The r10k_known_hosts parameter doesn't update the key type in the known_hosts file #62
Description
Describe the Bug
The puppet_enterprise::profile::master::r10k_known_hosts parameter is used to define the contents of the pe-puppet user's known_hosts file. When this file is initially created, the key type for each host accurately reflects the key type defined in the r10k_known_hosts parameter. When the values of key and type are modified, only the value for key is updated in the known_hosts file. The type value remains unchanged, meaning the key is defined incorrectly and as a result code deployment fails. Manually removing the known_hosts file on the server causes the file to be regenerated with the correct values.
Expected Behavior
The key is written to /opt/puppetlabs/server/data/puppetserver/.ssh/known_hosts with the type defined in the r10k_known_hosts parameter. The known_hosts file should be updated to reflect the value of the r10k_known_hosts parameter when it is changed.
Steps to Reproduce
- Rename or remove the existing known_hosts file to observe that it is initially created with the expected content:
mv /opt/puppetlabs/server/data/puppetserver/.ssh/known_hosts /opt/puppetlabs/server/data/puppetserver/.ssh/known_hosts.bak - Follow the instructions from the documentation to define host keys using the r10k_known_hosts parameter. For example:
[{"name":"foo","type":"ssh-rsa","key":"abc123"},{"name":"bar","type":"ssh-rsa","key":"def456"}] - Run the puppet agent on the PE server. If the file does not exist then it will be created with the expected values:
foo ssh-rsa abc123
bar ssh-rsa def456
- Modify the r10k_known_hosts parameter:
[{"name":"foo","type":"ssh-ed25519","key":"xyz789"}] - Run the puppet agent on the PE server. In the known_hosts file, the "foo" key is defined with the incorrect type:
foo ssh-rsa xyz789
bar ssh-rsa def456
Environment
- PE 2023.8.0
- Ubuntu 22.04
Additional Context
As a workaround, the key type can be set correctly by manually editing the known_hosts file.