-
Notifications
You must be signed in to change notification settings - Fork 1.9k
"authorized_key" re-orders the keys and comments in the pre-existing authorized_keys file #4780
Comments
@ansible ping, this issue is waiting for your response. |
bot_broke What Information is missing? I provided all I know and also all the fields required according to the bot help. |
The bot would mark the issue needs info if it were waiting on you. In this case the ball is in ansible's court and the bot is pinging the whole org to respond Sent from my iPhone
|
Is this the wrong place for this ticket? Is this a dead project? What is the expected time until someone is at least responding? Other tickets wait since more the a month.... |
@ansible, ping. This issue is still waiting on your response. |
1 similar comment
@ansible, ping. This issue is still waiting on your response. |
I am waiting too !!! |
As a workaround you should be able to use lineinfile instead of authorized_keys... The present authorized_keys code treats the file something like a database of records and so it doesn't preserve order. I'll take a look to see if there's an easy way to enhance it or not. |
Track the ordering of keys in the original file (rank) and try to preserve it when writing out updates. Fixes ansible#4780
In the current pr (#5339), it does that afaict. However, it ignores comments in the 'key' argument passed to the module. Since the existing module can get a newline separated string with multiple key lines in it, the module just ignores comments lines in the new key info. That seems reasonable, but I am not sure what expectations are. ie,
and new key
I have no idea what the resulting file should look like, aside from having the two keys in the new ordering in it. So the module just ignores the incoming comments. I am okay with that. |
* Make authorized_key preserve key order Track the ordering of keys in the original file (rank) and try to preserve it when writing out updates. Fixes #4780
OK, I dont really get it. Is it fixed with this commit? Can you tell me in which version or maybe even when it will be available? |
It's merged to devel/ branch (the future 2.3) currently. It is not currently backported to stable-2.2/ (the future 2.2 release). Is the buggy reordering in 2.1 breaking things? If it is generating invalid authorized_keys files? |
* Make authorized_key preserve key order Track the ordering of keys in the original file (rank) and try to preserve it when writing out updates. Fixes ansible#4780
It is not technically generating invalid files. Logically it is creating invalid files as the comments do not appear where they should. As the comments are not technically used for anything from ssh daemon, they are, strictly technically speaking, working. The fact that comments stay in exactly the line they where before but the keys are reordered, causes keys and comments not to match up anymore. This causes chaos which can only manually be solved - depending on the amount of keys - with a lot of manual work. |
* Make authorized_key preserve key order Track the ordering of keys in the original file (rank) and try to preserve it when writing out updates. Fixes ansible#4780
Primarily for behavior related to ansible/ansible-modules-core#4780
Track the ordering of keys in the original file (rank) and try to preserve it when writing out updates. Fixes ansible#4780
ISSUE TYPE
COMPONENT NAME
system/authorized_key
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Managing from: LinuxMint
Managing: CentOS 6
SUMMARY
authorized_key is re-ordering the lines in a pre-existing authorized_keys file. This causes comments and the related lines to be re-ordered.
STEPS TO REPRODUCE
The managed host (B) should have a authorized_keys file containing multiple keys and comments. Example could look like this:
After adding a key from another host (A) to the host (B) using the "authorized_key" task, below the pre-existing authorized_keys file as shown above is completely reordered.
EXPECTED RESULTS
As shown in the example, it would be expected to see the added key (in the example "joe") at the end of the file keeping the pre-existing lines unchanged.
ACTUAL RESULTS
The result of the reordering might look like this containing the added key for "joe". The exact reason and ordering is not known at this point as of such the following example is just an example.
The text was updated successfully, but these errors were encountered: