Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-1616 catch-22 in dependancy ordering for user and ssh_authorized_key Change By: Moses Mendoza Labels: redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title John Duarte updated an issue Puppet / PUP-1616 catch-22 in dependancy ordering for user and ssh_authorized_key Change By: John Duarte Labels: redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title
Nicholas Fagerlund updated an issue
Puppet / PUP-1616
catch-22 in dependancy ordering for user and ssh_authorized_key
Change By:
Nicholas Fagerlund
In theory, the dependancy of the ssh_authorized_key upon the user makes sense, but in practice it fails.You can't create the ssh_authorized_key until the user exists, check.You can't remove the ssh_authorized_key unless the user fails... fail.There's no simple way to order this such that an ssh key is removed when the user is removed.The only way around this problem is the rather ugly: {code} if $ensure == 'absent' {ssh_authorized_key{ "system-$username":ensure => absent,name=> "system-$username",target => "/etc/ssh/keys/$username",user=> $username,type=> $keytype,key => $key, before => User[$username],}}user { $username:ensure => $ensure,comment=> $comment,home => $home,shell => $shell,uid=> $uid,gid=> $groupname,managehome => true,system => false,require=> Group[$groupname]} if $ensure == 'present' {ssh_authorized_key{ "system-$username":ensure => present,name=> "system-$username",target => "/etc/ssh/keys/$username",user=> $username, type=> $keytype,key => $key, } } {code} That seems a long bit unpuppet-like.
Add Comment
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-1616 catch-22 in dependancy ordering for user and ssh_authorized_key Change By: Maggie Dreyer Reporter: redmine.exporter Jo Rhett Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title
redmine.exporter created an issue
Puppet / PUP-1616
catch-22 in dependancy ordering for user and ssh_authorized_key
Issue Type:
Bug
Assignee:
Unassigned
Created:
08/Feb/14 3:09 PM
Labels:
redmine
Priority:
Normal
Reporter:
redmine.exporter
In theory, the dependancy of the ssh_authorized_key upon the user makes sense, but in practice it fails.
You can't create the ssh_authorized_key until the user exists, check. You can't remove the ssh_authorized_key unless the user fails... fail.
There's no simple way to order this such that an ssh key is removed when the user is removed.
The only way around this problem is the rather ugly:
pre if $ensure == 'absent' { ssh_authorized_key { system-$username: ensure = absent, name = system-$username, target = /etc/ssh/keys/$username, user = $username, type = $keytype, key = $key, before = User[$username], }
}
user { $username: ensure = $ensure, comment = $comment, home = $home, shell = $shell, uid = $uid, gid = $groupname, managehome = true, system = false, require = Group[$groupname] }
if $ensure == 'present' { ssh_authorized_key { system-$username: ensure = present, name = system-$username, target = /etc/ssh/keys/$username, user = $username, type = $keytype, key = $key, }
} /pre
That seems a long bit unpuppet-like.
Jira (PUP-1616) catch-22 in dependancy ordering for user and ssh_authorized_key
Title: Message Title Jo Rhett commented on an issue Re: catch-22 in dependancy ordering for user and ssh_authorized_key I am the reporter for this issue, I'd appreciate it if you'd update this in the issue. The only non-tracking comment in the Redmine issue was my own: I’d also like to point out that this problem isn’t just a quiet annoyance. Unless the double-ifed syntax above is used, removal of the user causes a puppet agent run failure report every $runinterval. Add Comment Puppet / PUP-1616 catch-22 in dependancy ordering for user and ssh_authorized_key In theory, the dependancy of the ssh_authorized_key upon the user makes sense, but in practice it fails. You can't create the ssh_authorized_key until the user exists, check. You can't remove the ssh_authorized_key unless the user fails... fail. There's no simple way to order this such that an ssh key is removed when the user is removed. The onl... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You
