Issue #3529 has been updated by Luke Kanies. Status changed from Needs design decision to Accepted
This is basically not possible with how keys are managed, at least for as long as Puppet only supports a single primary key. Isn't this doable by just adding the IP address as a second alias to the host? E.g.: <pre> server.corp.example.com,192.168.67.62,192.168.67.60 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzsg+BglE1A7y9Dw6aiCEB3F8SJxXpd+AJ8DvTmk/Vr00fRO8zL1cY2Nggj6WD+YcjuXWpzbsc/kE3HCjXe7kHInx2Hz4aTVtNO9h2pi7n3hFWRjdN/4D3nsmPy+xxJGQ4AIRjf1+t1npCltvqS4qOhMybl4f92IyeuIETD3IGpBU3T0bQJRCZqQ8ggkalXbREHJcEN49IsHzzJcf4VBEaOMuJKVXx+T7cL4KyfYxNCbmFA6Ezdx+C65fB+g3PKfs9neAbdk1vnFCV3NXHbloSN3USNOe3hhTO4QBzSh1WjXA6q6Zoe9NLwIHXhrQOcltH4DJ/J5ob0qxyUrwB3SvRw== </pre> Note I haven't tried it, I just think it works. ---------------------------------------- Bug #3529: Impossible to add multiple entries for the same host http://projects.puppetlabs.com/issues/3529 Author: Andrew Pollock Status: Accepted Priority: Normal Assigned to: Luke Kanies Category: ssh Target version: Affected version: 0.25.4 Keywords: Branch: In deployment, we have a server that resolves to different IP addresses in different locations (via a DNS view). We'd like to be able to add the SSH host key of both IP addresses to /etc/ssh/ssh_known_hosts, but can't because of the way the sshkey type is currently implemented. Here's an example of what we want to get: <pre> server.corp.example.com,192.168.67.62 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzsg+BglE1A7y9Dw6aiCEB3F8SJxXpd+AJ8DvTmk/Vr00fRO8zL1cY2Nggj6WD+YcjuXWpzbsc/kE3HCjXe7kHInx2Hz4aTVtNO9h2pi7n3hFWRjdN/4D3nsmPy+xxJGQ4AIRjf1+t1npCltvqS4qOhMybl4f92IyeuIETD3IGpBU3T0bQJRCZqQ8ggkalXbREHJcEN49IsHzzJcf4VBEaOMuJKVXx+T7cL4KyfYxNCbmFA6Ezdx+C65fB+g3PKfs9neAbdk1vnFCV3NXHbloSN3USNOe3hhTO4QBzSh1WjXA6q6Zoe9NLwIHXhrQOcltH4DJ/J5ob0qxyUrwB3SvRw== server.corp.example.com,192.168.128.60 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu/bQRbOuUL1cllXy+2TGT2YIhjlxZxXDWXtcFs994n95LgACvjOY7ZNFlF3QXy3WeIsdM+Y4+tlV5UCgneMU7m9NdsBejJMIHBucWcx3gx/yuLfUR0Bd4D/gDAPTGpcFE+KPxCP3i/IMOyG3cCJWHv1iBfbIV2QQI1m8LwsLbmgoVwv6QwetJw+6GamV8xKrgQMWnAwQx1nIaRjWYJAeZDBY/vZEnYwtpsju8c3VUqaw3J59hYMg0IE3dMDOEtbBn31/RNIwoM87XLzHrQrRNyADjxy4OI2gIOzOrjYzBtP+v2JLvEGyVc/xupxBh0gewhx4otHHA5Bk/u8AJcpMjQ== </pre> Here's how I'm trying to do it: <pre> sshkey { "server.corp.example.com": alias => ["server.corp.example.com", "192.168.67.62"], key => "AAAAB3NzaC1yc2EAAAABIwAAAQEAzsg+BglE1A7y9Dw6aiCEB3F8SJxXpd+AJ8DvTmk/Vr00fRO8zL1cY2Nggj6WD+YcjuXWpzbsc/kE3HCjXe7kHInx2Hz4aTVtNO9h2pi7n3hFWRjdN/4D3nsmPy+xxJGQ4AIRjf1+t1npCltvqS4qOhMybl4f92IyeuIETD3IGpBU3T0bQJRCZqQ8ggkalXbREHJcEN49IsHzzJcf4VBEaOMuJKVXx+T7cL4KyfYxNCbmFA6Ezdx+C65fB+g3PKfs9neAbdk1vnFCV3NXHbloSN3USNOe3hhTO4QBzSh1WjXA6q6Zoe9NLwIHXhrQOcltH4DJ/J5ob0qxyUrwB3SvRw==", type => "rsa", ensure => present, } sshkey { "server.site1.corp.example.com": alias => ["server.corp.example.com", "192.168.128.60"], key => "AAAAB3NzaC1yc2EAAAABIwAAAQEAu/bQRbOuUL1cllXy+2TGT2YIhjlxZxXDWXtcFs994n95LgACvjOY7ZNFlF3QXy3WeIsdM+Y4+tlV5UCgneMU7m9NdsBejJMIHBucWcx3gx/yuLfUR0Bd4D/gDAPTGpcFE+KPxCP3i/IMOyG3cCJWHv1iBfbIV2QQI1m8LwsLbmgoVwv6QwetJw+6GamV8xKrgQMWnAwQx1nIaRjWYJAeZDBY/vZEnYwtpsju8c3VUqaw3J59hYMg0IE3dMDOEtbBn31/RNIwoM87XLzHrQrRNyADjxy4OI2gIOzOrjYzBtP+v2JLvEGyVc/xupxBh0gewhx4otHHA5Bk/u8AJcpMjQ==", type => "rsa", ensure => present, } </pre> This doesn't work because of the duplicate aliases. So I've got a problem where I don't really care what the resource is named in Puppet, but I want to influence the hostname(s) added to /etc/ssh/ssh_known_hosts. I'm unable to do this because of the tight coupling between the name of the Puppet resource, and what goes into the known_hosts file, as well as aliases defining something inside of Puppet as well as what goes into the file. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
