[Puppet Users] ssh_authorized_key in 2.7.1 and up
Hi, I am currently testing my catalog, that runs fine with 2.6.3, with Puppet 2.7.4. Now I am running into a problem, and I wonder why this was 'fixed' in Puppet the way it was. Please consider http://projects.puppetlabs.com/issues/7888 In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key resources to contain whitespace in their names. This is a problem, because I actually have authorized keys with whitespaces in the comments, and these have been added through Puppet without problems. Now, I could just decide to change the name of the keys, but the real problem is, that I cannot use Puppet 2.7.4 to /remove/ the old key names, due to the 'fix' above. That is rather inconvenient. Besides, is there any REAL reason why a key comment (and the resource name with it) can't contain any whitespace? I know that one should be careful how to specify the resource to prevent it being added repeatedly on every catalog run, but apart from that? I have never had any problems with it. If whitespace is permitted from OpenSSH's point of view, shouldn't Puppet allow it too, and fix problems like this the right way? Or am I missing something? Best regards, Martijn Grendelman [1] http://projects.puppetlabs.com/projects/puppet/repository/revisions/1c7f0c3530846d9935bbc13cda33430cf5632975 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote: Hi, I am currently testing my catalog, that runs fine with 2.6.3, with Puppet 2.7.4. Now I am running into a problem, and I wonder why this was 'fixed' in Puppet the way it was. Please consider http://projects.puppetlabs.com/issues/7888 In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key resources to contain whitespace in their names. This is a problem, because I actually have authorized keys with whitespaces in the comments, and these have been added through Puppet without problems. I also have numerous keys with whitespace in the comments and given that this is valid for SSH, I would agree it should work with Puppet. Besides, is there any REAL reason why a key comment (and the resource name with it) can't contain any whitespace? I know that one should be careful how to specify the resource to prevent it being added repeatedly on every catalog run, but apart from that? I have never had any problems with it. The fix for Issue 7888 doesn't require that the 'name' field not have whitespace, only that the 'key' field not have whitespace, so fixing that bug and allowing whitespace in comments seem compatible. I would suggest opening a bug report that the fix to 7888 was overzealous and they should revert the first part of that patch to allow whitespace in the name field. If whitespace is permitted from OpenSSH's point of view, shouldn't Puppet allow it too, and fix problems like this the right way? Or am I missing something? +1. Cheers, Jonathan --- Jonathan Stantonjonat...@spreadconcepts.com Spread Group Messaging www.spread.org Spread Concepts LLC www.spreadconcepts.com --- smime.p7s Description: S/MIME cryptographic signature
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On 29-09-11 14:03, Jonathan Stanton wrote: On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote: Hi, I am currently testing my catalog, that runs fine with 2.6.3, with Puppet 2.7.4. Now I am running into a problem, and I wonder why this was 'fixed' in Puppet the way it was. Please consider http://projects.puppetlabs.com/issues/7888 In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key resources to contain whitespace in their names. This is a problem, because I actually have authorized keys with whitespaces in the comments, and these have been added through Puppet without problems. I also have numerous keys with whitespace in the comments and given that this is valid for SSH, I would agree it should work with Puppet. Besides, is there any REAL reason why a key comment (and the resource name with it) can't contain any whitespace? I know that one should be careful how to specify the resource to prevent it being added repeatedly on every catalog run, but apart from that? I have never had any problems with it. The fix for Issue 7888 doesn't require that the 'name' field not have whitespace, only that the 'key' field not have whitespace, so fixing that bug and allowing whitespace in comments seem compatible. I would suggest opening a bug report that the fix to 7888 was overzealous and they should revert the first part of that patch to allow whitespace in the name field. http://projects.puppetlabs.com/issues/9796 If whitespace is permitted from OpenSSH's point of view, shouldn't Puppet allow it too, and fix problems like this the right way? Or am I missing something? +1. Best regards, Martijn Grendelman -- iphion B.V. TU/e Innovation Lab 1.15 Horsten 1 - 5612 AX Eindhoven - The Netherlands Tel. +31 40 747 0117 CoC-number: 17194147 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On Thu, Sep 29, 2011 at 01:35:15PM +0200, Martijn Grendelman wrote: Hi, I am currently testing my catalog, that runs fine with 2.6.3, with Puppet 2.7.4. Now I am running into a problem, and I wonder why this was 'fixed' in Puppet the way it was. Please consider http://projects.puppetlabs.com/issues/7888 In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key resources to contain whitespace in their names. This is a problem, because I actually have authorized keys with whitespaces in the comments, and these have been added through Puppet without problems. Actually I wasn't aware that OpenSSH does support the delimiter character in the comment field. But as it turns out also the code that parses the authorized_key file inside puppet can handle these names. So you're right, the type should not reject these. Commented on http://projects.puppetlabs.com/issues/9796 -Stefan pgpmcYt3mom2g.pgp Description: PGP signature