Hi all,
Full path:
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb
Two problems:
1) Even if filebucketing is disabled, this (still) tries to backup
authorized_keys to /var/lib/puppet/clientbucket/[...]; no other
modules are doing filebucketing when it's disabled but they
(correctly) do when it is enabled.
2) The filebucketing is (still) being done with euid set to the user
that owns the authorized_keys file, which means it fails since a
normal user could never write to /var/lib/puppet.
I don't know enough ruby to be more detailed than that.
The original line 64 in the file above is:
Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
The equivalent line didn't work in 0.25.4 or 0.25.5 and it still
doesn't work in 2.6.0rc3 (RHEL5.5, rpm from tmz.fedoraproject.org).
If I replace line 64 with the following line, it all works nicely. Of
course, the real problem is that it shouldn't be trying to filebucket
in the first place when that feature is disabled. The only reason I
turned off filebucket at all was to try to get this working and, well,
it continued to try to filebucket, rather annoyingly. :)
Puppet::Util::SUIDManager.asuser('root') { super }
Am I perhaps doing something wrong or do one or both of these appear
to be a genuine bug(s)?
-Jim
Here's the stack trace from puppetd -d output (filebucket is currently
enabled; the output doesn't change when filebucket is disabled):
notice:
/Stage[main]//Sshuser[someuser]/Ssh::Auth::key[someu...@here.com]/ssh_auth_key_server[someu...@here.com]/ssh_authorized_key[someu...@here.com]/ensure:
created
debug: Flushing ssh_authorized_key provider target
/home/someuser/.ssh/authorized_keys
info: FileBucket got a duplicate file
/home/someuser/.ssh/authorized_keys
({md5}d41d8cd98f00b204e9800998ecf8427e)
err:
/Stage[main]//Sshuser[someuser]/Ssh::Auth::key[someu...@here.com]/ssh_auth_key_server[someu...@here.com]/ssh_authorized_key[someu...@here.com]:
Could not evaluate: Could not back up
/home/someuser/.ssh/authorized_keys: Permission denied -
/var/lib/puppet/clientbucket/d/4/1/d/8/c/d/9/d41d8cd98f00b204e9800998ecf8427e/paths
notice:
/Stage[main]//Sshuser[otheruser]/Ssh::Auth::key[otheru...@here.com]/ssh_auth_key_server[otheru...@here.com]/ssh_authorized_key[otheru...@here.com]/ensure:
created
debug: Flushing ssh_authorized_key provider target
/home/someuser/.ssh/authorized_keys
/usr/lib/ruby/1.8/fileutils.rb:1404:in `stat'
/usr/lib/ruby/1.8/fileutils.rb:1404:in `fu_same?'
/usr/lib/ruby/1.8/fileutils.rb:1378:in `fu_each_src_dest'
/usr/lib/ruby/1.8/fileutils.rb:1395:in `fu_each_src_dest0'
/usr/lib/ruby/1.8/fileutils.rb:1377:in `fu_each_src_dest'
/usr/lib/ruby/1.8/fileutils.rb:382:in `cp'
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:109:in `write'
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:56:in `real_write'
/usr/lib/ruby/site_ruby/1.8/puppet/util/filetype.rb:56:in `write'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:95:in `flush_target'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:69:in `flush'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:67:in `each'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:67:in `flush'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/parsedfile.rb:339:in `flush'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb:64:in
`flush'
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb:64:in
`flush'
/usr/lib/ruby/site_ruby/1.8/puppet/type.rb:628:in `flush'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:93:in
`evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:49:in `apply'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:114:in
`eval_children_and_apply_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:92:in `eval_resource'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:143:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:414:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:413:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:135:in `each'
/usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:135:in `evaluate'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:152:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:175:in `benchmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:174:in `benchmark'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:151:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:101:in `with_client'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:37:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in `call'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in `controlled_run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:35:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:114:in `onetime'
/usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:88:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:398:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:301:in `run'
/usr/sbin/puppetd:4
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
