Good afternoon!
I'm trying to get RBAC working on Solaris 11.2 for Puppet 3.4.1. Namely, I
need to be able to list and sign waiting certificates as a non-root user
(but with elevated RBAC permissions). No matter what happens, I can not
seem to get the @ca object that puppet/application/cert.rb uses to be
generated from /etc/puppet. It's always using my own home directory.
Tracing through the various classes and methods, I end up in
[463, 468] in
/usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/ssl/certificate_authority.rb
463 def waiting?
=> 464 Puppet::SSL::CertificateRequest.indirection.search("*").collect
{ |r| r.name }
465 end
<....>
[99, 108] in
/usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/indirector/ssl_file.rb
99 end
100
101 # Search for more than one file. At this point, it just returns
102 # an instance for every file in the directory.
103 def search(request)
=> 104 dir = collection_directory
105 Dir.entries(dir).
106 select { |file| file =~ /\.pem$/ }.
107 collect { |file| create_model(file.sub(/\.pem$/, ''),
File.join(dir, file)) }.
108 compact
(rdb:1) p collection_directory
"/home/dfisher/.puppet/ssl/ca/requests"
Where collection_directory is my home directory rather that the 'puppet'
user's (/etc/puppet)
If anybody has any ideas on what's going on, I'd love to hear them.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/276c8b73-eff2-4679-9914-3a805b403bf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
