Puppet Version: 6.15.0 Puppet Server Version: 6.11.0 OS Name/Version: CentOS / Debian After updating the sshkeys_core module to 2.0.0 in our control repo, puppet is unable to purge sshkeys. We use the following configuration to export each host SSH keys and collect them on some of our nodes:
- in site.pp{{ resources { 'sshkey':}}{{ purge => true,}}{{ }}}
- on each node ($host_aliases is an array of the names of the node){{ @@sshkey { "sshdsakey-${host_aliases[0]}":}}{{ host_aliases => $host_aliases,}}
{{ type => 'ssh-dss',}} {{ key => $facts['ssh']['dsa']['key'],}} {{ }}}
- on some nodes{{ Sshkey <<| |>>}}
Downgrading to sshkeys_core 1.0.3 fix the issue. Desired Behavior: When a node is decomissioned, it's SSH key should be removed from the known_hosts file of the node collecting the ssh keys. Actual Behavior: Puppet says it removes the key, but it's not actually done. So the configuration never converge, at each run Puppet says it remove the key. |