I am attempting to remove an old ssh host key from
/etc/ssh/ssh_known_hosts. In my manifest, I have the following:
# add keys
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}
Sshkey <<| |>>
But I get this error on puppet agents:
root@harper~> puppet agent -t
info: Retrieving plugin
info: Loading facts in datacenter
info: Loading facts in datacenter
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Another local or imported resource exists with the type and title
Sshkey[foohost] on node harper
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
The "add keys" piece above has always worked great for dynamically adding
to/managing the ssh_known_hosts file, but this is the first time I've tried
to do 'ensure => absent' for a specific host's old key. I should note that
the old host "foohost" had its OS rebuilt (was SLES, now CentOS) and I used
the old IP on the new host. Not sure if that would affect it.
The best I could find via Google was
http://projects.puppetlabs.com/issues/11629, but it doesn't provide any
clues as to what needs to be cleaned out or if my manifest syntax is off.
I also tried adding "Sshkey <<| |>>" after "add keys" AND after "remove
key".
I think I need to clean out stale something-or-other for foohost on all my
nodes. Any ideas? Thank you thank you.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FHYnbjSqRIcJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
