Christopher McCrory
2010-Nov-15 14:02 UTC
[Puppet Users] bug with using exported resources?
Hello...
Is this a bug or by design?
I''m using exported resources to generate /etc/ssh/ssh_known_hosts. I
changed the example from the docs to this:
@@sshkey {
"$fqdn,$hostname,$ipaddress": type => rsa,
key => $sshrsakey,
}
so that I would get one line per host in the ssh_know_hosts file. What
happened was that on each run several (all?) keys exported would be
re-added. At one point I counted 34 duplicate entries. I changed the
module to:
@@sshkey {
"$fqdn": type => rsa,
key => $sshrsakey,
}
@@sshkey {
"$hostname": type => rsa,
key => $sshrsakey,
}
@@sshkey {
"$ipaddress": type => rsa,
key => $sshrsakey,
}
And now I get three entries for each host and no duplicates. IS this a
bug?
Using puppet 0.25.4 on Ubuntu 10.04 on the client and puppet 0.25.5
from epel on centos. all 32bit servers.
--
Christopher McCrory
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Stefan Schulte
2010-Nov-16 00:49 UTC
Re: [Puppet Users] bug with using exported resources?
You have to use
@@sshkey { $fqdn:
type => rsa,
key => $sshrsakey,
host_aliases => [ $hostname, $ipaddress],
}
The following happened:
Puppet joins resourcename and hostaliases with a "," to put it in the
file. Because you put everything in the resourcename you end up with
$fqdn,$hostname,$ipaddres
Puppet wrote an entry "$fqdn,$hostname,$ipaddress $type $key" to your
known hosts. On the second run it reads the lines again and know does a
split(",") on the first field. First item ($fqdn) will be interpreted
as
the resourcename, all the other items ($hostname,$ipaddress) will be
interpreted as host_aliases.
Puppet recognised that there is no resource called
$fqdn,$hostname,$ipaddress present in the file and creates it again.
You should file a bug about the sshkey type not raising an Error if you
define a resourcename with "," in it.
-Stefan
On Mon, Nov 15, 2010 at 06:02:59AM -0800, Christopher McCrory
wrote:> Hello...
>
>
> Is this a bug or by design?
>
> I''m using exported resources to generate
/etc/ssh/ssh_known_hosts. I
> changed the example from the docs to this:
>
> @@sshkey {
> "$fqdn,$hostname,$ipaddress": type => rsa,
> key => $sshrsakey,
> }
>
> so that I would get one line per host in the ssh_know_hosts file. What
> happened was that on each run several (all?) keys exported would be
> re-added. At one point I counted 34 duplicate entries. I changed the
> module to:
>
> @@sshkey {
> "$fqdn": type => rsa,
> key => $sshrsakey,
> }
> @@sshkey {
> "$hostname": type => rsa,
> key => $sshrsakey,
> }
> @@sshkey {
> "$ipaddress": type => rsa,
> key => $sshrsakey,
> }
>
> And now I get three entries for each host and no duplicates. IS this a
> bug?
>
>
>
> Using puppet 0.25.4 on Ubuntu 10.04 on the client and puppet 0.25.5
> from epel on centos. all 32bit servers.
>
>
>
>
> --
> Christopher McCrory
> To the optimist, the glass is half full.
> To the pessimist, the glass is half empty.
> To the engineer, the glass is twice as big as it needs to be.
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
Stefan Schulte
2010-Nov-21 20:09 UTC
Re: [Puppet Users] bug with using exported resources?
On Tue, Nov 16, 2010 at 01:49:41AM +0100, Stefan Schulte wrote:> You should file a bug about the sshkey type not raising an Error if you > define a resourcename with "," in it. > > -StefanJust for the record: The issue has already been reported: http://projects.puppetlabs.com/issues/2495