Re: [Puppet Users] bug with using exported resources?

Mon, 15 Nov 2010 16:49:50 -0800 

You have to use
@@sshkey { $fqdn:
  type => rsa,
  key  => $sshrsakey,
  host_aliases => [ $hostname, $ipaddress],
}

The following happened:
Puppet joins resourcename and hostaliases with a "," to put it in the
file. Because you put everything in the resourcename you end up with
$fqdn,$hostname,$ipaddres

Puppet wrote an entry "$fqdn,$hostname,$ipaddress $type $key" to your
known hosts. On the second run it reads the lines again and know does a
split(",") on the first field. First item ($fqdn) will be interpreted as
the resourcename, all the other items ($hostname,$ipaddress) will be
interpreted as host_aliases.

Puppet recognised that there is no resource called
$fqdn,$hostname,$ipaddress present in the file and creates it again.

You should file a bug about the sshkey type not raising an Error if you
define a resourcename with "," in it.

-Stefan

On Mon, Nov 15, 2010 at 06:02:59AM -0800, Christopher McCrory wrote:
> Hello...
> 
> 
>  Is this a bug or by design?
> 
>  I'm using exported resources to generate /etc/ssh/ssh_known_hosts.  I
> changed the example from the docs to this:
> 
>      @@sshkey { 
>       "$fqdn,$hostname,$ipaddress": type => rsa,
>         key => $sshrsakey,
>      }
> 
> so that I would get one line per host in the ssh_know_hosts file.  What
> happened was that on each run several (all?) keys exported would be
> re-added.  At one point I counted 34 duplicate entries.  I changed the
> module to:
> 
>    @@sshkey { 
>       "$fqdn": type => rsa,
>        key => $sshrsakey,
>     }
>     @@sshkey { 
>       "$hostname": type => rsa,
>        key => $sshrsakey,
>     }
>     @@sshkey { 
>       "$ipaddress": type => rsa,
>        key => $sshrsakey,
>     }
> 
> And now I get three entries for each host and no duplicates.  IS this a
> bug?
> 
> 
> 
>  Using puppet 0.25.4 on Ubuntu 10.04 on the client and puppet 0.25.5
> from epel on centos.  all 32bit servers.
> 
> 
> 
> 
> -- 
> Christopher McCrory
> To the optimist, the glass is half full.
> To the pessimist, the glass is half empty.
> To the engineer, the glass is twice as big as it needs to be.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

Attachment: pgpXf3zlIZUwq.pgp
Description: PGP signature

Reply via email to