On 03/07/2016 10:03 PM, Thomas Raehalme wrote: > Hi! > > I have setup certificates for Puppet as described here: > http://www.freeipa.org/page/Using_IPA's_CA_for_Puppet > > Unfortunately SELinux is giving me hard time when invoking "ipa-getcert > request" to generate the private/public key for the Puppet agent > (permission denied when trying to write the key pair to > /var/lib/puppet/ssl). > > Disabling SELinux temporarily solves the issue, but the same problem > reappears when renewing the certificate (ipa-getcert reports status > NEED_CERTSAVE_PERMS for the request). > > What would be the proper way to enable the necessary permissions on SELinux? > > Best regards, > Thomas
Hi Thomas, Just for the record, I moved the page to http://www.freeipa.org/page/Howto/Using_IPA%27s_CA_for_Puppet and linked it from http://www.freeipa.org/page/HowTos#Certificates I see there was a similar page in the past, now claimed as rather outdated: http://jcape.name/2012/01/16/using-the-freeipa-pki-with-puppet/ -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
