Issue #17497 has been updated by Gary Richards.
This bug still exists in puppet 3.2.1
I was lucky enough to have the original certificate files available for the
device that I wanted to configure.
I was able to put those into the locations in which puppet mysteriously gets
permission denied from, but my root user can write to (I run puppet as root..
so I can't see why puppet has a problem but I don't?). And then puppet device
worked fine.
I tried a number of things to fix puppet prior to just dumping the old certs in
place. Firstly I assumed that some oddity with file permissions was causing the
problem, so I hacked :privatekeydir and :confdir in defaults.rb to create the
directories with 0777 perms. But I still got the same problem.
Next I traced back through the code from the stacktrace and got as far as the
writesub method in settings.rb.
I got as far as this chunk of code before I gave up trying to work out what the
line after my commented out raise seems to be the one raising the exception
we're seeing.
# Update the umask to make non-executable files
Puppet::Util.withumask(File.umask ^ 0111) do
#raise "blah: file: #{file}, args: #{args}"
File.open(file, *args) do |file|
yield file
end
end
FWIW, with my raise uncommented, args prints w511, file is simply whichever
file puppet is complaining about it's getting permission denied for.
----------------------------------------
Bug #17497: puppet device cannot create certs when run as root
https://projects.puppetlabs.com/issues/17497#change-93669
* Author: Garrett Honeycutt
* Status: Unreviewed
* Priority: Normal
* Assignee:
* Category:
* Target version:
* Affected Puppet version:
* Keywords: cisco, device, certs
* Branch:
----------------------------------------
broken -- output of `puppet device --debug` when ran as root:
<pre>
info: Creating a new SSL key for 10.0.1.3
err: Could not request certificate: Could not write
/var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem to
privatekeydir: Permission denied -
/var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem
</pre>
success -- output of `puppet device --debug` when ran as a normal user:
<pre>
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for 10.0.1.3
info: Certificate Request fingerprint (md5):
6C:1C:4C:37:A7:1D:B3:6E:F3:94:25:67:55:27:89:4C
warning: peer certificate won't be verified in this SSL session
debug: Using cached certificate for ca
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for 10.0.1.3
</pre>
Note, that you have to copy `/etc/puppetlabs/puppet/device.conf` to `~/.puppet/`
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
