[Puppet Users] ssh_authorized_key loops when options is defined

Fri, 13 May 2011 04:20:14 -0700 

Hi all,

I have no problem with creating ssh keys for users, but as soon as I
specify 'options', puppet keeps repeating and replacing the key with
an identical key.

I have written the various options in various formats, like one big
strings, as an array, with double quotes or single quotes, etc, etc
(see examples below), but the issue stays

as a string ...

@authorizedkey {
   "userx_dss":
        user     => "userx",
        type     => "ssh-dss",
        key      => "AAAA...=",
        options => 'from="server1.mydomain,server1,192.168.1.2",no-
port-forwarding,no-agent-forwarding',
}

as an array ...

@authorizedkey {
   "userx_dss":
        user     => "userx",
        type     => "ssh-dss",
        key      => "AAAA...=",
        options => [
           "from=\"server1.mydomain,server1,192.168.1.2\"",
           ",no-port-forwarding",
           ",no-agent-forwarding",
        ];
}

When I run puppet (puppetd --test --noop), it reports the value has to
be changed from x to y. The problem is that x and y are identical and
even if I let puppet correct it, the next run it will report it again

notice: /Stage[init]/Authorizedkey::Userx/Authorizedkey[userx_dss]/
Ssh_authorized_key[userx_dss]/options: current_value
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding, should be
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding (noop)

The acual key (.ssh/authorized_keys) for userx works fine and looks
like this
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding ssh-dss AAAA...= userx_dss

This looks to me like a bug where puppet does something weird as soon
as a comma is somewhere down the options line. If I put a single
option in there, puppet runs fine (and only once)

This works fine
        options => "no-port-forwarding",

and this doesn't
        options => "no-port-forwarding,no-agent-forwarding",

please advice

Regards,
Rene

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to