Issue #17371 has been updated by Andreas Ntaflos.
Jeff, we use Foreman for provisioning of machines, and Foreman (or its smart proxy) needs to update autosign.conf for provisioning to work. The canonical way of letting Foreman do that was to set `mode = 0664` on autosign.conf and add the Foreman proxy user to the puppet group (`adduser foreman-proxy puppet`). This doesn't work at the moment, but we work around it by doing a `chown foreman-proxy /etc/puppet/autosign.conf`, so that the Foreman proxy user owns the file and can thus write to it. I suppose it is because of this bug the ownership does not get reset. So for us this is really more of an annoyance than a blocker, so long as the described workaround can be applied. ---------------------------------------- Bug #17371: Setting owner, group, mode for files specified in puppet.conf no longer seems to work https://projects.puppetlabs.com/issues/17371#change-76571 Author: Andreas Ntaflos Status: In Topic Branch Pending Review Priority: Normal Assignee: Dominic Cleal Category: settings Target version: 3.0.x Affected Puppet version: 3.0.0 Keywords: settings mode permissions run_mode Branch: https://github.com/puppetlabs/puppet/pull/1278 It seems that setting owner, group and mode for files in puppet.conf by using the following method, as explained in the configuration guide, no longer works in Puppet 3.0 (using Puppet 3.0.1 here on Ubuntu 12.04): /etc/puppet/puppet.conf: [master] ... autosign = /etc/puppet/autosign.conf { owner = puppet, group = puppet, mode = 0664 } The settings specified in the curly braces do not get applied to the file. Instead, after changing the mode manually (`chmod 0664 /etc/puppet/autosign.conf`) it is reset to 0644 after a request to the puppetmaster comes in. Interestingly it seems that when manually changing the owner of the file it stays changed, even after a request comes in that triggers the manually changed mode to be reset. And as nfagerlund observed on IRC it seems that specifying an owner keeps the mode setting from working. Setting a mode alone, i.e. `autosign = /etc/puppet/autosign.conf { mode = 0664 }` works. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
