Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Listed ssh keys are purged #70

Closed
5obol opened this issue Jan 16, 2017 · 8 comments
Closed

Listed ssh keys are purged #70

5obol opened this issue Jan 16, 2017 · 8 comments
Labels
bug
Milestone
1.6

Comments

@5obol
Copy link

5obol commented Jan 16, 2017
edited by deric
Loading

Hey,
So now that we're using latest version of the module I've noticed that the keys are being purged on all servers during puppet run even if they're listed for the user.

Our settings are

accounts::user_defaults:
  purge_ssh_keys: true
Notice: /Stage[main]/Accounts/Accounts::User[test]/Ssh_authorized_key[Test User key_ssh-rsa]/ensure: removed

Info: Computing checksum on file /home/test/.ssh/authorized_keys
Info: /Stage[main]/Accounts/Accounts::User[test]/Accounts::Authorized_keys[test]/File[/home/test/.ssh/authorized_keys]: Filebucketed /home/test/.ssh/authorized_keys to main with sum d3e33f4c2fc8b750197a715f3b649e9a
Notice: /Stage[main]/Accounts/Accounts::User[test]/Accounts::Authorized_keys[test]/File[/home/test/.ssh/authorized_keys]/content:

Notice: /Stage[main]/Accounts/Accounts::User[test]/Accounts::Authorized_keys[test]/File[/home/test/.ssh/authorized_keys]/content: content changed '{md5}d3e33f4c2fc8b750197a715f3b649e9a' to '{md5}a6eeed6f2286f1cad1bcc273988b6717'
@deric
Copy link
Owner

deric commented Jan 16, 2017

I'm not sure if I follow what's the problem. How does the definition of test user look like?

@5obol
Copy link
Author

5obol commented Jan 16, 2017
edited by deric
Loading

Hey,
Basically on each agent run key is removed from user and then same one re-added.

My user definition is very standard ( key made invalid on purpouse ).

  test:
    ensure: 'present'
    uid: 500
    gid: 500
    comment: "Test User"
    ssh_keys:
      'Test User key': # an unique indentifier of a key
        type: "ssh-rsa"
        key: "AAAAB3NzaC1yc2EAAAADAQABAAACAQDGssf8Aj+Djthei8IHwiZaKkG8n5HcR8Zk87WE2ok4NYzOMr9cz22U8w03tuMPoXx6Jqmmrog1AuE5ixOzHybDRvj/phA4TYdnViX+IiR02CNJXqJV3utkECxDAImlM3E12VuESrO3P16+uhYug9sK18
aFtFzwaARgNKpQFUakk1K0CaC5zqE6lrkeqzYxmAr2zsdHxfFonIl/ZLVp53hc5xe99CIMjFAfYWEN/YM
6Xxn7BHoFtg7kDJMF48fUjGcOlt4aoog87FqgOGHaQBolQiuZvjRvDa89eBbSXb65bTA++MK7CpGhW6lDyUxZhQwumjPMDGfVwj8bWmqJyp3e5v5/gMjH4Sj3g82trV32CNdM1ahYW6R2VF/uEYbZo+WJ4Ybh7gq8SW73ZO3
7M0CgCv3yiLBLAHBLAHBLAHBLA"

@deric deric added the bug label Jan 16, 2017
@deric
Copy link
Owner

deric commented Jan 16, 2017

Looks like issue that was introduced in 1.5.2.

@5obol
Copy link
Author

5obol commented Jan 16, 2017

It worked fine before, so very likely.

@deric deric added this to the 1.6 milestone Jan 16, 2017
deric added a commit that referenced this issue Jan 16, 2017
@deric
use authorized_keys template only when necessary #70
182d363
@deric deric changed the title Puppet Listed ssh keys are purged Listed ssh keys are purged Jan 16, 2017
@deric
Copy link
Owner

deric commented Jan 16, 2017

Should be fixed in master branch:

Notice: /Stage[main]/Accounts/Accounts::User[test]/User[test]/ensure: created
Notice: /Stage[main]/Accounts/Accounts::User[test]/File[/home/test]/group: group changed 'test' to '500'
Notice: /Stage[main]/Accounts/Accounts::Group[test]/Group[test]/gid: gid changed '3001' to '500'
Notice: /Stage[main]/Accounts/Accounts::User[test]/Accounts::Authorized_keys[test]/File[/home/test/.ssh]/ensure: created
Notice: /Stage[main]/Accounts/Accounts::User[test]/Accounts::Authorized_keys[test]/Ssh_authorized_key[Test User key]/ensure: created
Notice: Applied catalog in 0.17 seconds

second run:

 /opt/puppetlabs/puppet/bin/puppet apply -e "class{'accounts':}"
Notice: Applied catalog in 0.07 seconds

@5obol
Copy link
Author

5obol commented Jan 16, 2017

Hey,
I think the build failed and change was not integrated.

@deric
Copy link
Owner

deric commented Jan 16, 2017

Travis build failed due to failure on Puppet 3.4, for newer version everything passes.

@deric deric mentioned this issue Feb 6, 2017
Closed
@sigv sigv mentioned this issue Apr 24, 2017
Closed
@deric
Copy link
Owner

deric commented May 19, 2017

Released in v1.5.3. Please reopen if the problem persists.

@deric deric closed this as completed May 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
1.6
Development

No branches or pull requests
2 participants
@deric @5obol