The files '/etc/puppetlabs/puppet/ssl/private_keys/hostname.pem' and
'/etc/puppetlabs/puppetdb/ssl/private.pem' seem to be linked to each other
somehow.
Not symlinked or hardlinked (which can have different owner/permission) but
something else I can't figure out.
Changing the ownership or mode
EDIT: Do NOT use the previously provided workaround. For reasons I DO NOT
currently understand, it's also changing the ownership of the private key
located in ''/etc/puppetlabs/puppet/ssl/private_keys/*pem"
Not sure what to do next - downgrade? File a bug report?
On Tuesday, February 2, 2021
Here is a workaround for anyone else affected by the same issue, noting the
caveat is it will apply on every run -
class profile::puppetdb inherits puppetdb {
contain puppetdb
contain puppetdb::master::config
file {
$ssl_dir:
ensure => directory,
owner => $puppetdb_user,
Trying to fix the problem with "chattr +i *pem" results in Puppet breaking
fairly spectacularly, output:
```
Error: Failed to set owner to '998': Operation not permitted @ apply2files
- /etc/puppetlabs/puppet/ssl/certs/puppetserver1.domain.example.pem
Error: