Issue #10850 has been updated by Walter Heck.
Interesting indeed. I have this for a user define:
<pre>define users::engineer($ensure = present, $userid = undef,
$groupid = undef, $fullname = undef, $admin = undef) {
# if groupid is not specified, set it to the userid
if $fullname == undef {
$fullname_real = $name
} else {
$fullname_real = $fullname
}
# if groupid is not specified, set it to the userid
if $groupid == undef {
$groupid_real = $userid
} else {
$groupid_real = $groupid
}
# for directories, ensure needs to be 'directory' when it is present, so
#setup a variable here to use for each directory style file resource
if ($ensure == present) {
$dir_ensure = directory
} else {
$dir_ensure = $ensure
}
# set up a user
user { $name:
ensure => $ensure,
uid => $userid,
gid => $groupid_real,
comment => $fullname_real,
require => [Group[$name], File["/home/${name}"]]
}
# set up a group
group { $name:
ensure => $ensure,
gid => $groupid_real,
}
# .ssh directory
file { "/home/${name}/.ssh":
ensure => $dir_ensure,
owner => $name,
group => $name,
mode => 0700,
require => User[$name],
}
file { "/home/${name}":
ensure => $dir_ensure,
owner => $name,
group => $name,
mode => 0700,
}
}</pre>
Yet I see the following permissions for user mymomma:
<pre>
root@li159-19:~# ls -lha /home/mymomma/
total 12K
drwx------ 3 root root 4.0K 2012-01-04 13:43 .
drwxr-xr-x 8 root root 4.0K 2012-01-04 13:40 ..
drwx------ 2 root root 4.0K 2012-01-04 13:43 .ssh
</pre>
The ssh resource is indeed:
<pre>
@ssh_authorized_key { "[email protected]":
ensure => "present",
key => "<somekey>",
type => "ssh-dss",
user => "mymomma",
tag => ['users::engineer', 'users::admin']
}
</pre>
but it does show up here:
<pre>
root@li159-19:~# puppetd -tdv | grep mymomma
debug: /Stage[main]/Users::Virtual/Users::Engineer[mymom]/User[mymom]/require:
requires Group[mymom]
debug: /Stage[main]/Users::Virtual/Users::Engineer[mymom]/User[mymom]/require:
requires File[/home/mymom]
debug:
/Stage[main]/Users::Virtual/Users::Engineer[mymom]/File[/home/mymom/.ssh]/require:
requires User[mymom]
debug:
/Stage[main]/Users::Virtual/Users::Engineer[mymom]/File[/home/mymom/.ssh]:
Autorequiring File[/home/mymom]
debug:
/Stage[main]/Users::Ssh_authorized_keys/Ssh_authorized_key[[email protected]]:
Autorequiring User[mymom]
notice:
/Stage[main]/Users::Ssh_authorized_keys/Ssh_authorized_key[[email protected]]/ensure:
created
err:
/Stage[main]/Users::Ssh_authorized_keys/Ssh_authorized_key[[email protected]]:
Could not evaluate: Puppet::Util::FileType::FileTypeFlat could not write
/home/cafuego/.ssh/authorized_keys: Permission denied -
/home/cafuego/.ssh/authorized_keys
notice: /Whit[post]: Dependency Ssh_authorized_key[[email protected]] has
failures: true
</pre>
By the way: master and client are 2.6.2, not 2.7.9. My bad.
----------------------------------------
Bug #10850: ssh_authorized_key doing the wrong thing
https://projects.puppetlabs.com/issues/10850
Author: Ashley Penney
Status: Accepted
Priority: Urgent
Assignee: Matt Robinson
Category: ssh
Target version:
Affected Puppet version: 2.7.9
Keywords:
Branch:
Backstory - I cut and paste my ssh_authorized_key statement to make another
user's key. I changed the title of the resource and the actual key but forgot
to change the 'target =>' setting. This then tried to update apenney instead
of jthompson. I tried to correct this and now puppet errors constantly and as
you can see from below it's trying to write to the old target not the new
target.
notice: /Stage[main]/Users/User[jthompson]/ensure: created
notice: /Stage[main]/Users/Ssh_authorized_key[jthompson]/user: user changed
'apenney' to 'jthompson'
notice: /Stage[main]/Users/Ssh_authorized_key[jthompson]/target: target
changed '/home/apenney/.ssh/authorized_keys' to
'/home/jthompson/.ssh/authorized_keys'
err: /Stage[main]/Users/Ssh_authorized_key[jthompson]: Could not evaluate:
Puppet::Util::FileType::FileTypeFlat could not write
/home/apenney/.ssh/authorized_keys: Permission denied -
/home/apenney/.ssh/authorized_keys
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
