So, we use storconfigs (thin) in our environment and recetly start to
see thw following issue:
First of all we use thin storeconfigs, and the only thing we really
use it for currently is ssh keys, however we plan on using ti for
nagios at some point.
In our shop (HPC), we frequently rebuild hosts. Part of that process
has always to clean the clients key from the master with puppet cert
clean hostname1.domain, of course.
Recently, however, I've started seeing more and more often systems
that have been rebuilt, seemingly causing other systems to "loop" when
added/modifying the rebuild hosts ssh key, specifically the alias's
for it...
Our manifest for doing this looks like:
#Collect the host rsa key
class ssh::hostkeys {
@@sshkey { "${fqdn}_rsa":
host_aliases => [ "$fqdn", "$hostname", "$ipaddress" ],
type => rsa,
key => $sshrsakey
}
}
#Export known ssh keys to known_hosts file, aliases by ip, fqdn, and hostname
class ssh::knownhosts {
Sshkey <<| type == 'rsa' |>> {ensure => present}
}
Pretty simple/straight forward.
However, on systems, after somehost1.domain has been rebuilt, show
this over multiple runs:
host_aliases changed [somehost1', 'somehost1.domain', '10.242.67.162']
to '10.242.67.162 somehost somehost1.domain'
I've found the only way to prevent this to to use the
puppetstoredconfigclean.rb script and kill the host from the database.
For now I've simply wrapped this so one can clean the cert and kill
the db entry in one pass.
Is this correct/normal? I assumed, and have been told in IRC, that the
host should overwrite itself in the db. Worthy of a bug report? A
simple mis-config on our end?
Any help would be great.
--
Matthew Nicholson
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
