Puppet users - Sep 2009 - Endless updates with ssh_authorized_key on OpenSolaris

I''m running puppet 0.24.8 on OpenSolaris 2009.06 and it is updating
all ssh_authorized_key:s on every run:

Fri Sep 04 04:55:57 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
common/default-accounts/webpush/Ssh_authorized_key[webpush@akula]/
target (notice): target changed ''/export/home/webpush/.ssh/
authorized_keys'' to
''/export/home/webpush/.ssh/authorized_keys''

and then 30 minutes later:

Fri Sep 04 05:26:21 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
common/default-accounts/webpush/Ssh_authorized_key[webpush@akula]/
target (notice): target changed ''/export/home/webpush/.ssh/
authorized_keys'' to
''/export/home/webpush/.ssh/authorized_keys''

The same class runs just fine on Solaris 10...

Has someone else run in to this? Or can give me some hints on what is
messed up?

cheers,
/Martin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I ran into it before, and ended up just making my own version of an
ssh authorized key in a define rather than try to figure it out;
although I think it is just improperly parsing the key file.
I don''t know what kind of lazy that makes me.
It''s not very pretty or thouroughly tested, and no guarantees it will
work properly for what you want; but it''s been doing what I want.

##$user is the name of the user who should have this key.
##$key is the literal string of the key itself
##$type should be something like "ssh-rsa"
##$remotehost is the host the key is valid from, I believe "" makes it
valid for any host.
##$command is for use with forced commands associated with the key; I
have used it with
## command => "pfexec /path/to/script", havent really tried
anything
fancier than that.
##
define sshauth ($user, $key, $type, $remotehost, $command = "false") {
        Exec {
                path =>
["/bin","/sbin","/usr/bin","/usr/sbin","/usr/
local/bin","/usr/local/sbin"],

        }

        $keyname=$name
        if $command == "false" {
                exec { "insertkey$keyname":
                        command => "su - $user -c ''mkdir -p
~/.ssh ;
chmod 700 ~/.ssh ; cat ~/.ssh/authorized_keys | grep -v \"$user@
$remotehost\" > ~/.ssh/authorized_keys.n ; mv ~/.ssh/authorized_keys.n
~/.ssh/authorized_keys ; echo \"$type   $key  $user@$remotehost
\" >> ~/.ssh/authorized_keys; chmod 700
~/.ssh/authorized_keys''",
                        unless => "su - $user -c ''cat ~/.ssh/
authorized_keys | grep \"$type   $key  $user@$remotehost\"''|
grep -v
SunOS",
                }
        } else {
                exec { "insertkey$keyname":
                        command => "su - $user -c ''mkdir -p
~/.ssh ;
chmod 700 ~/.ssh ; cat ~/.ssh/authorized_keys | grep -v \"$user@
$remotehost\" > ~/.ssh/authorized_keys.n ; mv ~/.ssh/authorized_keys.n
~/.ssh/authorized_keys ; echo \"command=\\\"$command\\\" $type  
$key
$user@$remotehost
\" >> ~/.ssh/authorized_keys; chmod 700
~/.ssh/authorized_keys''",
                        unless => "su - $user -c ''cat ~/.ssh/
authorized_keys | grep \"command=\\\"$command\\\" $type   $key 
$user@
$remotehost\"''| grep -v SunOS",
                }



        }
}


On Sep 4, 7:28 am, Martin Englund <martin.engl...@sun.com>
wrote:
> I''m running puppet 0.24.8 on OpenSolaris 2009.06 and it is
updating
> all ssh_authorized_key:s on every run:
>
> Fri Sep 04 04:55:57 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
> common/default-accounts/webpush/Ssh_authorized_key[webpush@akula]/
> target (notice): target changed ''/export/home/webpush/.ssh/
> authorized_keys'' to
''/export/home/webpush/.ssh/authorized_keys''
>
> and then 30 minutes later:
>
> Fri Sep 04 05:26:21 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
> common/default-accounts/webpush/Ssh_authorized_key[webpush@akula]/
> target (notice): target changed ''/export/home/webpush/.ssh/
> authorized_keys'' to
''/export/home/webpush/.ssh/authorized_keys''
>
> The same class runs just fine on Solaris 10...
>
> Has someone else run in to this? Or can give me some hints on what is
> messed up?
>
> cheers,
> /Martin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---