Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


type __ssh_authorized_keys fails for new user. #160

volfyd opened this Issue · 13 comments

5 participants

Leif Huhn Jason Staten Nico Schottelius Jake Guffey Arkaitz Jimenez
Leif Huhn

Hi. My init file has something like this in it:

require="__group/idontexistyet" __user idontexistyet \
--uid 5555 --gid 5555 --shell /bin/bash --comment "New Here,,,"
require="__user/idontexistyet" __directory /home/idontexistyet \
--group idontexistyet --owner idontexistyet --mode 0711

require="__directory/home/idontexistyet" __ssh_authorized_keys idontexistyet \
--key "ssh-dss stuff idontexistyet@idontexistyet-laptop"

and when I run cdist I get the following output:

INFO: localhost: Running global explorers
INFO: localhost: Running initial manifest /tmp/user/2166/tmp3nv6e9/out/conf/manifest/init
INFO: localhost: Running object manifests and type explorers
INFO: localhost: Running manifest and explorers for __ssh_authorized_keys/idontexistyet
Failed to get home directory from explorer.
ERROR: localhost: Command failed: /bin/sh -e /tmp/user/2166/tmp3nv6e9/out/conf/type/__ssh_authorized_keys/manifest
INFO: Total processing time for 1 host(s): 1.6351242065429688
ERROR: Failed to deploy to the following hosts: localhost

I was a little surprised. As a workaround I think I can use --file to specify the file. I think modifying cdist to work with the above configuration would require changing it to interleave the explorers and the code execution.

Jason Staten

Sounds related to #100.

Nico Schottelius

Yeah, explorers that depend on the execution of other types code are "broken", because the execution of all manifests and explorers happens before code execution. Usually we (the devs) say that explores should be smart enough to handle a non proper case - but we also see the limitations.

Your report thus opens up a new internal discussion, thanks for the pointer!

Nico Schottelius

And yes, #100 is related and may already be the fix - expect a patch sometime next week (and if it doesn't appear, nag us!)

Jason Staten

I'll be sure to nag, because it's a change I look forward to.

Jake Guffey

Any progress on this?

Jake Guffey


How is this issue coming along? Can I look forward to a patch in master this week?

Nico Schottelius
Jason Staten

That's great news to hear.

Jake Guffey


Just nagging because you said to. ;)

Jake Guffey

Hey, Nico:

It's been a couple weeks since I've seen any activity. How's it coming along?

Arkaitz Jimenez

Does this actually mean there is no way to setup a new server with users and authorized_keys?
Since it needs __user remote-execution to happen before the __ssh_authorized_keys explorers, it will never happen, not even executing it multiple times, since explorers of everything are always run before the executions.
This problem has to be affecting loads of other types. wherever there is a dependency that creates something that the explorers will find and manifests require.

Nico Schottelius

Please give the new version in the branch execution_order a try - it should solve the problem. Beware: It's not yet merged into master to give it a try before pushing out to the masses...

Nico Schottelius

Fixed in master branch.

Nico Schottelius telmich closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.