Ask Your Question

sshkey exported resources collecting

asked 2015-02-24 04:52:50 -0500

PorkCharSui gravatar image

updated 2015-04-16 04:48:27 -0500

I am having trouble with one of the first modules I ever made. The one where you use exported resources to sync ssh host keys between all machines.

class ssh_host_keys {
  file { '/etc/ssh/ssh_known_hosts':
    ensure => file,
    owner  => root,
    group  => root,
    mode   => '0644',
    before => Sshkey[ "${::fqdn}_rsa", "${::fqdn}_dsa" ],
  @@sshkey { "${::fqdn}_rsa":
    ensure       => present,
    key          => $::sshrsakey,
    type         => rsa,
  @@sshkey { "${::fqdn}_dsa":
    ensure       => present,
    key          => $::sshdsakey,
    type         => dsa,
  Sshkey <<| |>>

I hadn't used it in a while, but wanted to start using it again. When I enable it now I get a lot of error messages like these (I replaced fqdn w\ *):

Notice: /Stage[main]/Ssh_host_keys/Sshkey[*_dsa]/ensure: created
Debug: Flushing sshkey provider target /etc/ssh/ssh_known_hosts
Error: /Stage[main]/Ssh_host_keys/Sshkey[*_dsa]: Could not evaluate: Field 'key' is required
Notice: /Stage[main]/Ssh_host_keys/Sshkey[*_rsa]/ensure: created
Debug: Flushing sshkey provider target /etc/ssh/ssh_known_hosts
Error: /Stage[main]/Ssh_host_keys/Sshkey[*_rsa]: Could not evaluate: Field 'key' is required

I've tried removing all ssh host key entries from the DB and on the first run I don't get any errors, but on a second run it starts complaining like above. If it was only 1 or 2 messages I might have been able to live with it, but when it does this for 500+ hosts it becomes really annoying. A lot of our machines only turn on intermittently and I suspect it has something to do with that, but I'm not sure. Has anyone else had this problem? What can I do?


Was digging through log files to remove 'deprecated' messages and other unwanted messages when I discovered this in the puppetdb log:

2015-03-10 13:30:13,359 WARN  [o.a.a.b.BrokerService] Store limit is 10240 mb, whilst the data directory: /var/lib/puppetdb/mq/localhost/KahaDB only has 1897 mb of usable space
2015-03-10 13:30:13,359 ERROR [o.a.a.b.BrokerService] Temporary Store limit is 5120 mb, whilst the temporary data directory: /var/lib/puppetdb/mq/localhost/tmp_storage only has 1897 mb of usable space

Puppetdb was trying to get more space then there was available, so I extended the LVM with a new HDD and now the above error is gone from puppetdb.log. After removing 1 of the keys which was giving me an error, directly from the db, all other host seem to be working now!? Could the problem have been puppetdb's lack of space? That would suggest puppet keeps trying to stuff things into the db while there isn't any space and only partially succeeds in some cases.


Came in today to find puppetdb had crashed yesterday afternoon. The last things in the logs, postgresql-9.4-main.log:

2015-03-10 14:00:26 CET LOG:  received fast shutdown request
2015-03-10 14:00:26 CET LOG:  aborting any active transactions
2015-03-10 14:00:26 CET LOG:  autovacuum launcher shutting down
2015-03-10 14:00:26 CET LOG:  shutting down
2015-03-10 14:00:34 CET LOG:  database system ...
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-02-24 22:23:44 -0500

GregLarkin gravatar image

Can you share the redacted contents of your authorized_keys file? In particular, check if any of them have blank lines in them that were present before Puppet began managing them. That can cause this particular error message.

edit flag offensive delete link more


Lost you there... What authorized_keys file? I'm not trying to manage user keys. I just want to make sure none of our host get the Man In The Middle message when using SSH.