Hi everyone,
I am using puppet 2.7.9 on debian linux setup with gem.
I am trying to setup the define as followed:
----------------------
define user::environment::create_authorized_key ( $dst_user = undef,
$local_file = "/var/lib/keys/${name}", $home = undef, $options = undef ) {
# --[ default parameter given ]--
$src_user_real = "${name}"
$key_src_file = "${local_file}/key.pub"
$key_src_content = file($key_src_file, "/dev/null")
File {
owner => "${dst_user_real}",
group => "${dst_user_real}",
mode => '0440',
}
if ! $dst_user {
$dst_user_real = "${src_user_real}"
}
if $home {
$key_tgt_file = "${home}/.ssh/authorized_keys"
} else {
$key_tgt_file = undef
}
if "${dst_user_real}" == 'root' {
case $home {
undef : { $authorized_keys = '/root/.ssh/authorized_keys' }
default : { $authorized_keys = "${key_tgt_file}" }
}
} else {
case $home {
undef : { $authorized_keys =
"/home/${dst_user_real}/.ssh/authorized_keys" }
default : { $authorized_keys = "${key_tgt_file}" }
}
}
if ! $key_src_content {
notify { "Public key file $key_src_file for key $title not found on
keymaster; skipping ensure => present": }
} else {
if $key_src_content !~ /^(ssh-...) ([^ ]*)/ {
err("Can't parse public key file $key_src_file")
notify { "Can't parse public key file $key_src_file for key
$title on the keymaster: skipping ensure => $ensure": }
} else {
$keytype = $1
$modulus = $2
ssh_authorized_key { "SSH keys: ${src_user_real} -->
${dst_user_real}":
ensure => present,
user => "${dst_user_real}",
target => $key_tgt_file,
type => "${keytype}",
key => "${modulus}",
name => "\"src:${src_user_real} -->
dst:${dst_user_real}\"",
options => $options,
notify => [ Exec["Setting \$HOME rights for
${dst_user_real}"], ],
}
exec { "Forcing ${authorized_keys} rights" :
path => '/bin:/usr/bin:/usr/local/bin',
user => 'root',
logoutput => true,
command => "[ -f \"${authorized_keys}\" ] && chown
${dst_user_real}:${dst_user_real} \"${authorized_keys}\"",
refreshonly => true,
}
Exec["Forcing ${authorized_keys} rights"] ->
Ssh_authorized_key["SSH keys: ${src_user_real} --> ${dst_user_real}"]
}
}
}
------------------------------
When I run this define on my nodes I have to following behavior for several
users:
notice:
/Stage[main]/Base_common_user/User::Ssh::Key[apt-dater]/Ssh_auth_key_server[apt-dater]/Ssh_authorized_key[apt-dater]/ensure:
created
info: FileBucket got a duplicate file {md5}8db5d5c65e547d3971d93dfa0ffcea32
err:
/Stage[main]/Base_common_user/User::Ssh::Key[apt-dater]/Ssh_auth_key_server[apt-dater]/Ssh_authorized_key[apt-dater]:
Could not evaluate: Puppet::Util::FileType::FileTypeFlat could not write
/home/test/.ssh/authorized_keys: Permission denied -
/home/test/.ssh/authorized_keys
Puppet is trying to put the authorized_keys under the wrong ${HOME}:
root@linux-install:/# getent passwd apt-dater
apt-dater:x:9000:9000:Outil de dist-upgrade:/home/apt-dater:/bin/bash
root@linux-install:/# ls -al /home/apt-dater/.ssh/
total 12
drwxr-x--- 2 apt-dater apt-dater 4096 Mar 14 14:25 .
drwxr-xr-x 3 apt-dater apt-dater 4096 Mar 14 14:25 ..
-rw-r----- 1 apt-dater apt-dater 1380 Mar 14 14:36 authorized_keys
Any idea what could be the problem?
Regards,
JM
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
