Re: [Puppet Users] Re: Newbie trying ModuleSSHAuth : getting resource Ssh_auth_key_namecheck[id_rsa] already exists.

[Andrew Schulman]

> Still I have something I don't understand. With the following I expect
> to log in as user1 with user2 key pair :
> 
> class user::virtuals {
> 
>         @user { "user1":
>                 uid     => "1001",
>                 gid     => "group",
>                 comment => "name",
>                 home    => "/home/user1",
>         }
>         ssh::auth::key { "us...@lan": }
>         @user { "user2":
>                 uid     => "1003",
>                 gid     => "group",
>                 comment => "name",
>                 home    => "/home/user2",
>         }
>         ssh::auth::key { "us...@lan": }
> }
> 
> class user::admins inherits user::virtuals {
> 
>         realize User["user1"]
> 
>         ssh::auth::client { "us...@lan": }
> 
>         ssh::auth::server { "us...@lan": }
>         ssh::auth::server { "us...@lan": user => "user1" }
> }
> 
> node node1 {
>         include user::admins
> }
> 
> I get :
> 
> puppetd[6286]: (//user::virtuals/Ssh::Auth::key[us...@lan]/
> ssh_auth_key_server[us...@lan]/File[/home/user2/.ssh/authorized_keys]/
> ensure) change from absent to present failed: Could not set present on
> ensure: No such file or directory - /home/user2/.ssh/authorized_keys
> at /etc/puppet/modules/ssh/manifests/auth.pp:311
> puppetd[6286]: (//user::virtuals/Ssh::Auth::key[us...@lan]/
> ssh_auth_key_server[us...@lan]/ssh_authorized_key[us...@lan]/ensure)
> created
> puppetd[6286]: Got an uncaught exception of type Errno::ENOENT: No
> such file or directory - /home/user2/.ssh

There are actually two problems here:

(1) ssh::auth was trying to authorize the us...@lan key in the wrong place, i.e.
in /home/user2/.ssh/authorized_keys.  I just uploaded a new release, 0.3.2, that
fixes this problem.

(2) $home/.ssh didn't exist (in this case it was incorrectly /home/user2/.ssh,
but the same problem could hold for the correct /home/user1/.ssh).  At first I
thought that ssh::auth could create and manage that directory for you, but after
some trying it became clear that it can't, because there's no way to guarantee
that the declaration of that directory is unique.  So the site administrator is
going to have to be responsible for managing $home/.ssh.  I've updated Example 1
and the Detailed Usage in the docs to show this.

Please test and report!

Thanks,
Andrew.

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.