Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7613

Resource Type sshkey doesn't allow the declaration of multiple SSH host keys for one host

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: sshkeys_core
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      NW - 2020-03-04, NW - 2020-03-17
    • Zendesk Ticket IDs:
      35920
    • Zendesk Ticket Count:
      1
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Allow definition of two or more ssh host keys of different types for the same host

      Description

      If you try to declare a RSA ssh host key and a DSA ssh host key for the same host like this:

      sshkey {
            "${trusted['certname']}_DSA_KEY":
              ensure       => $ensure,
              name         => $trusted['certname'],
              host_aliases => [$trusted['hostname']],
              key          => "XXXX",
              type         => 'ssh-dss',
      }
      sshkey {
            "${trusted['certname']}_RSA_KEY":
              ensure       => $ensure,
              name         => $trusted['certname'],
              host_aliases => [$trusted['hostname']],
              key          => "YYYY",
              type         => 'ssh-rsa',
      }
      

      You end up with a duplicated resource since the 'name' attribute must be unique.

      If you declare your resource like this :

      sshkey {
            "${trusted['certname']}_DSA_KEY":
              ensure       => $ensure,
              host_aliases => [$trusted['certname'], $trusted['hostname']],
              key          => "XXXX",
              type         => 'ssh-dss',
      }
      sshkey {
            "${trusted['certname']}_RSA_KEY":
              ensure       => $ensure,
              host_aliases => [$trusted['certname'], $trusted['hostname']],
              key          => "YYYY",
              type         => 'ssh-rsa',
      }
      

      I works but the resource title (the default 'name' attribute value) ends up as a host alias... Not great.

      Possible solution : Add a new attribute 'hostname' (to store "The host name that the key is associated with" - then the 'name' will no longer be the host name) or use the current 'host_aliases' attributes to store the host name and its aliases.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ciprian.badescu Ciprian Badescu
              Reporter:
              FredL Frédéric Lespez
              Votes:
              8 Vote for this issue
              Watchers:
              13 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support