odd behavior of module 2.5.0

[vchepkov]

After upgrading to module 2.5.0 we experience an odd behavior of the sshkey resource.

Here is the code we use:

  unless empty($::sshdsakey) {
    @@sshkey { "${::certname}_dsa":
      host_aliases => [$::fqdn, $::hostname],
      type         => dsa,
      key          => $::sshdsakey,
      tag          => "sshkey_${::environment}"
    }
  }
  unless empty($::sshrsakey) {
    @@sshkey { "${::certname}_rsa":
      host_aliases => [$::fqdn, $::hostname],
      type         => rsa,
      key          => $::sshrsakey,
      tag          => "sshkey_${::environment}"
    }
  }
  resources { 'sshkey':
    purge    => true,
  }
Sshkey <<| tag == "sshkey_${::environment}" |>> -> File['/etc/ssh/ssh_known_hosts']

Each run now the catalog is 'changed':

... type changed 'ssh-dss AND ssh-rsa' to 'ssh-dss'
... key changed ...

I have tried to use ensure => hashed , but results were pretty much the same
Please advice.
Thanks

[raphink]

Since 2.5.0, the type is able to manage hashed entries. When using hashed entries, aliases are not kept on the same line as the main entry, but instead kept appart. When this happens, we still need to manage the type of the host_alias key (which is a property), but it can only be made to converge to a single value (in your case, either "ssh-rsa" OR "ssh-dss").

I think you might be able to fix this by not using host_aliases and creating a resource for each host alias instead.