On Nov 12, 1:50 am, "Tobias Lott" <tl...@ebel-syste.ms> wrote: > Only the correct keys are actually distributed, however this Problem > occurs only on some Machines weather its Ubuntu (10.10) 32 or 64 Bit.
> Additionally the authorized_key files are being flooded with the same keys > over and over again. > F.e. if one user has only 1 Key its appended almost every run, whats the > problem there? I speculate that puppetd is being prevented from reading (some of the) authorized_keys files when it attempts to determine which keys are already installed. That would explain the error messages you reported. Somehow it can still create or update at least some of the files, however; that would explain the key duplication. Being able to write but not read a file would be very screwy, but by no means impossible. Since the problem appears only on some systems, comparing systems on which it works to systems on which it doesn't may be illuminating. Particular things to consider: * Is the Puppet client running as root? * Is SELinux enabled in enforcing mode? * Are user home directories mounted via NFS with root-squashing, such that the local root user does not have privileged accss to them? * Do any relevant files or directories (including parent directories) have strange permissions? For instance, directories with execute (or read) permission disabled? * Generally, is there some other mechanism that may be denying puppetd access to the authorized_keys files? Altthough the key duplication could easily be a symptom of the same underlying issue as the error messages, it could also reflect a separate issue. Compare the keys as installed on the client to the definitions in your manifest -- do you see anything that could explain Puppet not recognizing the installed key as the same one it wants to ensure present? > I've tried to remove the file and let puppet create it, but its still the > same. Is there anything unusual about the authorized_key files that result from this treatment? For example, unexpected UID/GID or permissions? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
