Issue #14790 has been reported by Jo Rhett.
----------------------------------------
Bug #14790: catch-22 in dependancy ordering for user and ssh_authorized_key
https://projects.puppetlabs.com/issues/14790
Author: Jo Rhett
Status: Unreviewed
Priority: Normal
Assignee:
Category: agent
Target version: 2.7.x
Affected Puppet version: 2.7.14
Keywords:
Branch:
In theory, the dependancy of the ssh_authorized_key upon the user makes sense,
but in practice it fails.
You can't create the ssh_authorized_key until the user exists, check.
You can't remove the ssh_authorized_key unless the user fails... fail.
There's no simple way to order this such that an ssh key is removed when the
user is removed.
The only way around this problem is the rather ugly:
<pre>
if $ensure == 'absent' {
ssh_authorized_key{ "system-$username":
ensure => absent,
name => "system-$username",
target => "/etc/ssh/keys/$username",
user => $username,
type => $keytype,
key => $key,
before => User[$username],
}
}
user { $username:
ensure => $ensure,
comment => $comment,
home => $home,
shell => $shell,
uid => $uid,
gid => $groupname,
managehome => true,
system => false,
require => Group[$groupname]
}
if $ensure == 'present' {
ssh_authorized_key{ "system-$username":
ensure => present,
name => "system-$username",
target => "/etc/ssh/keys/$username",
user => $username,
type => $keytype,
key => $key,
}
}
</pre>
That seems a long bit unpuppet-like.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
