Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8108

puppet device cannot create certs when run as root (4.10.x backport)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.10.10, PUP 5.3.4
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Platform Core
    • Sprint:
      Platform Core KANBAN
    • CS Priority:
      Normal
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      `puppet device` unable to create certificates when run as root

      Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
      Show
      `puppet device` unable to create certificates when run as root Previous versions of Puppet required that `--user=root` be passed to `puppet device` when creating certificates, even if the command was being executed by root. This issue has been resolved, and no longer requires the flag.
    • QA Risk Assessment:
      No Action

      Description

      Back port fix from 5.4.0 to 4.10.x

      broken – output of `puppet device --debug` when ran as root:

      info: Creating a new SSL key for 10.0.1.3
      		 
      err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/10.0.1.3/ssl/private_keys/10.0.1.3.pem

      success – output of `puppet device --debug` when ran as a normal user:

      warning: peer certificate won't be verified in this SSL session
      		 
      info: Caching certificate for ca
      		 
      warning: peer certificate won't be verified in this SSL session
      		 
      warning: peer certificate won't be verified in this SSL session
      		 
      info: Creating a new SSL certificate request for 10.0.1.3
      		 
      info: Certificate Request fingerprint (md5): 6C:1C:4C:37:A7:1D:B3:6E:F3:94:25:67:55:27:89:4C
      		 
      warning: peer certificate won't be verified in this SSL session
      		 
      debug: Using cached certificate for ca
      		 
      warning: peer certificate won't be verified in this SSL session
      		 
      info: Caching certificate for 10.0.1.3

      Note, that you have to copy `/etc/puppetlabs/puppet/device.conf` to `~/.puppet/`

        Attachments

          Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. PUP-1391 puppet device cannot create certs when run as root

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          supports

          Task - A task that needs to be done. PUP-8183 Update puppet device documentation for --user

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              richard.sherman Rick Sherman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support