Re: [Puppet Users] Problem with pushing ssh_authorized_keys
On Mon, Apr 11, 2011 at 01:40:42PM -0700, Forrie wrote: > I had to write up a quick *.pp to push out SSH keys for our nagios > user, while I work on a better solution for managing these. To my > surprise, I found multiples (100 or more?) of the same key in the > authorized_keys file, which is definitely wrong. I'm including the > simple code below -- can someone please advise me on what the problem > is?? > > The section that handles the virtual user seems to be fine. > > Thanks in advance... > > > > class nagios-ssh-keys { > > file { "/home/nagios/.ssh": > require => User["nagios"], > ensure => directory, > owner=> "nagios", > group=> "staff", > mode => "700", > } > > ssh_authorized_key { "nagios": > ensure => present, > key => "[snip]== nagios@host", > user => "nagios", > type => "ssh-dss", > # require => User["nagios"], > tag => "system", > } > > } # ssh-keys Hi, what you're specifying as a key is acutally a key (AAA...) and a comment (nagios@host). As a result puppet will most likely write a corrupt entry to your authorized_key file (because puppet will append the resource's title »nagios« as a comment to your key) and it will not recognize the key when you run puppet the next time (because puppet will parse every line, extract the comment and try to find a resource with that name). So puppet will always think that the key is absent and will then add it to the file. Solution: Dont specify a comment with the key property (at least dont use whitespaces because they are field delimiters in the target file) -Stefan pgpf1J4oX28rV.pgp Description: PGP signature
Re: [Puppet Users] Problem with pushing ssh_authorized_keys
On Apr 11, 2011, at 1:40 PM, Forrie wrote: >ssh_authorized_key { "nagios": >ensure => present, >key => "[snip]== nagios@host", >user => "nagios", >type => "ssh-dss", ># require => User["nagios"], >tag => "system", >} I believe I remember hearing this can happen if you include things other than the key in the key field. Try removing "nagios@host" from the key field and see if it's fixed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with pushing ssh_authorized_keys
I had to write up a quick *.pp to push out SSH keys for our nagios user, while I work on a better solution for managing these. To my surprise, I found multiples (100 or more?) of the same key in the authorized_keys file, which is definitely wrong. I'm including the simple code below -- can someone please advise me on what the problem is?? The section that handles the virtual user seems to be fine. Thanks in advance... class nagios-ssh-keys { file { "/home/nagios/.ssh": require => User["nagios"], ensure => directory, owner=> "nagios", group=> "staff", mode => "700", } ssh_authorized_key { "nagios": ensure => present, key => "[snip]== nagios@host", user => "nagios", type => "ssh-dss", # require => User["nagios"], tag => "system", } } # ssh-keys -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.