Issue #3529 has been reported by Andrew Pollock.
----------------------------------------
Bug #3529: Impossible to add multiple entries for the same host
http://projects.puppetlabs.com/issues/3529
Author: Andrew Pollock
Status: Unreviewed
Priority: Normal
Assigned to:
Category: ssh
Target version:
Affected version: 0.25.4
Keywords:
Branch:
In deployment, we have a server that resolves to different IP addresses in
different locations (via a DNS view).
We'd like to be able to add the SSH host key of both IP addresses to
/etc/ssh/ssh_known_hosts, but can't because of the way the sshkey type is
currently implemented.
Here's an example of what we want to get:
server.corp.example.com,192.168.67.62 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzsg+BglE1A7y9Dw6aiCEB3F8SJxXpd+AJ8DvTmk/Vr00fRO8zL1cY2Nggj6WD+YcjuXWpzbsc/kE3HCjXe7kHInx2Hz4aTVtNO9h2pi7n3hFWRjdN/4D3nsmPy+xxJGQ4AIRjf1+t1npCltvqS4qOhMybl4f92IyeuIETD3IGpBU3T0bQJRCZqQ8ggkalXbREHJcEN49IsHzzJcf4VBEaOMuJKVXx+T7cL4KyfYxNCbmFA6Ezdx+C65fB+g3PKfs9neAbdk1vnFCV3NXHbloSN3USNOe3hhTO4QBzSh1WjXA6q6Zoe9NLwIHXhrQOcltH4DJ/J5ob0qxyUrwB3SvRw==
server.corp.example.com,192.168.128.60 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAu/bQRbOuUL1cllXy+2TGT2YIhjlxZxXDWXtcFs994n95LgACvjOY7ZNFlF3QXy3WeIsdM+Y4+tlV5UCgneMU7m9NdsBejJMIHBucWcx3gx/yuLfUR0Bd4D/gDAPTGpcFE+KPxCP3i/IMOyG3cCJWHv1iBfbIV2QQI1m8LwsLbmgoVwv6QwetJw+6GamV8xKrgQMWnAwQx1nIaRjWYJAeZDBY/vZEnYwtpsju8c3VUqaw3J59hYMg0IE3dMDOEtbBn31/RNIwoM87XLzHrQrRNyADjxy4OI2gIOzOrjYzBtP+v2JLvEGyVc/xupxBh0gewhx4otHHA5Bk/u8AJcpMjQ==
Here's how I'm trying to do it:
sshkey { "server.corp.example.com":
alias => ["server.corp.example.com", "192.168.67.62"],
key =>
"AAAAB3NzaC1yc2EAAAABIwAAAQEAzsg+BglE1A7y9Dw6aiCEB3F8SJxXpd+AJ8DvTmk/Vr00fRO8zL1cY2Nggj6WD+YcjuXWpzbsc/kE3HCjXe7kHInx2Hz4aTVtNO9h2pi7n3hFWRjdN/4D3nsmPy+xxJGQ4AIRjf1+t1npCltvqS4qOhMybl4f92IyeuIETD3IGpBU3T0bQJRCZqQ8ggkalXbREHJcEN49IsHzzJcf4VBEaOMuJKVXx+T7cL4KyfYxNCbmFA6Ezdx+C65fB+g3PKfs9neAbdk1vnFCV3NXHbloSN3USNOe3hhTO4QBzSh1WjXA6q6Zoe9NLwIHXhrQOcltH4DJ/J5ob0qxyUrwB3SvRw==",
type => "rsa",
ensure => present,
}
sshkey { "server.site1.corp.example.com":
alias => ["server.corp.example.com", "192.168.128.60"],
key =>
"AAAAB3NzaC1yc2EAAAABIwAAAQEAu/bQRbOuUL1cllXy+2TGT2YIhjlxZxXDWXtcFs994n95LgACvjOY7ZNFlF3QXy3WeIsdM+Y4+tlV5UCgneMU7m9NdsBejJMIHBucWcx3gx/yuLfUR0Bd4D/gDAPTGpcFE+KPxCP3i/IMOyG3cCJWHv1iBfbIV2QQI1m8LwsLbmgoVwv6QwetJw+6GamV8xKrgQMWnAwQx1nIaRjWYJAeZDBY/vZEnYwtpsju8c3VUqaw3J59hYMg0IE3dMDOEtbBn31/RNIwoM87XLzHrQrRNyADjxy4OI2gIOzOrjYzBtP+v2JLvEGyVc/xupxBh0gewhx4otHHA5Bk/u8AJcpMjQ==",
type => "rsa",
ensure => present,
}
This doesn't work because of the duplicate aliases.
So I've got a problem where I don't really care what the resource is named in
Puppet, but I want to influence the hostname(s) added to
/etc/ssh/ssh_known_hosts. I'm unable to do this because of the tight coupling
between the name of the Puppet resource, and what goes into the known_hosts
file, as well as aliases defining something inside of Puppet as well as what
goes into the file.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
