rvlinden
2011-May-13 11:20 UTC
[Puppet Users] ssh_authorized_key loops when options is defined
Hi all,
I have no problem with creating ssh keys for users, but as soon as I
specify ''options'', puppet keeps repeating and replacing the
key with
an identical key.
I have written the various options in various formats, like one big
strings, as an array, with double quotes or single quotes, etc, etc
(see examples below), but the issue stays
as a string ...
@authorizedkey {
"userx_dss":
user => "userx",
type => "ssh-dss",
key => "AAAA...=",
options =>
''from="server1.mydomain,server1,192.168.1.2",no-
port-forwarding,no-agent-forwarding'',
}
as an array ...
@authorizedkey {
"userx_dss":
user => "userx",
type => "ssh-dss",
key => "AAAA...=",
options => [
"from=\"server1.mydomain,server1,192.168.1.2\"",
",no-port-forwarding",
",no-agent-forwarding",
];
}
When I run puppet (puppetd --test --noop), it reports the value has to
be changed from x to y. The problem is that x and y are identical and
even if I let puppet correct it, the next run it will report it again
notice: /Stage[init]/Authorizedkey::Userx/Authorizedkey[userx_dss]/
Ssh_authorized_key[userx_dss]/options: current_value
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding, should be
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding (noop)
The acual key (.ssh/authorized_keys) for userx works fine and looks
like this
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding ssh-dss AAAA...= userx_dss
This looks to me like a bug where puppet does something weird as soon
as a comma is somewhere down the options line. If I put a single
option in there, puppet runs fine (and only once)
This works fine
options => "no-port-forwarding",
and this doesn''t
options => "no-port-forwarding,no-agent-forwarding",
please advice
Regards,
Rene
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
rvlinden
2011-May-13 11:25 UTC
[Puppet Users] Re: ssh_authorized_key loops when options is defined
BTW, the puppet version I use is 2.6.8 on Red Hat 5.6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-May-13 11:29 UTC
Re: [Puppet Users] ssh_authorized_key loops when options is defined
Hi, On 05/13/2011 01:20 PM, rvlinden wrote:> as an array ... > > @authorizedkey { > "userx_dss": > user => "userx", > type => "ssh-dss", > key => "AAAA...=", > options => [ > "from=\"server1.mydomain,server1,192.168.1.2\"", > ",no-port-forwarding", > ",no-agent-forwarding", > ]; > }this is right, but you made a doo-doo: There is commas *in* your array elements. Works for me (but the commas need to go). HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
rvlinden
2011-May-13 11:49 UTC
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix, If I remove the comma''s from the no-port and no-agent, like this options => [ "from=\"server1.mydomain,server1,192.168.1.2\"", "no-port-forwarding", "no-agent-forwarding", ]; I get one big blob in my authorized_keys file from="server1.mydomain,server1,192.168.1.2"no-port-forwardingno-agent- forwarding ssh-dss AAAA...= userx_dss and it still loops due the comma''s in the from="" to separate the servernames and ip-addresses. I don''t see how I can remove the comma''s without destroying the syntax of the authorized_keys file Regards, Rene On May 13, 1:29 pm, Felix Frank <felix.fr...@alumni.tu-berlin.de> wrote:> Hi, > > On 05/13/2011 01:20 PM, rvlinden wrote: > > > as an array ... > > > @authorizedkey { > > "userx_dss": > > user => "userx", > > type => "ssh-dss", > > key => "AAAA...=", > > options => [ > > "from=\"server1.mydomain,server1,192.168.1.2\"", > > ",no-port-forwarding", > > ",no-agent-forwarding", > > ]; > > } > > this is right, but you made a doo-doo: There is commas *in* your array > elements. > > Works for me (but the commas need to go). > > HTH, > Felix-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-May-13 12:15 UTC
Re: [Puppet Users] Re: ssh_authorized_key loops when options is defined
On 05/13/2011 01:49 PM, rvlinden wrote:> If I remove the comma''s from the no-port and no-agent, like this > > options => [ > "from=\"server1.mydomain,server1,192.168.1.2\"", > "no-port-forwarding", > "no-agent-forwarding", > ]; > > I get one big blob in my authorized_keys fileCan you post your manifest (i.e. the resource in question) verbatim? I just pasted this into a test manifest and it works perfectly fine with 2.6.8: ssh_authorized_key { "foobar": user => "ffrank", key => "abcdef", options => [ "from=\"server1.mydomain,server1,192.168.1.2\"", "no-port-forwarding", "no-agent-forwarding", ], type => "ssh-dss", } The entry is in my authorized_keys and puppet recognizes it. The commas are present. Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
rvlinden
2011-May-13 12:33 UTC
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix,
I just found the problem. It was in the ''define'' I had
created.
Initially I just used a single string instead of an array and in the
define I had this
options => "${options}",
I just changed it into this
options => $options,
and now the various array elements are handled correctly.
The loop is gone and the authorized_keys file is perfect
Thanks for the eye-opener
This is my ''new'' define for authorizedkey
define authorizedkey (
$ensure = "present",
$tag = "",
$type = "ssh-dss",
$key = "",
$options = "",
$user ) {
#
# Load subclasses
include authorizedkey::params
include authorizedkey::virtual
#
# ssh_authorized_key
ssh_authorized_key { "${name}":
ensure => "${ensure}",
type => "${type}",
key => "${key}",
user => "${user}",
} # End ssh_authorized_key
#
# Additional settings
if $options != "" {
Ssh_authorized_key["${name}"] {
options => $options,
} # End options
} # End if
} # End define setup
On May 13, 2:15 pm, Felix Frank <felix.fr...@alumni.tu-berlin.de>
wrote:> On 05/13/2011 01:49 PM, rvlinden wrote:
>
> > If I remove the comma''s from the no-port and no-agent, like
this
>
> > options => [
> >
"from=\"server1.mydomain,server1,192.168.1.2\"",
> > "no-port-forwarding",
> > "no-agent-forwarding",
> > ];
>
> > I get one big blob in my authorized_keys file
>
> Can you post your manifest (i.e. the resource in question) verbatim?
>
> I just pasted this into a test manifest and it works perfectly fine with
> 2.6.8:
>
> ssh_authorized_key {
> "foobar":
> user => "ffrank",
> key => "abcdef",
> options => [
>
> "from=\"server1.mydomain,server1,192.168.1.2\"",
> "no-port-forwarding",
> "no-agent-forwarding",
> ],
> type => "ssh-dss",
>
> }
>
> The entry is in my authorized_keys and puppet recognizes it. The commas
> are present.
>
> Regards,
> Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.