Re: [Puppet Users] Problem with pushing ssh_authorized_keys
On Mon, Apr 11, 2011 at 01:40:42PM -0700, Forrie wrote:
> I had to write up a quick *.pp to push out SSH keys for our nagios
> user, while I work on a better solution for managing these. To my
> surprise, I found multiples (100 or more?) of the same key in the
> authorized_keys file, which is definitely wrong. I'm including the
> simple code below -- can someone please advise me on what the problem
> is??
>
> The section that handles the virtual user seems to be fine.
>
> Thanks in advance...
>
>
>
> class nagios-ssh-keys {
>
> file { "/home/nagios/.ssh":
> require => User["nagios"],
> ensure => directory,
> owner=> "nagios",
> group=> "staff",
> mode => "700",
> }
>
> ssh_authorized_key { "nagios":
> ensure => present,
> key => "[snip]== nagios@host",
> user => "nagios",
> type => "ssh-dss",
> # require => User["nagios"],
> tag => "system",
> }
>
> } # ssh-keys
Hi,
what you're specifying as a key is acutally a key (AAA...) and a comment
(nagios@host).
As a result puppet will most likely write a corrupt entry to your
authorized_key file (because puppet will append the resource's title
»nagios« as a comment to your key) and it will not recognize the key
when you run puppet the next time (because puppet will parse every line,
extract the comment and try to find a resource with that name).
So puppet will always think that the key is absent and will then add it
to the file.
Solution: Dont specify a comment with the key property (at least dont
use whitespaces because they are field delimiters in the target file)
-Stefan
pgpf1J4oX28rV.pgp
Description: PGP signature
Re: [Puppet Users] Problem with pushing ssh_authorized_keys
On Apr 11, 2011, at 1:40 PM, Forrie wrote:
>ssh_authorized_key { "nagios":
>ensure => present,
>key => "[snip]== nagios@host",
>user => "nagios",
>type => "ssh-dss",
># require => User["nagios"],
>tag => "system",
>}
I believe I remember hearing this can happen if you include things other than
the key in the key field. Try removing "nagios@host" from the key field and
see if it's fixed.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with pushing ssh_authorized_keys
I had to write up a quick *.pp to push out SSH keys for our nagios
user, while I work on a better solution for managing these. To my
surprise, I found multiples (100 or more?) of the same key in the
authorized_keys file, which is definitely wrong. I'm including the
simple code below -- can someone please advise me on what the problem
is??
The section that handles the virtual user seems to be fine.
Thanks in advance...
class nagios-ssh-keys {
file { "/home/nagios/.ssh":
require => User["nagios"],
ensure => directory,
owner=> "nagios",
group=> "staff",
mode => "700",
}
ssh_authorized_key { "nagios":
ensure => present,
key => "[snip]== nagios@host",
user => "nagios",
type => "ssh-dss",
# require => User["nagios"],
tag => "system",
}
} # ssh-keys
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
