Page MenuHomePhabricator

Jessie labs instance puppet run attempt to remove non empty /etc/ssh/userkeys/admin/.ssh
Closed, DuplicatePublic

Description

Spotted on a fresh Jessie labs instance, but most probably Precise and Trusty images are impacted as well. Some puppet manifest is faulty, each puppet run reports:

Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys ]: Not removing directory; use 'force' to override
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys ]/ensure: removed 
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public]: Not removing directory; use 'force' to override
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public]/ensure: removed 
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys]: Not removing directory; use 'force' to override
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys]/ensure: removed 
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys/admin]: Not removing directory; use 'force' to override
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys/admin]/ensure: removed 
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys/admin/.ssh]: Not removing directory; use 'force' to override
/Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/admin/.ssh/authorized_keys /public/keys/admin/.ssh]/ensure: removed

The first run having:

/Stage[main]/Passwords::Root/Ssh::Userkey[root]/File[/etc/ssh/userkeys/root]/mode: mode changed '0555' to '0444'

The file layout looks like:

# tree -a /etc/ssh/userkeys/
/etc/ssh/userkeys/
├── admin/
│   └── .ssh/
│       └── authorized_keys /
│           └── public/
│               └── keys/
│                   └── admin/
│                       └── .ssh/
└── root

Event Timeline

hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added projects: Cloud-VPS, Cloud-Services.
hashar added subscribers: hashar, Aklapper.

To remove the puppet notices, one can: rm -R /etc/ssh/userkeys/