I am working on an inherited system and trying to diagnose an issue with ssh access to particular a VM. The machine is managed by puppet/foreman, is receiving updates, and producing reports on Foreman. However, our usual SSH is blocked by the host, the information for the login accounts is from a separate LDAP account.
Many of our VM's are able to configure and login fine, but I believe an issue somewhere within our puppet/foreman application is treating this machine differently.
I have tried to inspect the system to find difference and then evaluate the Gitlab Puppet and Foreman Puppet ENC, OS installation and networking. There is many subtle difference between some of the machines but rectifying these has not fixed the login issue. The one method that did aleviate the restrictions was to remove the firewall and PAM access, however, this is not ideal.
Investigating on the machine I can see the output from puppet resource group shell is different on this VM to others. We get a group that is present, but only contains RKE, on every other VM we get our list of members. Why would this resource be different for this VM, How can I fix this to be consistent(puppet agent -t does not fix it), and what else could be causing the login restrictions?
The final solution for this ended up being to remove the groups already existing on the VMs. This allowed puppet to apply the groups it was managing and align with the expected SSH behaviour.