I'm in the process of setting up puppet and experiencing some issues.
I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've
installed puppet master (2.6.4) and puppet (2.6.4). The puppet master
and agent are happily working together.
I'm running the example in the book Pro Puppet. This is the first
example;
Code:
class sudo {
package { sudo:
ensure => present,
}
if $operatingsystem == "Ubuntu" {
package { "sudo-ldap":
ensure => present,
require => Package["sudo"],
}
}
file { "/etc/sudoers":
owner => "root",
group => "root",
mode => 0440,
source => "puppet://$puppetserver/modules/sudo/etc/sudoers",
require => Package["sudo"],
}
}
On the agent I run the following command;
puppet agent --server=<myserver> --no-daemonize --verbose --onetime
The agent see's the change but I get an error;
info: Caching catalog for <agentServer>
info: Applying configuration version '123456789'
err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged
to present
failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--
force-confold
install sudo-ldap' returned 100: E: Could not open lock file /var/lib/
dpkg/lock
- open (13: Permission denied)
E: Unable to lick the administration directory (/var/lib/dpkg/), are
you root?
I don't have another package manager open.
I understand what the problem is. The agent is being run as the
current logged in user and that user doesn't have permission to run
apt-get. Generally to run apt-get i have to do sudo apt-get.
I've thought about modifying the sudoers file and adding nopasswd for
my user (as suggested in other posts) for apt-get but that doesn't
solve the problem since the command in the puppet agent is not run
with sudo.
I understand if I run the puppet agent as a daemon then it runs as
user root which I guess would solve the problem. I'm not sure it's
best to run the agent as a daemon. I might want to control when the
agent pulls the updates from the puppet master (or through cron).
If I run;
sudo puppet agent --server=<myserver> --no-daemonize --verbose --
onetime
I get a different error;
err: Could not request certificate: Retrieved certificate does not
match private
key; please remove certificate from server and regenerate it with the
current key
I've tried removing the ssl certs from both the puppet master and
agent and run the command again. I get the same problem. When I remove
the sudo from the start of the command the puppet agent is happy with
the cert.
I though about adding my user to the root group as a test. Even when I
do that if I run apt-get update manually a permission denied. I
wondered if this has something to do with the root user being disabled
by default on Ubuntu.
I'm a novice when it comes to these sorts of things. Has anyone got
this working or have any suggestions of how I might solve this issue?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
