On Fri, Aug 29, 2014 at 4:03 PM, Paul Chernoch <[email protected]> wrote:
> The node is a Windows 2008R2 box.
> I am attempting to fetch files from Team Foundation Server using an exec
> resource and the command line program TF.EXE.
> When I process the catalog using the regularly scheduled puppet run, it
> completes successfully.
> When I use "Live Management" > "Control Puppet" > "runonce" I get errors.
> I do not fill in any parameters in the dialog.
> In the puppet log, I see this message repeated for each file I try to
> fetch:
>
> TF30063: You are not authorized to access http://
> <OUR-WEBSITE-NAME>.com:8080/tfs/<OUR-COLLECTION-NAME>.
>
>
> This seems to indicate that TF.EXE authentication prevented the operation.
> My initial runs relied upon the currently-logged-in-user's credentials. We
> gave proper rights to the user account assigned to puppet and this used to
> work before some recent changes.
> I decided to hardcode my personal user name and password to see if that
> would work.
> It continues to work for the regularly scheduled agent run, and continues
> to fail for the "runonce" run.
>
Run once user is likely determined by the MCO service user and not the
Puppet Agent service user. Please ensure you also add that user to the
authorized list.
>
> Here is an example of a command that my EXEC resource is trying to execute:
>
> TF.exe view /collection:http://<OUR-TFS-HOST>.com:8080/tfs/PhoenixCollection
> /output:c:\phx_deployer\staging\phoenix\2.60.1.87\PaymentPlan.Services.Web.zip
> $\ReleasePackages\PhoenixReleasePackages\PaymentPlan.Services.Web.zip
> /login:<MY-USERNAME>,<MY-PASSWORD> /version:L2.60.1.87
>
> The exec resource of course sets the current directory to be the location
> of TF.EXE and its DLLs.
> Here is the flavor of the exec resource:
>
> exec { "tf view ${filename} /version:${versionspec}":
> command => $tfview_cmd,
> path => $exec_path,
> cwd => $tf_dir_unix,
> onlyif => $tfhistory_cmd,
> require => Class['tfview::tfcomponents']
> }
>
> The *onlyif *command invokes a ruby script that itself calls TF.EXE
> HISTORY to see if the file has changed in TFS and needs to be checked out
> again. That script is coded so that if an exception is thrown by TF.EXE, it
> will return zero, and indicate that TF VIEW must be called to fetch a new
> copy of the file.
>
> Any ideas?
>
> Paul Chernoch
> Lead Software Engineer
> EF Education First
> Cambridge, MA
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/93762f3f-53cd-4431-928d-5c281418af9f%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/93762f3f-53cd-4431-928d-5c281418af9f%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September
20-24 in San Francisco*
*Register by September 8th to take advantage of the Final Countdown
<https://www.eventbrite.com/e/puppetconf-2014-tickets-7666774529?discount=FinalCountdown>
*
*--**save $149!*
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4Kck%3DJQ4SWcbr_6bBUs9LkGEg4ux8iKQsdpAt7MMRqgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
