Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10510

sshkeys_core 2.0.0 cannot purge sshkey resources

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.17.0
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      NW - 2020-05-27, NW - 2020-06-10, NW - 2020-06-24
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Previously, resources with composite namevars could not be purged due to how resources were collected. This fix relies on the provider implementing a `title` method that returns the composite name of the resource.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.15.0
      Puppet Server Version: 6.11.0
      OS Name/Version: CentOS / Debian

      After updating the sshkeys_core module to 2.0.0 in our control repo, puppet is unable to purge sshkeys. We use the following configuration to export each host SSH keys and collect them on some of our nodes:

       # in site.pp
      resources { 'sshkey':
        purge => true
      }
      

      # on each node ($host_aliases is an array of the names of the node)
      @@sshkey { "sshdsakey-${host_aliases[0]}":
        host_aliases => $host_aliases,
        type => 'ssh-dss',
        key => $facts['ssh']['dsa']['key'],
      }
      

       # on some nodes
      Sshkey <<| |>>
      

      Downgrading to sshkeys_core 1.0.3 fix the issue.

      Desired Behavior:
      When a node is decomissioned, it's SSH key should be removed from the known_hosts file of the node collecting the ssh keys.

      Actual Behavior:
      Puppet says it removes the key, but it's not actually done. So the configuration never converge, at each run Puppet says it remove the key.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gabriel.nagy Gabriel Nagy
              Reporter:
              smortex Romain Tartière
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support