Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8108

puppet device cannot create certs when run as root (4.10.x backport)

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Normal
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: PUP 4.10.10, PUP 5.3.4
          • Component/s: None
          • Labels:
          • Template:
          • Team:
            Platform Core
          • Sprint:
            Platform Core KANBAN
          • CS Priority:
            Normal
          • Release Notes:
            Bug Fix
          • Release Notes Summary:
            Hide
            `puppet device` unable to create certificates when run as root

            Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
            Show
            `puppet device` unable to create certificates when run as root Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
          • QA Risk Assessment:
            No Action

            Description

            Back port fix from 5.4.0 to 4.10.x

            broken – output of `puppet device --debug` when ran as root:

            info: Creating a new SSL key for 10.0.1.3
            		 
            err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem

            success – output of `puppet device --debug` when ran as a normal user:

            warning: peer certificate won't be verified in this SSL session
            		 
            info: Caching certificate for ca
            		 
            warning: peer certificate won't be verified in this SSL session
            		 
            warning: peer certificate won't be verified in this SSL session
            		 
            info: Creating a new SSL certificate request for 10.0.1.3
            		 
            info: Certificate Request fingerprint (md5): 6C:1C:4C:37:A7:1D:B3:6E:F3:94:25:67:55:27:89:4C
            		 
            warning: peer certificate won't be verified in this SSL session
            		 
            debug: Using cached certificate for ca
            		 
            warning: peer certificate won't be verified in this SSL session
            		 
            info: Caching certificate for 10.0.1.3

            Note, that you have to copy `/etc/puppetlabs/puppet/device.conf` to `~/.puppet/`

              Attachments

                Issue Links

                clones

                Bug - A problem which impairs or prevents the functions of the product. PUP-1391 puppet device cannot create certs when run as root

                • Normal - Regular issue, some loss of functionality under specific circumstances.
                • Closed
                supports

                Task - A task that needs to be done. PUP-8183 Update puppet device documentation for --user

                • Normal - Regular issue, some loss of functionality under specific circumstances.
                • Closed

                  Activity

                    jsd-sla-details-panel

                      People

                      • Assignee:
                        josh Josh Cooper
                        Reporter:
                        richard.sherman Rick Sherman
                      • Votes:
                        0 Vote for this issue
                        Watchers:
                        3 Start watching this issue

                        Dates

                        • Created:
                          Updated:
                          Resolved: