Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh-key declaration with same key name #3

Open
tabletick opened this issue Aug 20, 2013 · 8 comments
Open

ssh-key declaration with same key name #3

tabletick opened this issue Aug 20, 2013 · 8 comments

Comments

@tabletick
Copy link

Hi,

when declaring two users with the same key name, an error is returned

users_maintenance:
  user1:
    ensure: present
    uid: 398        
    groups: 
    comment: User 1
    managehome: true
    ssh_authorized_keys:
      rundeck-key:
        type: 'ssh-rsa'
        mykey:  'key-data'
  user2:
    ensure: present
    uid: 399
    groups:
    comment: User 2
    managehome: true
    ssh_authorized_keys:
      automate-key:
        type: 'ssh-rsa'
        mykey: 'key-data'

Error:

    Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Users::Ssh_authorized_keys[mykey] is already declared in file [...]/manifests/setup.pp at line 42; cannot redeclare on node localhost.localdomain

Changing this to different names for the keys fixes the issue. But since this isn't pointed out in the documentation, I wonder if this is on purpose.

@mthibaut
Copy link
Owner

Hi,

Key names need to be unique, because they are setup in puppet using the "ssh_authorized_key" resource. And all resources need a unique name. I guess I could name the keys using the user and the key name, which would ensure that the resource name is unique.

So yes this is on purpose, but not necessarily a good idea. For now, please keep using different names until I get a chance to fix this and update the documentation...

maarten

On 20 Aug 2013, at 15:06, tabletick notifications@github.com wrote:

Hi,

when declaring two users with the same key name, an error is returned

users_maintenance:
user1:
ensure: present
uid: 398
groups:
comment: User 1
managehome: true
ssh_authorized_keys:
rundeck-key:
type: 'ssh-rsa'
mykey: 'key-data'
user2:
ensure: present
uid: 399
groups:
comment: User 2
managehome: true
ssh_authorized_keys:
automate-key:
type: 'ssh-rsa'
mykey: 'key-data'
Error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Users::Ssh_authorized_keys[mykey] is already declared in file [...]/manifests/setup.pp at line 42; cannot redeclare on node localhost.localdomain

Changing this to different names for the keys fixes the issue. But since this isn't pointed out in the documentation, I wonder if this is on purpose.


Reply to this email directly or view it on GitHub.

@tabletick
Copy link
Author

Hi,

I thought you've already done that: When you configured `key1= 'foofoo', I end up with

~/.ssh/authorized_keys
foofoo key1-key1key

I'm not sure why the module produces key1-key1key. From what I could quickly see was that you've used the username as well, therefore I got puzzled when you've mentioned you haven't done that yet.
Changing the keynames to something unique works so far.

@mthibaut
Copy link
Owner

Ah yes so that's why I did that ;). I guess I could make the resource unique by using this mechanism and still use the key name provided by the user. This would cause less confusion perhaps?

On 22 Aug 2013, at 15:58, tabletick notifications@github.com wrote:

Hi,

I thought you've already done that: When you configured `key1= 'foofoo', I end up with

~/.ssh/authorized_keys
foofoo key1-key1key
I'm not sure why the module produces key1-key1key. From what I could quickly see was that you've used the username as well, therefore I got puzzled when you've mentioned you haven't done that yet.
Changing the keynames to something unique works so far.


Reply to this email directly or view it on GitHub.

@tabletick
Copy link
Author

Yes, I guess so. Alternatively you could mention it in your documentation. I guess that's why I made the mistake of choosing the same keyname in the first place.

@noemif
Copy link

noemif commented May 23, 2014

I guess I could make the resource unique by using this mechanism and still use the key name provided by the user.

Definitely better :-) I needed that for our setup, having the module use the resource name as the key name was too restrictive. I modified the ssh_authorized_keys.pp manifest, adding the line below to the ssh_authorized_keys resource definition:

name     => $hash[$name]['name'],

and in my hiera file added the 'name' parameter:

    users_sysadmins:
        john:
            ensure: present
            uid: 1000
            gid: staff
            groups: - wheel
            comment: John Doe
            managehome: true
            ssh_authorized_keys:
                    mykey:
                            name: 'some_key_name'
                            type: 'ssh-rsa'
                            key:  'mykeydata=='

This way you can deploy the same key to more than one user, with the same key name (i.e. key comment in authorized_keys file).

@luis-alen
Copy link

Forgive my ignorance as I'm just starting with puppet and I've been trying to use the module without success :(

I have the same issue (deploy the same key to different users) and I think that the key should always be unique, since the resource name includes both the user and the key name in ssh_authorized_keys.pp:

ssh_authorized_key { "${user}-${name}" :
...
}

However, it seems to me that the problem is actually not with the resource 'ssh_authorized_key' but with 'users::ssh_authorized_keys' in setup.pp and I'm unable to make it work. I tried the suggestion given by @noemif but it didn't work too. I guess there's more somewhere. I'm sure I'm missing something...

Duplicate declaration: Users::Ssh_authorized_keys[luis.alen] is already declared in file /etc/puppet/modules/users/manifests/setup.pp:42; cannot redeclare at /etc/puppet/modules/users/manifests/setup.pp:42

This is how my yaml looks like now (I've tried it in different ways though. Different values for the key 'name', without the key 'name' and so on... The only thing that actually worked was changing the key name to something unique):

users_admins:
  adm:    
    ensure: present
    comment: Admin
    uid: 45001
    managehome: true
    ssh_authorized_keys:
      luis.alen:
        name: 'luis.alen'
        ensure: present
        type: 'ssh-rsa'
        key:  'mykeydata=='

users_developers:
  dev:
    ensure: present
    uid: 45000
    comment: Developer
    managehome: true
    ssh_authorized_keys:
      luis.alen:
        name: 'luis.alen'
        ensure: present        
        type: 'ssh-rsa'
        key:  'mykeydata=='

@noemif, was the ssh_authorized_keys resource definition all you changed to make it work?

@gtmtech
Copy link

gtmtech commented Mar 26, 2015

+1 for fixing this

@law
Copy link

law commented Dec 30, 2015

+1, running into this same issue as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants