Jira (PUP-2635) user purge_ssh_keys not purged
Title: Message Title
Doug Byrne commented on an issue
Re: user purge_ssh_keys not purged
I applied the patch and the resources are ensured absent. Combined with the patch from PUP-2660, it appears to be working. I tried it on both my minimal test, and on one of my normal hosts.
Add Comment
Puppet / PUP-2635
user purge_ssh_keys not purged
I'm using Puppet 3.6.0 on Ubuntu 12.04 and I'm trying to purge unmanaged ssh authorized keys. I've added this code to my manifest: {code} user { 'ubuntu': purge_ssh_keys = true, home = '/home/ubuntu', } {code} However, no keys are purged. I do see the following lines in the agent debug output: {noformat} Debug: /Stage[main]/Role...
This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede)
--
You received this message because you are subscribed to the Google Groups Puppet Bugs group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2635) user purge_ssh_keys not purged
Title: Message Title
Doug Byrne commented on an issue
Re: user purge_ssh_keys not purged
The following manifest shows the original issue:
keytest.pp
package {'python-dev': ensure = present, }
ssh_authorized_key { 'doug':
ensure = present,
key= 'B3NzaC1yc2EDAQABAAABAQC81jWIxrZpzL+IFE9S4yJNMrANeOJke0CbFmk8pBz4rI8RZ+1JBZdD5aZnO15nLVYZlQq1D8BLHy3F02EhfmQBINHUPA373SUedEUPqByQBOslp11sK/u0Op0X7hhW902hOFRszb9VODJifWnkB2bj4FDED6zQf8cIeTIO15CyYxPPeT/EBZ9G4RJsAItXf2ktwWaO94FGcnNYMUzvpsJCMwI4XY8ArqQBsRSrGnauhBD3e1MuqnLF4ujOqLYBwfZ5gw5VSar5i/oSsGswgwjKxmuO0hfTxDVROoIn24AHSTm38lF34djEWIASELEWxDjnFDamawfU2Dpm2MK90Jk/',
type = 'ssh-rsa',
user = 'ubuntu',
}
user { 'ubuntu':
purge_ssh_keys = true,
home = '/home/ubuntu',
}
I tried multiple packages, all of them appear to have the same behavior.
Agent output:
ubuntu@keytest:~$ sudo puppet apply keytest.pp --noop -d
Info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/rabbitmq_erlang_cookie.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/windows_common_appdata.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb
Info: Loading facts in /var/lib/puppet/lib/facter/rvm_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/os_maj_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/doolli_pem.rb
Info: Loading facts in /var/lib/puppet/lib/facter/syslog.rb
Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/iptables_persistent_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/rvm_installed.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Debug: Failed to load library 'selinux' for feature 'selinux'
Notice: Compiled catalog for keytest.doolli.com in environment production in 0.35 seconds
Debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
Debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
Debug: Puppet::Type::Package::ProviderPkgin: file pkgin does not exist
Debug: Puppet::Type::Package::ProviderZypper: file /usr/bin/zypper does not exist
Debug: Puppet::Type::Package::ProviderPortupgrade: file /usr/local/sbin/portupgrade does not exist
Debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_delete does not exist
Debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/emerge does not exist
Debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_delete does not exist
Debug: Puppet::Type::Package::ProviderOpkg: file opkg does not exist
Debug: Puppet::Type::Package::ProviderRpm: file rpm does not exist
Debug: Puppet::Type::Package::ProviderAptrpm: file rpm does not exist
Debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
Debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
Debug: Puppet::Type::Package::ProviderAix:
Jira (PUP-2635) user purge_ssh_keys not purged
Title: Message Title
Doug Byrne commented on an issue
Re: user purge_ssh_keys not purged
For your test, I get the same results.
Notice: Compiled catalog for keytest.doolli.com in environment production in 0.18 seconds
Notice: /Stage[main]/Main/Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea]/ensure: current_value present, should be absent (noop)
Notice: /Stage[main]/Main/Ssh_authorized_key[doug]/ensure: current_value present, should be absent (noop)
Notice: foo: Would have triggered 'refresh' from 2 events
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.17 seconds
To perform a second test, I created the following as keytest.pp:
keytest.pp
ssh_authorized_key { 'doug':
ensure = present,
key= 'B3NzaC1yc2EDAQABAAABAQC81jWIxrZpzL+IFE9S4yJNMrANeOJke0CbFmk8pBz4rI8RZ+1JBZdD5aZnO15nLVYZlQq1D8BLHy3F02EhfmQBINHUPA373SUedEUPqByQBOslp11sK/u0Op0X7hhW902hOFRszb9VODJifWnkB2bj4FDED6zQf8cIeTIO15CyYxPPeT/EBZ9G4RJsAItXf2ktwWaO94FGcnNYMUzvpsJCMwI4XY8ArqQBsRSrGnauhBD3e1MuqnLF4ujOqLYBwfZ5gw5VSar5i/oSsGswgwjKxmuO0hfTxDVROoIn24AHSTm38lF34djEWIASELEWxDjnFDamawfU2Dpm2MK90Jk/',
type = 'ssh-rsa',
user = 'ubuntu',
}
user { 'ubuntu':
purge_ssh_keys = true,
home = '/home/ubuntu',
}
Then I ran puppet apply:
ubuntu@keytest:~$ sudo puppet apply keytest.pp --noop
Notice: Compiled catalog for keytest.doolli.com in environment production in 0.20 seconds
Notice: /Stage[main]/Main/Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea]/ensure: current_value present, should be absent (noop)
Notice: ubuntu: Would have triggered 'refresh' from 1 events
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.12 seconds
ubuntu@keytest:~$ sudo puppet apply keytest.pp
Notice: Compiled catalog for keytest.doolli.com in environment production in 0.20 seconds
Notice: /Stage[main]/Main/Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea]/ensure: removed
Error: /Stage[main]/Main/Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea]: Could not evaluate: Cannot write SSH authorized keys without user
Notice: /Stage[main]/Main/Ssh_authorized_key[doug]: Dependency Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea] has failures: true
Warning: /Stage[main]/Main/Ssh_authorized_key[doug]: Skipping because of failed dependencies
Notice: Finished catalog run in 0.11 seconds
Still not quite there.
Debug output follows:
ubuntu@keytest:~$ sudo puppet apply keytest.pp -d
Info: Loading facts in
Jira (PUP-2635) user purge_ssh_keys not purged
Title: Message Title Doug Byrne commented on an issue Re: user purge_ssh_keys not purged I created a new host for investigation of this issue. Below is the authorized_keys file: # HEADER: This file was autogenerated at Fri May 23 11:34:50 + 2014 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. ssh-rsa B3NzaC1yc2EDAQABAAABAQCpIyCCUkkW4CancW11RlGGmcHyIFtwsgIMQGAdBe3WCc+W9MtZDFEFi3XdHQnSRpbsUuiKhiUIKQfuTWXueWIPxtG+Ujde7Ch5MYPbRZ9MDzSYz2MU8/Ir/y7vNLZBadAR131Ok35qL12TMI0Hpzu2o9Y5ZMaf0uoApZAlotJgSsmFAJyq3rdIeIIpdEvTa3C8Yk9ng1p9Dv3nHdx/SpomFIO7rIKIp/vnxplDMBzU7c3akmbI5G3adcRVbZaxiBgJ4X5OKancyq25jqQtduQmgmDOsyr9+DbhcuUafmHpk/lLQ9c8VgvyqbJBaJ7N45NlBGkaZy/frdSeJ+HSEXTr foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea ssh-rsa B3NzaC1yc2EDAQABAAABAQC81jWIxrZpzL+IFE9S4yJNMrANeOJke0CbFmk8pBz4rI8RZ+1JBZdD5aZnO15nLVYZlQq1D8BLHy3F02EhfmQBINHUPA373SUedEUPqByQBOslp11sK/u0Op0X7hhW902hOFRszb9VODJifWnkB2bj4FDED6zQf8cIeTIO15CyYxPPeT/EBZ9G4RJsAItXf2ktwWaO94FGcnNYMUzvpsJCMwI4XY8ArqQBsRSrGnauhBD3e1MuqnLF4ujOqLYBwfZ5gw5VSar5i/oSsGswgwjKxmuO0hfTxDVROoIn24AHSTm38lF34djEWIASELEWxDjnFDamawfU2Dpm2MK90Jk/ doug The formeman key should be purged, but: Debug: /Stage[main]/Role::Keytest/Ssh_authorized_key[foreman-122dc11d6-bd1e-43e7-a00d-f8e2d0af54ea]: Nothing to manage: no ensure and the resource doesn't exist Add Comment Puppet / PUP-2635 user purge_ssh_keys not purged I'm using Puppet 3.6.0 on Ubuntu 12.04 and I'm trying to purge unmanaged ssh
Jira (PUP-2635) user purge_ssh_keys not purged
Title: Message Title
Doug Byrne created an issue
Puppet / PUP-2635
user purge_ssh_keys not purged
Issue Type:
Bug
Affects Versions:
3.6.0
Assignee:
Kylo Ginsberg
Components:
Types and Providers
Created:
22/May/14 8:01 AM
Environment:
Ubuntu 12.04
Priority:
Normal
Reporter:
Doug Byrne
I'm using Puppet 3.6.0 on Ubuntu 12.04 and I'm trying to purge unmanaged ssh authorized keys.
I've added this code to my manifest:
user { 'ubuntu': purge_ssh_keys = true, home = '/home/ubuntu', }
However, no keys are purged. I do see the following lines in the agent debug output:
Debug: /Stage[main]/Role::Search/Ssh_authorized_key[key2purge1]: Nothing to manage: no ensure and the resource doesn't exist Debug: /Stage[main]/Role::Search/Ssh_authorized_key[key2purge2]: Nothing to manage: no ensure and the resource doesn't exist
Those are the two keys that I expect would be purged. It appears that puppet has correctly identified the keys to purge, and
