Bug #2487

ssh_authorized_key ignores metaparameter require

Added by Michael van Slingerland almost 3 years ago. Updated almost 3 years ago.

Status:Closed Start date:08/03/2009
Priority:Normal Due date:
Assignee:- % Done:

0%
Category:ssh
Target version:-
Affected Puppet version:0.24.8 Branch:
Keywords:
Votes: 0

Description

Hi,

The type ssh_authorized_key ignores the metaparameter “require”.

example config:

node default {
    include nagios
}

class nagios { 
        user { "nagios":
                ensure => present,
                home => "/home/nagios",
                managehome => true,
                shell => "/bin/ksh",
        }
        ssh_authorized_key { "Nagios Authorized Key":
                ensure => present,
                key => "xxxxxxx",
                user => "nagios",
                type => "rsa",
                require => User["nagios"],
        }
}

output from puppetmasterd:

# puppetmasterd --trace --verbose --debug --no-daemonize 
info: Starting server for Puppet version 0.24.8
debug: Creating default schedules
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: /Settings[top]/Settings[main]/File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[main]/File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[main]/File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[reporting]/File[/var/puppet/reports]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[main]/File[/var/puppet/run]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[main]/File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /Settings[top]/Settings[metrics]/File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
debug: Finishing transaction -971415158 with 0 changes
debug: Creating default schedules
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/private_keys/nfsserver.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/public_keys/nfsserver.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/certs/nfsserver.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/puppet/ssl/ca]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/etc/puppet/ssl/ca/private]
debug: /Settings[top]/Settings[ca]/File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/puppet/ssl/ca]
debug: Finishing transaction -972058558 with 0 changes
debug: Creating default schedules
debug: Finishing transaction -972247488 with 0 changes
debug: No file server configuration file; autocreating modules mount with default permissions
debug: No file server configuration file; autocreating plugins mount with default permissions
debug: Creating interpreter
debug: Creating default schedules
debug: /Settings[top]/Settings[puppetmasterd]/File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/puppet/manifests]
debug: Finishing transaction -972461248 with 0 changes
debug: Creating default schedules
debug: /Settings[top]/Settings[puppetmasterd]/File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/puppet/manifests]
debug: Finishing transaction -971377828 with 0 changes
debug: Creating default schedules
debug: /Settings[top]/Settings[puppetmasterd]/File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/puppet/manifests]
debug: Finishing transaction -971698828 with 0 changes
info: Listening on port 8140
notice: Starting Puppet server version 0.24.8
debug: Overriding 10.0.0.3 with cert name nfsclient.my.domain
debug: Allowing authenticated client nfsclient.my.domain(10.0.0.3) access to puppetmaster.getconfig
debug: Our client is remote
info: Expiring the node cache of nfsclient.my.domain
info: Not using expired node for nfsclient.my.domain from cache; expired at Mon Aug 03 21:21:44 +0200 2009
info: Caching node for nfsclient.my.domain
notice: Compiled catalog for nfsclient.my.domain in 0.07 seconds
^Cnotice: Caught INT; shutting down
debug: Signal caught here:
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet/external/event-loop/event-loop.rb:127:in `call'
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet/external/event-loop/event-loop.rb:127:in `select'
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet/external/event-loop/event-loop.rb:127:in `select'
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet/external/event-loop/event-loop.rb:116:in `iterate'
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet/external/event-loop/event-loop.rb:107:in `run'
debug: /usr/local/lib/ruby/site_ruby/1.8/puppet.rb:320:in `start'
debug: /usr/local/bin/puppetmasterd:285
notice: Shutting down

output from puppetd

# puppetd --trace --debug --verbose --no-daemonize 
debug: Creating default schedules
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /Settings[top]/Settings[main]/File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/certs/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/public_keys/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /Settings[top]/Settings[puppetd]/File[/var/puppet/state/classes.txt]: Autorequiring File[/var/puppet/state]
debug: /Settings[top]/Settings[main]/File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/csr_nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl]
debug: /Settings[top]/Settings[main]/File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[main]/File[/var/puppet/run]: Autorequiring File[/var/puppet]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/private_keys/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /Settings[top]/Settings[ssl]/File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /Settings[top]/Settings[main]/File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: Finishing transaction -972903618 with 0 changes
notice: Starting Puppet client version 0.24.8
debug: Retrieved facts in 1.00 seconds
debug: Retrieving catalog
debug: Calling puppetmaster.getconfig
debug: Retrieved catalog in 0.67 seconds
err: Could not create Nagios Authorized Key: user nagios doesn't exist
/usr/local/lib/ruby/site_ruby/1.8/puppet/type/ssh_authorized_key.rb:43:in `expand_path'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type/ssh_authorized_key.rb:43:in `should'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type.rb:560:in `should'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type/ssh_authorized_key.rb:80:in `validate'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type.rb:2367:in `initialize'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type.rb:1129:in `new'
/usr/local/lib/ruby/site_ruby/1.8/puppet/type.rb:1129:in `create'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:91:in `to_type'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:198:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:195:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:204:in `call'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:204:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:195:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:204:in `call'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:204:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:126:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:195:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:210:in `call'
/usr/local/lib/ruby/site_ruby/1.8/puppet/transportable.rb:210:in `to_catalog'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:172:in `getconfig'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:245:in `run'
/usr/local/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark'
/usr/local/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/local/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/local/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:244:in `run'
/usr/local/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:237:in `run'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client.rb:136:in `runnow'
/usr/local/lib/ruby/site_ruby/1.8/puppet/network/client.rb:187:in `start'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:293:in `start'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:144:in `newthread'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:143:in `initialize'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:143:in `new'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:143:in `newthread'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:291:in `start'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:290:in `each'
/usr/local/lib/ruby/site_ruby/1.8/puppet.rb:290:in `start'
/usr/local/bin/puppetd:437
warning: Configuration could not be instantiated: user nagios doesn't exist

As you can see depency is not created, and user nagios is not created. using “require” with other types like file work fine.

Cheers, Michael

History

#1
Updated by Michael van Slingerland almost 3 years ago

facter version is

facter —version

1.5.6

os:

uname -a

OpenBSD nfsclient.my.domain 4.4 GENERIC#1021 i386

#2
Updated by James Turnbull almost 3 years ago

  • Category set to ssh
  • Status changed from Unreviewed to Needs Decision
  • Assignee set to Luke Kanies

I don’t see how this is happening? Luke?

#3
Updated by Luke Kanies almost 3 years ago

  • Status changed from Needs Decision to Accepted
  • Assignee deleted (Luke Kanies)

It’s not a problem with ‘require’, it’s a problem with when the validation is happening – it’s checking that the user exists before the transaction runs.

I could swear a ton of work was done on this for 0.25, but I can’t see it specifically.

Can you test with 0.25rc1?

#4
Updated by Michael van Slingerland almost 3 years ago

Good news 0.25rc1 solves the issue

So I guess the ticket can be closed.

Thanks, Mike

puppetd -v -d —trace —no-daemonize

debug: Failed to load library ‘ldap’ for feature ‘ldap’ debug: Failed to load library ‘shadow’ for feature ‘libshadow’ debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/private_keys/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/puppet/state] debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/puppet/state] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/public_keys/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/public_keys] debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/state] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/certs/nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/csr_nfsclient.my.domain.pem]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] debug: Finishing transaction 1048490560 with 0 changes debug: Using cached certificate for ca debug: Using cached certificate for nfsclient.my.domain notice: Starting Puppet client version 0.25.0 debug: Loaded state in 0.01 seconds debug: Using cached certificate for ca debug: Using cached certificate for nfsclient.my.domain debug: Using cached certificate_revocation_list for ca debug: Format s not supported for Puppet::Resource::Catalog; has not implemented method ‘from_s’ debug: Puppet::Network::Format[json]: false value when expecting true info: Caching catalog for nfsclient.my.domain debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderNetinfo: file nireport does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Loaded state in 0.00 seconds debug: Prefetching parsed resources for ssh_authorized_key debug: The required user is not yet present on the system debug: //nagios/Ssh_authorized_key[Nagios Authorized Key]/require: requires User[nagios] info: Applying configuration version ‘1249491404’ debug: //nagios/User[nagios]: Changing ensure debug: //nagios/User[nagios]: 1 change(s) debug: Usernagios: Executing ‘/usr/sbin/useradd -s /bin/ksh -d /home/nagios -m nagios’ notice: //nagios/User[nagios]/ensure: created debug: //nagios/Ssh_authorized_key[Nagios Authorized Key]: Changing ensure debug: //nagios/Ssh_authorized_key[Nagios Authorized Key]: 1 change(s) notice: //nagios/Ssh_authorized_key[Nagios Authorized Key]/ensure: created debug: Flushing ssh_authorized_key provider target /home/nagios/.ssh/authorized_keys debug: Finishing transaction -972126068 with 0 changes debug: Finishing transaction -972072258 with 2 changes debug: Storing state debug: Stored state in 0.03 seconds notice: Finished catalog run in 1.20 seconds

#5
Updated by Luke Kanies almost 3 years ago

  • Status changed from Accepted to Closed

Also available in: Atom PDF