Puppet users - May 2013 - ssh_authorized_key filling /var/log/messages

Having weird issue that I can''t seem to find any solution to:

puppet 2.7.21 and 2.6.9

here is my stanza: ssh_authorized_key{ “$name”:

              ensure => present,
              name => "$name",
              key => "$key",
              type => $type,
              user => "$name",
              require => File["$myhome/.ssh"]

}

All the variables are declared correctly. This works without any issues 
except that the authorized_key file gets updated each time puppet runs. The 
only thing that changes is the timestamp in the HEADER section of the file. 
This in turn creates continual entries in the clientbucket and 
/var/log/messages.

Running in debug is this: The container users::Mkuser[] will propagate my 
refresh event debug: users::Mkuser[]: The container Class[T4_users] will 
propagate my refresh event debug: Class[users]: The container Stage[main] 
will propagate my refresh event

In the clientbucket there are no indication that anything else changed nor 
was updated.

As you can see I have no ssh “options”, the whole thing is vanilla. The 
required file simply ensures that .ssh directory exist and it is correct 
permission. No changes to this directory take place.

Looking online people tend to have issues if options aren''t specified 
correctly or permission issue, neither of which are my issue (I don''t
use
options, and permissions are set correctly).

Any help would be greatly appreciated!


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

On Fri, 31 May 2013 15:56:30 -0700 (PDT)
Marek Dohojda <chrobry@gmail.com> wrote:
> Having weird issue that I can''t seem to find any solution to:
> 
> puppet 2.7.21 and 2.6.9
> 
> here is my stanza: ssh_authorized_key{ “$name”:
> 
>               ensure => present,
>               name => "$name",
>               key => "$key",
>               type => $type,
>               user => "$name",
>               require => File["$myhome/.ssh"]
> 
> }
a common pitfall is that name contains spaces (at least trailing spaces
should cause issues) or that people specify the key parameter as
something like "ssh-rsa  AAAAB3NzaC1kc3MAAA" while instead you have to
specify "AAAAB3NzaC1kc3MAAA" as the key and "ssh-rsa" as the
type.

So does `$key` contain any spaces? Does `$name` contain any trailing
spaces?

Can you please post one of the entries that is filling up
your /var/log/messages?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte
wrote:
>
> On Fri, 31 May 2013 15:56:30 -0700 (PDT) 
> Marek Dohojda <chr...@gmail.com <javascript:>> wrote: 
>
> > Having weird issue that I can''t seem to find any solution to:
> > 
> > puppet 2.7.21 and 2.6.9 
> > 
> > here is my stanza: ssh_authorized_key{ �$name�: 
> > 
> >               ensure => present, 
> >               name => "$name", 
> >               key => "$key", 
> >               type => $type, 
> >               user => "$name", 
> >               require => File["$myhome/.ssh"] 
> > 
> > } 
>
> a common pitfall is that name contains spaces (at least trailing spaces 
> should cause issues) or that people specify the key parameter as 
> something like "ssh-rsa  AAAAB3NzaC1kc3MAAA" while instead you
have to
> specify "AAAAB3NzaC1kc3MAAA" as the key and "ssh-rsa"
as the type.
>
> So does `$key` contain any spaces? Does `$name` contain any trailing 
> spaces? 
>
> Can you please post one of the entries that is filling up 
> your /var/log/messages? 
>
> -Stefan 
>
I wish it was so simple :) I ensured the keys are fine, and there are no 
spaces.

here is a sample (sanitized)
(/Stage[main]/<class>/<class>::Mkuser[<user>]/Ssh_authorized_key[<user>]/ensure)
created




 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

On Mon, 3 Jun 2013 09:15:56 -0700 (PDT)
Marek Dohojda <chrobry@gmail.com> wrote:
> 
> 
> On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte wrote:
> >
> > On Fri, 31 May 2013 15:56:30 -0700 (PDT) 
> > Marek Dohojda <chr...@gmail.com <javascript:>> wrote: 
> >
> > > Having weird issue that I can''t seem to find any
solution to:
> > > 
> > > puppet 2.7.21 and 2.6.9 
> > > 
> > > here is my stanza: ssh_authorized_key{ �$name�: 
> > > 
> > >               ensure => present, 
> > >               name => "$name", 
> > >               key => "$key", 
> > >               type => $type, 
> > >               user => "$name", 
> > >               require => File["$myhome/.ssh"] 
> > > 
> > > } 
> >
> > a common pitfall is that name contains spaces (at least trailing
> > spaces should cause issues) or that people specify the key
> > parameter as something like "ssh-rsa  AAAAB3NzaC1kc3MAAA"
while
> > instead you have to specify "AAAAB3NzaC1kc3MAAA" as the key
and
> > "ssh-rsa" as the type. 
> >
> > So does `$key` contain any spaces? Does `$name` contain any
> > trailing spaces? 
> >
> > Can you please post one of the entries that is filling up 
> > your /var/log/messages? 
> >
> > -Stefan 
> >
> 
> I wish it was so simple :) I ensured the keys are fine, and there are
> no spaces.
> 
> here is a sample (sanitized)
>
(/Stage[main]/<class>/<class>::Mkuser[<user>]/Ssh_authorized_key[<user>]/ensure)
> created
> 
> 
> 
> 
>  
> 
So puppet thinks the key is absent otherwise it would not print this
message. But you also do not see duplicate key entries, right?

Without your actual manifest and the file content I can only take
guesses here:

- do you manage the authorized key file in any way besides
  ssh_authorized_key resources? Are you sure you do not have some file
  { ''authorized_key'' :ensure => absent} around that would
cause puppet
  to delete and recreate the file in every run?
- for security reasons the authorized_key file is modifed as the user
  specified with the `user` parameter. Is this one able to read and
  write to the file? Is `~username/.ssh/authorized_keys` owned by
  the user specified with the `user` parameter?
- do you have the same key in another `authorized_key` file regardless
  if you manage this second key with puppet or not? By the same key, I
  mean an ssh key with the same comment (which puppet mapps to the
  `name` parameter)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.