-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh-auth becomes a chatty Cathy during test runs #5374
Comments
State file:
|
Please remember to use code blocks (using the triple backtick/grave) to make it more readable. =) And thanks for the report. |
I assume your complaint here is that it prints the keys? |
Yes, sorry if that's unclear. There are no changes that need to be made when the state is run, but it reports that the ssh keys will be changed. This has the unfortunate side effect of obscuring actual changes with very verbose lines of ssh pubkeys. |
So if we were to change it to something like |
In this context? I don't want to see anything at all about the ssh key, since it's a false positive. The ssh key is already in place, is already correct-- so why is Salt telling me that it's going to be updated in the "I'd change this" shade of yellow? Remember, the invocation was:
No changes were made to the states during that run. :-) |
Ohhhh, so if you leave off the test=True then it says no changes were made? Probably just an oversight in the test=True part of the state. We'll look into it. =) |
@KB1JWQ I was able to replicate this. So, salt seems to support leaving off the I'll look at it a little closer and see what I can find. It's possible that in those occasions where rsa (as opposed to ssh-rsa) is used as the enc parameter in the SLS, that salt is still editing the authorized_keys file when editing is not necessary. |
If 'rsa' or 'dss', etc. are used as the 'enc' value in ssh_auth.present states (rather than 'ssh-rsa' or 'ssh-dss'), the call to salt.modules.ssh.check_key() will fail, which causes ssh_auth.present states to mistakenly report the key as needing to be changed. This commit adds a call to salt.modules.ssh._refine_enc(), which normalizes the 'enc' param so that the call to ssh.check_key() does not fail. Fixes saltstack#5374.
If 'rsa' or 'dss', etc. are used as the 'enc' value in ssh_auth.present states (rather than 'ssh-rsa' or 'ssh-dss'), the call to salt.modules.ssh.check_key() will fail, which causes ssh_auth.present states to mistakenly report the key as needing to be changed. This commit adds a call to salt.modules.ssh._refine_enc(), which normalizes the 'enc' param so that the call to ssh.check_key() does not fail. Fixes #5374.
The text was updated successfully, but these errors were encountered: