Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1175

Puppet ssh_authorized_keys fails on one account if key with same name exists in another account

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:

      Description

      Hello,

      I have been trying to debug this very strange error:

      err: /Stage[main]/Accounts::Human::Sshkeys/Ssh_authorized_key[jgoerzen@wile]: Could not evaluate: No such file or directory - /home/jgoerzen/.ssh/authorized_keys

      I observed that it went away if I changed the name "jgoerzen@wile" to "jgoerzen@wile2" in my Puppet .pp files.

      This is a "virtual" resource (defined with an @) that is, of course, realized. This bug is a bit finicky and sometimes doesn't present itself; it seems to be less likely to present itself if used without being virtual.

      I completely rebuilt the Puppet client node multiple times trying to track this down. Here's what seems to be the cause:

      • Puppet is creating the jgoerzen user directly, and ssh_authorized_keys is creating the single entry jgoerzen@wile for that account.
      • Puppet also manages root's authorized_keys file. Puppet has been configured to add two entries to it, unrelated to jgoerzen@wile.
      • Before installing Puppet, /root/.ssh/authorized_keys already contained an entry for jgoerzen@wile. Puppet contained no instructions for what to do with this entry and left it in root's authorized_keys file.
      • This appears to have caused a great deal of confusion. If I rename this entry in root's authorized_keys file (again, outside Puppet, since Puppet wasn't putting it there), then jgoerzen's authorized_keys file is created as appropriate.

      I could make the error go away by manually creating ~jgoerzen/.ssh and ~jgoerzen/.ssh/authorized_keys, but even if I did that, Puppet still wasn't putting the key in it.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              redmine.exporter redmine.exporter
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support