type __ssh_authorized_keys fails for new user. #273
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#273
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Created by: volfyd
Hi. My init file has something like this in it:
require="__group/idontexistyet" __user idontexistyet
--uid 5555 --gid 5555 --shell /bin/bash --comment "New Here,,,"
require="__user/idontexistyet" __directory /home/idontexistyet
--group idontexistyet --owner idontexistyet --mode 0711
require="__directory/home/idontexistyet" __ssh_authorized_keys idontexistyet
--key "ssh-dss stuff idontexistyet@idontexistyet-laptop"
and when I run cdist I get the following output:
INFO: localhost: Running global explorers
INFO: localhost: Running initial manifest /tmp/user/2166/tmp3nv6e9/out/conf/manifest/init
INFO: localhost: Running object manifests and type explorers
INFO: localhost: Running manifest and explorers for __ssh_authorized_keys/idontexistyet
Failed to get home directory from explorer.
ERROR: localhost: Command failed: /bin/sh -e /tmp/user/2166/tmp3nv6e9/out/conf/type/__ssh_authorized_keys/manifest
INFO: Total processing time for 1 host(s): 1.6351242065429688
ERROR: Failed to deploy to the following hosts: localhost
I was a little surprised. As a workaround I think I can use --file to specify the file. I think modifying cdist to work with the above configuration would require changing it to interleave the explorers and the code execution.
Created by: telmich
Fixed in master branch.
Created by: telmich
Please give the new version in the branch execution_order a try - it should solve the problem. Beware: It's not yet merged into master to give it a try before pushing out to the masses...
Created by: arkaitzj
Does this actually mean there is no way to setup a new server with users and authorized_keys?
Since it needs __user remote-execution to happen before the __ssh_authorized_keys explorers, it will never happen, not even executing it multiple times, since explorers of everything are always run before the executions.
This problem has to be affecting loads of other types. wherever there is a dependency that creates something that the explorers will find and manifests require.
Created by: jdguffey
Hey, Nico:
It's been a couple weeks since I've seen any activity. How's it coming along?
Created by: jdguffey
Anything?
Just nagging because you said to. ;)
Created by: statianzo
That's great news to hear.
Created by: telmich
Looking into this tomorrow - expect progress ~mid of week!
Cheers,
Nico
Jake Guffey [Mon, Mar 04, 2013 at 07:05:51AM -0800]:
PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0
Created by: jdguffey
??
How is this issue coming along? Can I look forward to a patch in master this week?
Created by: jdguffey
Any progress on this?
Created by: statianzo
I'll be sure to nag, because it's a change I look forward to.
Created by: telmich
And yes, #100 is related and may already be the fix - expect a patch sometime next week (and if it doesn't appear, nag us!)
Created by: telmich
Yeah, explorers that depend on the execution of other types code are "broken", because the execution of all manifests and explorers happens before code execution. Usually we (the devs) say that explores should be smart enough to handle a non proper case - but we also see the limitations.
Your report thus opens up a new internal discussion, thanks for the pointer!
Created by: statianzo
Sounds related to #100.