Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8108

puppet device cannot create certs when run as root (4.10.x backport)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • PUP 4.10.10, PUP 5.3.4
    • None
    • Platform Core
    • Platform Core KANBAN
    • Normal
    • Bug Fix
    • Hide
      `puppet device` unable to create certificates when run as root

      Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
      Show
      `puppet device` unable to create certificates when run as root Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
    • No Action

    Description

      Back port fix from 5.4.0 to 4.10.x

      broken – output of `puppet device --debug` when ran as root:

      info: Creating a new SSL key for 10.0.1.3
      err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem
      

      success – output of `puppet device --debug` when ran as a normal user:

      warning: peer certificate won't be verified in this SSL session
      info: Caching certificate for ca
      warning: peer certificate won't be verified in this SSL session
      warning: peer certificate won't be verified in this SSL session
      info: Creating a new SSL certificate request for 10.0.1.3
      info: Certificate Request fingerprint (md5): 6C:1C:4C:37:A7:1D:B3:6E:F3:94:25:67:55:27:89:4C
      warning: peer certificate won't be verified in this SSL session
      debug: Using cached certificate for ca
      warning: peer certificate won't be verified in this SSL session
      info: Caching certificate for 10.0.1.3
      

      Note, that you have to copy `/etc/puppetlabs/puppet/device.conf` to `~/.puppet/`

      Attachments

        Issue Links

          Activity

            People

              josh Josh Cooper
              richard.sherman Rick Sherman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support