[Puppet - Refactor #2495] Sshkey can spam host file

Wed, 01 Dec 2010 15:30:51 -0800 

Issue #2495 has been updated by Stefan Schulte.


@Andrew: host_aliases already enforces an array:
   
    if value =~ /,/
      raise Puppet::Error, "Aliases must be provided as an array, not a 
comma-separated list"
    end

You can still put invalid domainnames in it though.
----------------------------------------
Refactor #2495: Sshkey can spam host file
https://projects.puppetlabs.com/issues/2495

Author: Anselm Strauss
Status: Ready for Checkin
Priority: Normal
Assignee: 
Category: ssh
Target version: Statler
Affected Puppet version: 0.24.8
Branch: 


Since I wanted to use multiple hostnames for a key in /etc/ssh/ssh_known_hosts 
I used the name attribute of Sshkey and set a string like:

<pre>
<code class="ruby">
sshkey { 'key1':
  type => 'rsa',
  key => 'abc123',
  target => $file,
  name => 'host,host.domain,ip',
}
</code>
</pre>

This correctly installs the key in ssh_known_hosts with all hostnames, but adds 
it again and again every time puppet runs. Eventually, the file gets bigger and 
bigger, as does the file bucket if it is used. In my case this spammed the /var 
filesystem and puppet could not run any more, which is not very nice.

Of course the correct way to use Sshkey is to set one name in the name 
attribute and an array of additional hostnames in the alias variable, which 
then works as expected:

<pre>
<code class="ruby">
sshkey { 'key1':
  type => 'rsa',
  key => 'abc123',
  target => $file,
  name => 'host',
  alias => ['host.domain', 'ip'],
}
</code>
</pre>

But still, I found that the first solution is not that obviously wrong and the 
result was very harmful for such a small mistake.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to