On Mon, Apr 11, 2011 at 01:40:42PM -0700, Forrie wrote:
> I had to write up a quick *.pp to push out SSH keys for our nagios
> user, while I work on a better solution for managing these. To my
> surprise, I found multiples (100 or more?) of the same key in the
> authorized_keys file, which is definitely wrong. I'm including the
> simple code below -- can someone please advise me on what the problem
> is??
>
> The section that handles the virtual user seems to be fine.
>
> Thanks in advance...
>
>
>
> class nagios-ssh-keys {
>
> file { "/home/nagios/.ssh":
> require => User["nagios"],
> ensure => directory,
> owner => "nagios",
> group => "staff",
> mode => "700",
> }
>
> ssh_authorized_key { "nagios":
> ensure => present,
> key => "AAAA[snip]== nagios@host",
> user => "nagios",
> type => "ssh-dss",
> # require => User["nagios"],
> tag => "system",
> }
>
> } # ssh-keysHi, what you're specifying as a key is acutally a key (AAA...) and a comment (nagios@host). As a result puppet will most likely write a corrupt entry to your authorized_key file (because puppet will append the resource's title »nagios« as a comment to your key) and it will not recognize the key when you run puppet the next time (because puppet will parse every line, extract the comment and try to find a resource with that name). So puppet will always think that the key is absent and will then add it to the file. Solution: Dont specify a comment with the key property (at least dont use whitespaces because they are field delimiters in the target file) -Stefan
pgpf1J4oX28rV.pgp
Description: PGP signature
