ssh_authorized_key errors in RHEL6
619 views
Skip to first unread message
Kubes
Apr 2, 2013, 10:44:04 AM4/2/13
to puppet...@googlegroups.com
I am using puppet to manage ssh keys, it works fine all but one system, which its a true RHEL6 (vs CentOS and Amazon distos) (Puppet 3.1.1). Not sure even sure where to look to troubleshoot the issue. I have disabled selinux for testing too. Any suggestions would be greatly appreciated.
Here is the manifest snipplet
Using viurtal user and heria
$user = hiera($title,nil,"${environment}/user")
ssh_authorized_key { $title:
ensure => 'present',
type => 'ssh-rsa',
key => $user['sshkey'],
user => $title,
require => User[$title],
name => "${title}@myvbo.net",
}
And the errors from the puppet run.
Puppet (err): Puppet::Util::FileType::FileTypeFlat could not write /home/jsmith/.ssh/authorized_keys: cannot generate tempfile `/puppet20130331-3128-n19xxm-9'
Tue Apr 02 12:42:33 +0000 2013 /Stage[main]/User::Users/User::Virtual[jsmith]/Ssh_authorized_key[elondon] (err): Could not evaluate: Puppet::Util::FileType::FileTypeFlat could not write /home/jsmith/.ssh/authorized_keys: cannot generate tempfile `/puppet20130402-3219-n91x6m-9'
Joshua Hoblitt
Apr 2, 2013, 12:06:52 PM4/2/13
to puppet...@googlegroups.com, Kubes
Hello,
On 04/02/2013 07:44 AM, Kubes wrote:
> cannot generate tempfile `/puppet20130331-3128-n19xxm-9'
I suspect this is the crux of your issue. Is there a /tmp on that
system and is it world writable? Have you declared $TMPDIR? What does
the puppet.conf look like on that system? Does `mktemp` work as
expected? Eg.
$ mktemp
/tmp/tmp.7rj9E3NgP1
$ ls -la /tmp/tmp.7rj9E3NgP1
-rw------- 1 jhoblitt users 0 Apr 2 09:04 /tmp/tmp.7rj9E3NgP1
-Josh
--
On 04/02/2013 07:44 AM, Kubes wrote:
> cannot generate tempfile `/puppet20130331-3128-n19xxm-9'
I suspect this is the crux of your issue. Is there a /tmp on that
system and is it world writable? Have you declared $TMPDIR? What does
the puppet.conf look like on that system? Does `mktemp` work as
expected? Eg.
$ mktemp
/tmp/tmp.7rj9E3NgP1
$ ls -la /tmp/tmp.7rj9E3NgP1
-rw------- 1 jhoblitt users 0 Apr 2 09:04 /tmp/tmp.7rj9E3NgP1
-Josh
--
Kubes
Apr 2, 2013, 7:41:50 PM4/2/13
to puppet...@googlegroups.com, Kubes
Thanks Josh
chmoding 777 /tmp fixed the issue.
mktemp worked fine as root, not as a user, until chmod. Does puppet sudo for sshkeys, etc? puppet is running as root.
Keith Burdis
Apr 3, 2013, 5:03:07 AM4/3/13
to puppet-users
The permissions of /tmp should be 1777 so that all users can create files but the sticky bit is set. Setting the sticky bit ensures that files and directories under /tmp can only be renamed or deleted by the user that owns them.
- Keith
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages