type __ssh_authorized_keys fails for new user. #273

New Issue

Closed

opened 2021-11-20 15:23:05 +00:00 by ungleich-gitea · 13 comments

ungleich-gitea commented 2021-11-20 15:23:05 +00:00

Owner

Copy Link

Created by: volfyd

Hi. My init file has something like this in it:

require="__group/idontexistyet" __user idontexistyet
--uid 5555 --gid 5555 --shell /bin/bash --comment "New Here,,,"
require="__user/idontexistyet" __directory /home/idontexistyet
--group idontexistyet --owner idontexistyet --mode 0711

require="__directory/home/idontexistyet" __ssh_authorized_keys idontexistyet
--key "ssh-dss stuff idontexistyet@idontexistyet-laptop"

and when I run cdist I get the following output:

INFO: localhost: Running global explorers
INFO: localhost: Running initial manifest /tmp/user/2166/tmp3nv6e9/out/conf/manifest/init
INFO: localhost: Running object manifests and type explorers
INFO: localhost: Running manifest and explorers for __ssh_authorized_keys/idontexistyet
Failed to get home directory from explorer.
ERROR: localhost: Command failed: /bin/sh -e /tmp/user/2166/tmp3nv6e9/out/conf/type/__ssh_authorized_keys/manifest
INFO: Total processing time for 1 host(s): 1.6351242065429688
ERROR: Failed to deploy to the following hosts: localhost

I was a little surprised. As a workaround I think I can use --file to specify the file. I think modifying cdist to work with the above configuration would require changing it to interleave the explorers and the code execution.

*Created by: volfyd* Hi. My init file has something like this in it: require="__group/idontexistyet" __user idontexistyet \ --uid 5555 --gid 5555 --shell /bin/bash --comment "New Here,,," require="__user/idontexistyet" __directory /home/idontexistyet \ --group idontexistyet --owner idontexistyet --mode 0711 require="__directory/home/idontexistyet" __ssh_authorized_keys idontexistyet \ --key "ssh-dss stuff idontexistyet@idontexistyet-laptop" and when I run cdist I get the following output: INFO: localhost: Running global explorers INFO: localhost: Running initial manifest /tmp/user/2166/tmp3nv6e9/out/conf/manifest/init INFO: localhost: Running object manifests and type explorers INFO: localhost: Running manifest and explorers for __ssh_authorized_keys/idontexistyet Failed to get home directory from explorer. ERROR: localhost: Command failed: /bin/sh -e /tmp/user/2166/tmp3nv6e9/out/conf/type/__ssh_authorized_keys/manifest INFO: Total processing time for 1 host(s): 1.6351242065429688 ERROR: Failed to deploy to the following hosts: localhost I was a little surprised. As a workaround I think I can use --file to specify the file. I think modifying cdist to work with the above configuration would require changing it to interleave the explorers and the code execution.

ungleich-gitea closed this issue 2021-11-20 15:23:05 +00:00

ungleich-gitea commented 2021-11-20 15:51:13 +00:00

Author

Owner

Copy Link

Created by: telmich

Fixed in master branch.

*Created by: telmich* Fixed in master branch.

ungleich-gitea commented 2021-11-20 15:51:15 +00:00

Author

Owner

Copy Link

Created by: telmich

Please give the new version in the branch execution_order a try - it should solve the problem. Beware: It's not yet merged into master to give it a try before pushing out to the masses...

*Created by: telmich* Please give the new version in the branch execution_order a try - it should solve the problem. Beware: It's not yet merged into master to give it a try before pushing out to the masses...

ungleich-gitea commented 2021-11-20 15:51:16 +00:00

Author

Owner

Copy Link

Created by: arkaitzj

Does this actually mean there is no way to setup a new server with users and authorized_keys?
Since it needs __user remote-execution to happen before the __ssh_authorized_keys explorers, it will never happen, not even executing it multiple times, since explorers of everything are always run before the executions.
This problem has to be affecting loads of other types. wherever there is a dependency that creates something that the explorers will find and manifests require.

*Created by: arkaitzj* Does this actually mean there is no way to setup a new server with users and authorized_keys? Since it needs __user remote-execution to happen before the __ssh_authorized_keys explorers, it will never happen, not even executing it multiple times, since explorers of everything are always run before the executions. This problem has to be affecting loads of other types. wherever there is a dependency that creates something that the explorers will find and manifests require.

ungleich-gitea commented 2021-11-20 15:51:17 +00:00

Author

Owner

Copy Link

Created by: jdguffey

Hey, Nico:

It's been a couple weeks since I've seen any activity. How's it coming along?

*Created by: jdguffey* Hey, Nico: It's been a couple weeks since I've seen any activity. How's it coming along?

ungleich-gitea commented 2021-11-20 15:51:19 +00:00

Author

Owner

Copy Link

Created by: jdguffey

Anything?

Just nagging because you said to. ;)

*Created by: jdguffey* Anything? Just nagging because you said to. ;)

ungleich-gitea commented 2021-11-20 15:51:20 +00:00

Author

Owner

Copy Link

Created by: statianzo

That's great news to hear.

*Created by: statianzo* That's great news to hear.

ungleich-gitea commented 2021-11-20 15:51:21 +00:00

Author

Owner

Copy Link

Created by: telmich

Looking into this tomorrow - expect progress ~mid of week!

Cheers,

Nico

Jake Guffey [Mon, Mar 04, 2013 at 07:05:51AM -0800]:

??

How is this issue coming along? Can I look forward to a patch in master this week?

---

Reply to this email directly or view it on GitHub:
https://github.com/telmich/cdist/issues/160#issuecomment-14384832

PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0

*Created by: telmich* Looking into this tomorrow - expect progress ~mid of week! Cheers, Nico Jake Guffey [Mon, Mar 04, 2013 at 07:05:51AM -0800]: > ?? > > How is this issue coming along? Can I look forward to a patch in master this week? > > --- > > Reply to this email directly or view it on GitHub: > https://github.com/telmich/cdist/issues/160#issuecomment-14384832 ## PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0

ungleich-gitea commented 2021-11-20 15:51:23 +00:00

Author

Owner

Copy Link

Created by: jdguffey

??

How is this issue coming along? Can I look forward to a patch in master this week?

*Created by: jdguffey* ?? How is this issue coming along? Can I look forward to a patch in master this week?

ungleich-gitea commented 2021-11-20 15:51:24 +00:00

Author

Owner

Copy Link

Created by: jdguffey

Any progress on this?

*Created by: jdguffey* Any progress on this?

ungleich-gitea commented 2021-11-20 15:51:33 +00:00

Author

Owner

Copy Link

Created by: statianzo

I'll be sure to nag, because it's a change I look forward to.

*Created by: statianzo* I'll be sure to nag, because it's a change I look forward to.

ungleich-gitea commented 2021-11-20 15:51:35 +00:00

Author

Owner

Copy Link

Created by: telmich

And yes, #100 is related and may already be the fix - expect a patch sometime next week (and if it doesn't appear, nag us!)

*Created by: telmich* And yes, #100 is related and may already be the fix - expect a patch sometime next week (and if it doesn't appear, nag us!)

ungleich-gitea commented 2021-11-20 15:51:36 +00:00

Author

Owner

Copy Link

Created by: telmich

Yeah, explorers that depend on the execution of other types code are "broken", because the execution of all manifests and explorers happens before code execution. Usually we (the devs) say that explores should be smart enough to handle a non proper case - but we also see the limitations.

Your report thus opens up a new internal discussion, thanks for the pointer!

*Created by: telmich* Yeah, explorers that depend on the execution of other types code are "broken", because the execution of all manifests and explorers happens before code execution. Usually we (the devs) say that explores should be smart enough to handle a non proper case - but we also see the limitations. Your report thus opens up a new internal discussion, thanks for the pointer!

ungleich-gitea commented 2021-11-20 15:51:37 +00:00

Author

Owner

Copy Link

Created by: statianzo

Sounds related to #100.

*Created by: statianzo* Sounds related to #100.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

7.0

6.9

py3.10

ander/__package_apt_update_index

haproxy-dualstack

ander/__sed

beta

ander/os_version_debian_sid

evilham-compatibility-fixes

ander/__rsync

__snakeoil_cert

ander/update_readme

__download_improvements

feature/onchange

cleanup/string-formatting

feature/type-relationship-graph

cleanup/ssh-auth-keys-types

__letsencrypt_cert-fix-hooks

bugfix/preos-debug

bugfix/in-script-import

6.8

bugfix/sphinx-docs-build

6.7

cherry-pick-2f433a14

bugfix/make-code-consistent

6.6

regain-py3.2-support

6.5

bugfix/multiple-log-lines

matterbridge

coturn

alpinefix

matrix

new-type/network-interface

feature/process

6.4

feature/info-command

feature/libexec

6.3

preos-plugins-dir-opt

gitlab-ci

6.2

order-dep-fix

6.1

6.0

build/support-pip-from-git

feature/shell-lib

5.1

feature/support-type-deprecation

5.0

feature/python-types

4.11

4.10

shellcheck

4.9

4.8

freebsd-improvements

new-prometheus

key_value-onchange

feature/output_streams

AnotherKamila-patch-1

__letsencrypt_cert-fixes

letsencrypt-cron-fix

4.7

newtype-__letsencrypt_cert

os_explorer_devuan_fix

prometheus-exporter-fixes

daemontools-for-fbsd

type-prometheus-exporter-from-master

prometheus-more-fixes

4.6

4.5

fix-j

steven-backport

4.4

prometheus-fixes

grafana_dashboard

prometheus

daemontools

consul_improvements

feature/trigger

4.3

4.0-pre-not-stable

4.2

4.1

4.0

feature_install_and_preos

3.1

no-dot-cdist

random_dot_cdist

feature_yum_url

feature_files_export

3.0

2.3

2.2

2.1

ssh_callback

2.0

archive_shell_function_approach

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

7.0.0

6.9.8

6.9.7

6.9.6

6.9.5

6.9.4

6.9.3

6.9.2

6.9.1

6.9.0

6.8.0

6.7.0

6.6.0

6.5.6

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.0

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.11.1

4.11.0

4.10.11

4.10.10

4.10.9

4.10.8

4.10.7

4.10.6

4.10.5

4.10.4

4.10.3

4.10.2

4.10.1

4.10.0

4.9.1

4.9.0

4.8.4

4.8.3

4.8.2

4.8.1

4.8.0

4.7.3

4.7.2

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.4

4.4.3

4.4.2

4.4.1

4.4.0

4.3.2

4.3.1

4.3.0

4.2.2

4.2.1

4.2.0

4.1.0

4.0.0

3.1.13

tn1

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

4.0.0pre3

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

4.0.0pre2

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

4.0.0pre1

3.0.2

3.0.1

3.0.0

2.3.7

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.2

2.1.1

2.1.0

2.1.0pre8

2.1.0pre7

2.1.0pre6

2.0.15

2.1.0pre5

2.1.0pre4

2.1.0pre3

2.1.0pre2

2.1.0pre1

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bugfix

  

cleanup

  

discussion

  

documentation

  

doing

  

done

  

feature

  

improvement

  

packaging

  

Stale

  

testing

  

TODO

No Label

bugfix

cleanup

discussion

documentation

doing

done

feature

improvement

packaging

Stale

testing

TODO

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#273

No description provided.