On 15.05.2010 02:41, Eric wrote:
Ok, I may got what went wrong. Since I'm using puppet in a ubuntu
distro, I installed it from repositories, which setup everything to
run with puppet user, including file permissions. But after installing
it, I only run the puppetmaster it with sudo and --no-daemonize to see
messages and stuff.
My guess that this prevented puppetmaster to properly access CA
files, and hence produced the error. From that point on I just make
everything worse by playing around with puppetca --clean --all. Could
that be it?
Anyway, since I'm just playing with it I thrown away the instances and
start from scratch. After installing it I just edit the autosign.conf
and did not run puppetmasterd by hand, running it as daemon, and
everything worked fine.
Since my goal is to learn puppet, I would like to ask for some help
from you guys with the following questions:
* The explanation abaove makes sense?
* Since puppetmasterd runs under puppet user account, and everything
located in /etc/puppet/* is by default setted for user root, should I
change permissions to make it work?
Thanks again for all the help. I also did not reply all answers
individually, but I have read them all and all referenced documents
(I'm doing my homework :)). Thanks all!!
Best regards
Puppet requires read access to /etc/puppet and write access
/var/lib/puppet (not going into details).
* the paths are like that if you installed by package manager (not sure
for source or gem how they are)
Certificates, are security sensitive data, and are created with owner
permissions only (at least the private part). It is recommended that you
keep them with owner permissions only, as it a security risk not to,
also some software might refuse to use them if they are not like that.
So you should always use certificates like that if you don't want odd
problems popping up. Now if certificates/dirs are created under the
wrong user puppet won't have access to them. The odd thing about this is
puppet switches to user puppet if it is runned as root. So either there
is a bug in puppet, where the certificates are created before changing
the user and/or environment or you ran puppet under your own user (I
remember having done something like this).
As others have stated, in most cases rm -rf /var/lib/puppet would
suffice. You may try to run puppetmaster with sudo -u [puppet] -i
puppetmasterd. Where [puppet] is the username under which the puppet
master should run.
Or sudo -i puppetmasterd (to allow puppet to change the user, and to
make sure there isn't any environment variable that could confuse puppet)
Silviu
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
