Daneil Goodman
2010-Oct-26 02:47 UTC
[Puppet Users] Multiple host key entries in ssh_known_hosts
Hi all,
I am trying to use @@sshkey{...} and Sshkey <<| |>> to share host
keys
between compute nodes. It does work! But there is a weird issue. The same
host key entry of each node will add into ssh_known_host again after
restarted puppet each time. I only need one entry for each node in
ssh_known_hosts. What should I do? Here is the code:
class ssh {
@@sshkey { "$hostname":
key => $sshrsakey,
type => ssh-rsa,
name =>
["$hostname,","$hostname.$domain,","$ipaddress"],
}
Sshkey <<| |>>
}
Even if enforced to remove /etc/ssh/ssh_known_hosts before collection using
the following modified code, the result is same.
class ssh {
file { "/etc/ssh/ssh_known_hosts":
ensure => absent
}
@@sshkey { "$hostname":
key => $sshrsakey,
type => ssh-rsa,
name =>
["$hostname,","$hostname.$domain,","$ipaddress"],
require => File["/etc/ssh/ssh_known_hosts"]
}
Sshkey <<| |>>
}
The default mode of ssh_known_hosts created by the above code is 600. I
tried to change it to 644 using the following code:
class ssh {
file { "/etc/ssh/ssh_known_hosts":
ensure => absent
}
@@sshkey { "$hostname":
key => $sshrsakey,
type => ssh-rsa,
name =>
["$hostname,","$hostname.$domain,","$ipaddress"],
require => File["/etc/ssh/ssh_known_hosts"]
}
Sshkey <<| |>>
File <| title == "/etc/ssh/ssh_known_hosts" |> {
mode => 644
}
}
But it is still 600.
How can I limit to only one host key entry for each node in ssh_known_hosts
and change its mode to 644?
Thanks,
Goodman
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.