It seems the puppet agent, when invoked by the service or manually, is
resetting the permissions on the files in the puppetdb ssldir
(/etc/puppetlabs/puppetdb/ssl/*.pem) from puppetdb:puppetdb to
puppet:puppet AND the mode on the
mode on the 'private.pem' file to 0640, which means the next
Just to pile on. If you want the content updated whenever the package is
updated and you are managing the package with puppet you can "subscribe" to
the package resource to have the file resource only applied when the
package changes.
On Fri, Jan 29, 2021 at 11:47 AM Ben Ford wrote:
> I do have
