type __ssh_authorized_keys fails for new user. #160

volfyd opened this Issue Feb 12, 2013 · 13 comments


None yet

5 participants

volfyd commented Feb 12, 2013

Hi. My init file has something like this in it:

require="__group/idontexistyet" __user idontexistyet
--uid 5555 --gid 5555 --shell /bin/bash --comment "New Here,,,"
require="__user/idontexistyet" __directory /home/idontexistyet
--group idontexistyet --owner idontexistyet --mode 0711

require="__directory/home/idontexistyet" __ssh_authorized_keys idontexistyet
--key "ssh-dss stuff idontexistyet@idontexistyet-laptop"

and when I run cdist I get the following output:

INFO: localhost: Running global explorers
INFO: localhost: Running initial manifest /tmp/user/2166/tmp3nv6e9/out/conf/manifest/init
INFO: localhost: Running object manifests and type explorers
INFO: localhost: Running manifest and explorers for __ssh_authorized_keys/idontexistyet
Failed to get home directory from explorer.
ERROR: localhost: Command failed: /bin/sh -e /tmp/user/2166/tmp3nv6e9/out/conf/type/__ssh_authorized_keys/manifest
INFO: Total processing time for 1 host(s): 1.6351242065429688
ERROR: Failed to deploy to the following hosts: localhost

I was a little surprised. As a workaround I think I can use --file to specify the file. I think modifying cdist to work with the above configuration would require changing it to interleave the explorers and the code execution.


Sounds related to #100.

telmich commented Feb 21, 2013

Yeah, explorers that depend on the execution of other types code are "broken", because the execution of all manifests and explorers happens before code execution. Usually we (the devs) say that explores should be smart enough to handle a non proper case - but we also see the limitations.

Your report thus opens up a new internal discussion, thanks for the pointer!

telmich commented Feb 21, 2013

And yes, #100 is related and may already be the fix - expect a patch sometime next week (and if it doesn't appear, nag us!)


I'll be sure to nag, because it's a change I look forward to.


Any progress on this?

jdguffey commented Mar 4, 2013


How is this issue coming along? Can I look forward to a patch in master this week?

telmich commented Mar 4, 2013

Looking into this tomorrow - expect progress ~mid of week!



Jake Guffey [Mon, Mar 04, 2013 at 07:05:51AM -0800]:


How is this issue coming along? Can I look forward to a patch in master this week?

Reply to this email directly or view it on GitHub:
#160 (comment)

PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0


That's great news to hear.

jdguffey commented Mar 8, 2013


Just nagging because you said to. ;)


Hey, Nico:

It's been a couple weeks since I've seen any activity. How's it coming along?


Does this actually mean there is no way to setup a new server with users and authorized_keys?
Since it needs __user remote-execution to happen before the __ssh_authorized_keys explorers, it will never happen, not even executing it multiple times, since explorers of everything are always run before the executions.
This problem has to be affecting loads of other types. wherever there is a dependency that creates something that the explorers will find and manifests require.

telmich commented Apr 30, 2013

Please give the new version in the branch execution_order a try - it should solve the problem. Beware: It's not yet merged into master to give it a try before pushing out to the masses...

telmich commented May 27, 2013

Fixed in master branch.

@telmich telmich closed this May 27, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment