oxypwn
commented
10 years ago You hove to specify ensure for each key to make it work.
Open dsnyder0pc opened 11 years ago
oxypwn
commented
10 years ago You hove to specify ensure for each key to make it work.
noemif
commented
10 years ago Hi,
I had the same problem. My solution was to add another if condition to the second part of the setup.pp manifest, line 34:
the original line below:
if($hash[$name]['ssh_authorized_keys']) {becomes:
if ($hash[$name]['ssh_authorized_keys']) and ($hash[$name]['ensure'] != 'absent') {so that puppet only attempts to process ssh keys if the user is not set to ensure => absent.
Of course you can still specify ensure => absent for individual keys if you want them removed but do not want to remove the user.
Otherwise great module, simple and useful - thanks :-)
When I change "ensure: present" to "ensure: absent" for one of my users, I see that Puppet removes the user, but the puppet-users extension then errors out when trying to process the removed users's SSH authorized_keys file:
Notice: /User[bmcmillan]/ensure: removed Error: /Stage[main]/Common/Users[sysadmins]/Users::Setup[test_user]/Users::Ssh_authorized_keys[test_user@example.com]/Ssh_authorized_key[test_user-test_user@example.com]: Could not evaluate: No such file or directory - /home/test_user/.ssh/authorized_keys
Please let me know if this is just unique to my setup or if you see the same thing. Be sure to test with a user that actually has an authorized_keys file.
The workaround for me seems to be to comment out the "ssh_authorized_keys:" section in hiera, but it would be nice if I didn't have to do so. It probably does not make sense for the module to attempt to manage keys for a user that has been purged. Thanks.