Issue #7009 has been updated by John Goerzen.
Sure.
keys changed to protect the innocent....
<pre>
class accounts::human::sshkeys {
@ssh_authorized_key {"jgoerzen@wile":
key => "...",
user => "jgoerzen",
type => "ssh-rsa",
tag => "humanuser",
require => File["/home/jgoerzen"]
}
}
...
Inside a definition:
Ssh_authorized_key <| user == $name |>
</pre>
I too noticed the code about creating a directory. I am guessing that it is
somehow getting confused seeing the same key in root's authorized_keys and not
bothering to check.
----------------------------------------
Bug #7009: Puppet ssh_authorized_keys fails on one account if key with same
name exists in another account
https://projects.puppetlabs.com/issues/7009
Author: John Goerzen
Status: Needs More Information
Priority: Normal
Assignee: Ben Hughes
Category:
Target version:
Affected Puppet version: 2.6.2
Keywords:
Branch:
Hello,
I have been trying to debug this very strange error:
err: /Stage[main]/Accounts::Human::Sshkeys/Ssh_authorized_key[jgoerzen@wile]:
Could not evaluate: No such file or directory -
/home/jgoerzen/.ssh/authorized_keys
I observed that it went away if I changed the name "jgoerzen@wile" to
"jgoerzen@wile2" in my Puppet .pp files.
This is a "virtual" resource (defined with an @) that is, of course, realized.
This bug is a bit finicky and sometimes doesn't present itself; it seems to be
less likely to present itself if used without being virtual.
I completely rebuilt the Puppet client node multiple times trying to track this
down. Here's what seems to be the cause:
* Puppet is creating the jgoerzen user directly, and ssh_authorized_keys is
creating the single entry jgoerzen@wile for that account.
* Puppet also manages root's authorized_keys file. Puppet has been configured
to add two entries to it, unrelated to jgoerzen@wile.
* Before installing Puppet, /root/.ssh/authorized_keys already contained an
entry for jgoerzen@wile. Puppet contained no instructions for what to do with
this entry and left it in root's authorized_keys file.
* This appears to have caused a great deal of confusion. If I rename this
entry in root's authorized_keys file (again, outside Puppet, since Puppet
wasn't putting it there), then jgoerzen's authorized_keys file is created as
appropriate.
I could make the error go away by manually creating ~jgoerzen/.ssh and
~jgoerzen/.ssh/authorized_keys, but even if I did that, Puppet still wasn't
putting the key in it.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
