce and maybe attach the files
> created by --graph to see what the relationships look like.
>
> Is anyone else seeing a problem like this?
>
>
>
>
> On Tue, Apr 21, 2009 at 9:02 PM, Scott <scott.br@gmail.com> wrote:
>
>>
>> Hi, so I''m running into a problem since upgrading to 0.24.8
where
>> puppet is trying to create an authorized key for users that
don''t
>> exist because it doesn''t do the require ( require =>
"/etc/passwd" )
>> first.
>>
>> I''ve tried making the require a default parameter for
>> "ssh_autohrized_key" (yes, in the same scope), I''ve
tried making the
>> passwd file a requirement for every "ssh_authorized_key" and
I''ve
>> tried to use "before" with the passwd resource ( before =>
Class
>> [ users::ssh_keys ] ) and yet puppet insists on trying to create the
>> key before doing any of the prerequisites.
>>
>> One other note, the ssh_authorized_key isn''t always for the
same
>> person, so it''s not a particular key that''s causing
the problem.
>> Also, this was never a problem with 0.24.7.
>>
>> Cheers,
>> Scott
>> >
>>
>
> 
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 22, 11:04 am, seph <s...@directionless.org>
wrote:
> I''m also seeing this. I''m not sure what --graph is an
option to, not my
> puppet.
Ah, I found --graph. It''s just not in the help files.

If I don''t have a user, then I get the aforementioned errors, and no
graphs. If I create the user ahead of time, I get graphs. Seems weird
not to get graphs for that dependancy error, but I don''t really
understand the internals.

I''ve created graphs for the virtual versions with no depends, and with
both a before and a require.
http://www.directionless.org/tmp/puppet/

seph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

seph wrote:
>   root@mta-system:/tmp/ordering# puppet --verbose ordering-virtual.pp  
>   info: Loading fact virtual
>   sh: Syntax error: Bad fd number
>   sh: Syntax error: Bad fd number
>   err: Could not create seph-2008: user seph doesn''t exist
>   user seph doesn''t exist
Yes, this is likely a new occurrence of bug #1409 introduced by the fix
for #2004. I''ll have a look.

François

http://projects.reductivelabs.com/issues/1409
http://projects.reductivelabs.com/issues/2004


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I have run into this problem today trying to stand up some new servers.

On Tue, Apr 21, 2009 at 11:44 PM, Andrew Shafer
<andrew@reductivelabs.com>wrote:
>
> Scott,
>
> Can you pastie the simplest code to reproduce and maybe attach the files
> created by --graph to see what the relationships look like.
>
> Is anyone else seeing a problem like this?
>
>
>
>
>
> On Tue, Apr 21, 2009 at 9:02 PM, Scott <scott.br@gmail.com> wrote:
>
>>
>> Hi, so I''m running into a problem since upgrading to 0.24.8
where
>> puppet is trying to create an authorized key for users that
don''t
>> exist because it doesn''t do the require ( require =>
"/etc/passwd" )
>> first.
>>
>> I''ve tried making the require a default parameter for
>> "ssh_autohrized_key" (yes, in the same scope), I''ve
tried making the
>> passwd file a requirement for every "ssh_authorized_key" and
I''ve
>> tried to use "before" with the passwd resource ( before =>
Class
>> [ users::ssh_keys ] ) and yet puppet insists on trying to create the
>> key before doing any of the prerequisites.
>>
>> One other note, the ssh_authorized_key isn''t always for the
same
>> person, so it''s not a particular key that''s causing
the problem.
>> Also, this was never a problem with 0.24.7.
>>
>> Cheers,
>> Scott
>>
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

As someone whose actively setting up and deploying puppet on new
machines, this bug is a huge annoyance for me.

Instead of having a simple recipe, my process involves invoking puppet
to create users, then invoking puppet to add keys. It''s frustrating
that
this still isn''t fixed in the released versions.

seph

Chris Blumentritt <cblument@gmail.com> writes:
> I have run into this problem today trying to stand up some new servers.
>
> On Tue, Apr 21, 2009 at 11:44 PM, Andrew Shafer
<andrew@reductivelabs.com>wrote:
>
>>
>> Scott,
>>
>> Can you pastie the simplest code to reproduce and maybe attach the
files
>> created by --graph to see what the relationships look like.
>>
>> Is anyone else seeing a problem like this?
>>
>>
>>
>>
>>
>> On Tue, Apr 21, 2009 at 9:02 PM, Scott <scott.br@gmail.com>
wrote:
>>
>>>
>>> Hi, so I''m running into a problem since upgrading to
0.24.8 where
>>> puppet is trying to create an authorized key for users that
don''t
>>> exist because it doesn''t do the require ( require =>
"/etc/passwd" )
>>> first.
>>>
>>> I''ve tried making the require a default parameter for
>>> "ssh_autohrized_key" (yes, in the same scope),
I''ve tried making the
>>> passwd file a requirement for every "ssh_authorized_key"
and I''ve
>>> tried to use "before" with the passwd resource ( before
=> Class
>>> [ users::ssh_keys ] ) and yet puppet insists on trying to create
the
>>> key before doing any of the prerequisites.
>>>
>>> One other note, the ssh_authorized_key isn''t always for
the same
>>> person, so it''s not a particular key that''s
causing the problem.
>>> Also, this was never a problem with 0.24.7.
>>>
>>> Cheers,
>>> Scott
>>>
>>>
>>
>> >
>>
>
> 
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I am just starting with puppet, and the intended use was to manage ssh
keys.  Is there an intended release to fix this, or some other way to
get it working?

On Jul 17, 1:14 pm, seph <s...@directionless.org>
wrote:
> As someone whose actively setting up and deploying puppet on new
> machines, this bug is a huge annoyance for me.
>
> Instead of having a simple recipe, my process involves invoking puppet
> to create users, then invoking puppet to add keys. It''s
frustrating that
> this still isn''t fixed in the released versions.
>
> seph
>
> Chris Blumentritt <cblum...@gmail.com> writes:
> > I have run into this problem today trying to stand up some new
servers.
>
> > On Tue, Apr 21, 2009 at 11:44 PM, Andrew Shafer
<and...@reductivelabs.com>wrote:
>
> >> Scott,
>
> >> Can you pastie the simplest code to reproduce and maybe attach the
files
> >> created by --graph to see what the relationships look like.
>
> >> Is anyone else seeing a problem like this?
>
> >> On Tue, Apr 21, 2009 at 9:02 PM, Scott <scott...@gmail.com>
wrote:
>
> >>> Hi, so I''m running into a problem since upgrading to
0.24.8 where
> >>> puppet is trying to create an authorized key for users that
don''t
> >>> exist because it doesn''t do the require ( require
=> "/etc/passwd" )
> >>> first.
>
> >>> I''ve tried making the require a default parameter for
> >>> "ssh_autohrized_key" (yes, in the same scope),
I''ve tried making the
> >>> passwd file a requirement for every
"ssh_authorized_key" and I''ve
> >>> tried to use "before" with the passwd resource (
before => Class
> >>> [ users::ssh_keys ] ) and yet puppet insists on trying to
create the
> >>> key before doing any of the prerequisites.
>
> >>> One other note, thessh_authorized_keyisn''t always for
the same
> >>> person, so it''s not a particular key that''s
causing the problem.
> >>> Also, this was never a problem with 0.24.7.
>
> >>> Cheers,
> >>> Scott
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

It''s supposed to be fixed in 0.25, which is now rc1. I haven''t
tried
0.25 yet

seph

Mike Harding <mvharding@gmail.com> writes:
> I am just starting with puppet, and the intended use was to manage ssh
> keys.  Is there an intended release to fix this, or some other way to
> get it working?
>
> On Jul 17, 1:14 pm, seph <s...@directionless.org> wrote:
>> As someone whose actively setting up and deploying puppet on new
>> machines, this bug is a huge annoyance for me.
>>
>> Instead of having a simple recipe, my process involves invoking puppet
>> to create users, then invoking puppet to add keys. It''s
frustrating that
>> this still isn''t fixed in the released versions.
>>
>> seph
>>
>> Chris Blumentritt <cblum...@gmail.com> writes:
>> > I have run into this problem today trying to stand up some new
servers.
>>
>> > On Tue, Apr 21, 2009 at 11:44 PM, Andrew Shafer
<and...@reductivelabs.com>wrote:
>>
>> >> Scott,
>>
>> >> Can you pastie the simplest code to reproduce and maybe attach
the files
>> >> created by --graph to see what the relationships look like.
>>
>> >> Is anyone else seeing a problem like this?
>>
>> >> On Tue, Apr 21, 2009 at 9:02 PM, Scott
<scott...@gmail.com> wrote:
>>
>> >>> Hi, so I''m running into a problem since upgrading
to 0.24.8 where
>> >>> puppet is trying to create an authorized key for users
that don''t
>> >>> exist because it doesn''t do the require ( require
=> "/etc/passwd" )
>> >>> first.
>>
>> >>> I''ve tried making the require a default parameter
for
>> >>> "ssh_autohrized_key" (yes, in the same scope),
I''ve tried making the
>> >>> passwd file a requirement for every
"ssh_authorized_key" and I''ve
>> >>> tried to use "before" with the passwd resource (
before => Class
>> >>> [ users::ssh_keys ] ) and yet puppet insists on trying to
create the
>> >>> key before doing any of the prerequisites.
>>
>> >>> One other note, thessh_authorized_keyisn''t always
for the same
>> >>> person, so it''s not a particular key
that''s causing the problem.
>> >>> Also, this was never a problem with 0.24.7.
>>
>> >>> Cheers,
>> >>> Scott
>
> 
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---