Issue #10850 has been updated by Stefan Schulte.
Hi Mike,
this is basically the same problem as Ashleys's.
For puppet a `ssh_authorized_key` resource has to be unique over all files
(uniqueness is determined by the comment of the key, not the target). So if
your manifest says the follwing:
<pre>
ssh_authorized_key { 'foo':
user => ress,
type => not_important,
key => not_important,
</pre>
And puppet parses ress's authorized_key and root's authorized_key and finds
`foo` in both files two things can happen:
1. puppet thinks everything is all right because the foo key is in ress's file
2. puppet thinks target is out of sync because the foo key in root's file while
it should be in ress's file
As you described your problem puppet will always choose the second option on
your system but this may even be random.
But now there is the problem I described earlier:
1. puppet adds the key to ress's file as the user ress -> works
2. puppet removes the key from root's file as the user ress -> fails
3. Result: on each puppet run puppet tries to move the key again
----------------------------------------
Bug #10850: ssh_authorized_key doing the wrong thing
https://projects.puppetlabs.com/issues/10850
Author: Ashley Penney
Status: Accepted
Priority: Urgent
Assignee: Matt Robinson
Category: ssh
Target version:
Affected Puppet version: 2.7.9
Keywords:
Branch:
Backstory - I cut and paste my ssh_authorized_key statement to make another
user's key. I changed the title of the resource and the actual key but forgot
to change the 'target =>' setting. This then tried to update apenney instead
of jthompson. I tried to correct this and now puppet errors constantly and as
you can see from below it's trying to write to the old target not the new
target.
notice: /Stage[main]/Users/User[jthompson]/ensure: created
notice: /Stage[main]/Users/Ssh_authorized_key[jthompson]/user: user changed
'apenney' to 'jthompson'
notice: /Stage[main]/Users/Ssh_authorized_key[jthompson]/target: target
changed '/home/apenney/.ssh/authorized_keys' to
'/home/jthompson/.ssh/authorized_keys'
err: /Stage[main]/Users/Ssh_authorized_key[jthompson]: Could not evaluate:
Puppet::Util::FileType::FileTypeFlat could not write
/home/apenney/.ssh/authorized_keys: Permission denied -
/home/apenney/.ssh/authorized_keys
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
