Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8108

puppet device cannot create certs when run as root (4.10.x backport)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.10.10, PUP 5.3.4
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Platform Core
    • Sprint:
      Platform Core KANBAN
    • CS Priority:
      Normal
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      `puppet device` unable to create certificates when run as root

      Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
      Show
      `puppet device` unable to create certificates when run as root Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
    • QA Risk Assessment:
      No Action

      Description

      Back port fix from 5.4.0 to 4.10.x

      broken – output of `puppet device --debug` when ran as root:

      info: Creating a new SSL key for 10.0.1.3
      err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem
      

      success – output of `puppet device --debug` when ran as a normal user:

      warning: peer certificate won't be verified in this SSL session
      info: Caching certificate for ca
      warning: peer certificate won't be verified in this SSL session
      warning: peer certificate won't be verified in this SSL session
      info: Creating a new SSL certificate request for 10.0.1.3
      info: Certificate Request fingerprint (md5): 6C:1C:4C:37:A7:1D:B3:6E:F3:94:25:67:55:27:89:4C
      warning: peer certificate won't be verified in this SSL session
      debug: Using cached certificate for ca
      warning: peer certificate won't be verified in this SSL session
      info: Caching certificate for 10.0.1.3
      

      Note, that you have to copy `/etc/puppetlabs/puppet/device.conf` to `~/.puppet/`

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  josh Josh Cooper
                  Reporter:
                  richard.sherman Rick Sherman
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: