Hi:
I have a defined type "useraccount" that constructs a user and
user''s
group, then installs his ssh key. This looks something like the
snippet below.
The problem I''m seeing is, every time I run the puppet client, it
appends that same ssh key to ~/.ssh/authorized_keys, so at the end of
three runs I have three copies of the same key in the file.
Is there a workaround? Maybe something with subscribe or refreshonly?
Am I using the resource incorrectly?
Thank you,
/m
# /etc/puppet/modules/user/init.pp
define useraccount ($uid, $username) {
user { $username:
ensure => present,
...
}
group { ... }
ssh_authorized_key { $username:
ensure => present,
key => "abcdefghijklmnop_very_long_string",
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
P.S. Here''s what the client log shows each time:
info: Caching catalog for grid1001.impermium.com
debug: Puppet::Type::Group::ProviderLdap: false value when expecting
true
debug: Puppet::Type::Group::ProviderPw: file /usr/sbin/pw does not
exist
debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Creating default schedules
debug: Loaded state in 0.00 seconds
debug: Prefetching parsed resources for ssh_authorized_key
debug: /Stage[main]/User::Virtual/Useraccount[mark_risher]/
User[mark_risher]: Autorequiring Group[mark_risher]
debug: /Stage[main]/User::Virtual/Useraccount[mark_risher]/
User[mark_risher]: Autorequiring Group[eng]
debug: /Stage[main]/User::Virtual/Useraccount[mark_risher]/
User[mark_risher]: Autorequiring Group[sudo]
debug: /Stage[main]/User::Virtual/Useraccount[mark_risher]/
Ssh_authorized_key[mark_risher]: Autorequiring User[mark_risher]
info: Applying configuration version ''1298511605''
notice: /Stage[main]/User::Virtual/Useraccount[mark_risher]/
Ssh_authorized_key[mark_risher]/ensure: created
debug: Finishing transaction 69873893566360
info: FileBucket adding /home/mark_risher/.ssh/authorized_keys as {md5}
f446e28657b5b447934b08b9d3ba92ff
debug: Flushing ssh_authorized_key provider target /home/
mark_risher/.ssh/authorized_keys
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
debug: Finishing transaction 69873893811040
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Wed, 23 Feb 2011, mark risher wrote:> ssh_authorized_key { $username: > ensure => present, > key => "abcdefghijklmnop_very_long_string",You don''t have the ''user'' or ''type'' parameters. Perhaps that''s related to the problem. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks, but I do have those parameters; I was trying to keep my quote
short. Here''s the full monty:
# create an ssh key for this user
ssh_authorized_key { "$username.$ssh_public_key":
ensure => present,
key => $ssh_public_key,
type => $ssh_key_type,
user => $username,
}
It seems that this duplication happens when I run "puppetd --test --
debug"; maybe that test flag overrides the checksumming?
/m
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Stefan Schulte
2011-Feb-25 21:00 UTC
Re: [Puppet Users] Re: ssh_authorized_key runs every time
On Thu, Feb 24, 2011 at 01:57:14PM -0800, mark risher wrote:> Thanks, but I do have those parameters; I was trying to keep my quote > short. Here''s the full monty: > > # create an ssh key for this user > ssh_authorized_key { "$username.$ssh_public_key": > ensure => present, > key => $ssh_public_key, > type => $ssh_key_type, > user => $username, > } >Thats a strange title. The title of the resource is basically the comment field in authorized_keys and should be not contain spaces or commas or anything fancy. If you still have problems post the exact resource definition (with resolved variables) and the entry in authorized_keys that puppet actually writes to disk.> It seems that this duplication happens when I run "puppetd --test -- > debug"; maybe that test flag overrides the checksumming?No. If puppet rewrites the same entry over and over again it cannot identify your resource. That can happen if you use delimiters like spaces as values. -Stefan
Felix Frank
2011-Mar-07 12:09 UTC
Re: [Puppet Users] Re: ssh_authorized_key runs every time
On 02/25/2011 10:00 PM, Stefan Schulte wrote:> On Thu, Feb 24, 2011 at 01:57:14PM -0800, mark risher wrote: >> Thanks, but I do have those parameters; I was trying to keep my quote >> short. Here''s the full monty: >> >> # create an ssh key for this user >> ssh_authorized_key { "$username.$ssh_public_key": >> ensure => present, >> key => $ssh_public_key, >> type => $ssh_key_type, >> user => $username, >> }Is there per chance any junk in your $ss_public_key? Puppet will get confused if there is e.g. the original key name in the "key" parameter (such as "AAAAB3NzaC1y...rN3YQ== foobar@myhost.domain.org") HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hugo Deprez
2011-Jul-20 12:29 UTC
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hello,
I have the same issue :
ssh_authorized_key
{
"user-rsa-key":
ensure => ''present'',
key => ''*******************== user@servername'',
type => ''rsa'',
user => ''user'',
require => File["/home/user/.ssh"],
}
On my server it adds the same key every time puppet run :
notice: /Stage[main]/Check_drbd/Ssh_authorized_key[user-rsa-key]/ensure:
created
info: FileBucket adding /home/user/.ssh/authorized_keys as
{md5}c2f4b42*******
I don''t see the issue ?
Thanks for the help !
Hugo
On 7 March 2011 13:09, Felix Frank <felix.frank@alumni.tu-berlin.de>
wrote:
> On 02/25/2011 10:00 PM, Stefan Schulte wrote:
> > On Thu, Feb 24, 2011 at 01:57:14PM -0800, mark risher wrote:
> >> Thanks, but I do have those parameters; I was trying to keep my
quote
> >> short. Here''s the full monty:
> >>
> >> # create an ssh key for this user
> >> ssh_authorized_key { "$username.$ssh_public_key":
> >> ensure => present,
> >> key => $ssh_public_key,
> >> type => $ssh_key_type,
> >> user => $username,
> >> }
>
> Is there per chance any junk in your $ss_public_key? Puppet will get
> confused if there is e.g. the original key name in the "key"
parameter
> (such as "AAAAB3NzaC1y...rN3YQ== foobar@myhost.domain.org")
>
> HTH,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-Jul-20 12:37 UTC
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hi, On 07/20/2011 02:29 PM, Hugo Deprez wrote:> key => ''*******************== user@servername'',well, the issue is that you''re not specifying the key, but the key + keyname, which is not quite right. Try ssh_authorized_key { "user@servername": key => "....==", ... } HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hugo Deprez
2011-Jul-20 12:54 UTC
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hi Felix, I try the following : key => "*****BQfc62cpIMw==", And it works ! Thank you ! Hugo On 20 July 2011 14:37, Felix Frank <felix.frank@alumni.tu-berlin.de> wrote:> Hi, > > On 07/20/2011 02:29 PM, Hugo Deprez wrote: > > key => ''*******************== user@servername'', > > well, the issue is that you''re not specifying the key, but the key + > keyname, which is not quite right. > > Try ssh_authorized_key { "user@servername": key => "....==", ... } > > HTH, > Felix > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.