What happens when ensure is set to "absent"?

[dsnyder0pc]

When I change "ensure: present" to "ensure: absent" for one of my users, I see that Puppet removes the user, but the puppet-users extension then errors out when trying to process the removed users's SSH authorized_keys file:

Notice: /User[bmcmillan]/ensure: removed
Error: /Stage[main]/Common/Users[sysadmins]/Users::Setup[test_user]/Users::Ssh_authorized_keys[test_user@example.com]/Ssh_authorized_key[test_user-test_user@example.com]: Could not evaluate: No such file or directory - /home/test_user/.ssh/authorized_keys

Please let me know if this is just unique to my setup or if you see the same thing. Be sure to test with a user that actually has an authorized_keys file.

The workaround for me seems to be to comment out the "ssh_authorized_keys:" section in hiera, but it would be nice if I didn't have to do so. It probably does not make sense for the module to attempt to manage keys for a user that has been purged. Thanks.

[pr0xr]

You hove to specify ensure for each key to make it work.

[noemif]

Hi,

I had the same problem. My solution was to add another if condition to the second part of the setup.pp manifest, line 34:

the original line below:

if($hash[$name]['ssh_authorized_keys']) {

becomes:

if ($hash[$name]['ssh_authorized_keys']) and ($hash[$name]['ensure'] != 'absent') {

so that puppet only attempts to process ssh keys if the user is not set to ensure => absent.

Of course you can still specify ensure => absent for individual keys if you want them removed but do not want to remove the user.

Otherwise great module, simple and useful - thanks :-)