Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9814

pxp-agent.conf file missing Administrators rights when puppet agent run as SYSTEM

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: PUP 6.4.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      PR - 2019-07-23, NW - 2019-08-07
    • Method Found:
      Customer Feedback
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      When a Puppet Agent run is done using the SYSTEM account on Windows (using a scheduled task), files that are pulled from the master have the owner set as SYSTEM. This causes problems when subsequent Puppet Agent runs are done using the Administrator account, causing the runs to fail because of insufficient permissions.

      This fix sets the group of the PXP agent configuration file to be the root group on all supported operating systems.
      Show
      When a Puppet Agent run is done using the SYSTEM account on Windows (using a scheduled task), files that are pulled from the master have the owner set as SYSTEM. This causes problems when subsequent Puppet Agent runs are done using the Administrator account, causing the runs to fail because of insufficient permissions. This fix sets the group of the PXP agent configuration file to be the root group on all supported operating systems.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.4.2
      Puppet Server Version: N/A
      OS Name/Version: Windows Server 2016 x64

      This is a follow on issue from PUP-9719 to deal with the specific file pxp-agent.conf.

      Although the main work for PUP-9719 appears to correct the permissions/rights issue for the cache files additional work is needed to resolve the issue for C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf

      Desired Behavior:

      Puppet Agent should run without error under Administrator

      Actual Behavior:

      Running the Puppet Agent command as Administrator gives the following result

      PS C:\Users\Administrator> puppet agent -t
      Info: Using configured environment 'production'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Retrieving locales
      Info: Loading facts
      Info: Caching catalog for umtzu5243z6go5b.delivery.puppetlabs.net
      Info: Applying configuration version '1562236108'
      Error: /Stage[main]/Puppet_enterprise::Pxp_agent/File[C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf]: Could not evaluate: Could not read file C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf: Permission denied @ rb_sysope
      - C:/ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf
      Notice: /Stage[main]/Puppet_enterprise::Pxp_agent::Service/Service[pxp-agent]: Dependency File[C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf] has failures: true
      Warning: /Stage[main]/Puppet_enterprise::Pxp_agent::Service/Service[pxp-agent]: Skipping because of failed dependencies
      Notice: Applied catalog in 0.19 seconds
      PS C:\Users\Administrator> puppet agent -t
      Info: Using configured environment 'production'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Retrieving locales
      Info: Loading facts
      Info: Caching catalog for umtzu5243z6go5b.delivery.puppetlabs.net
      Info: Applying configuration version '1562236108'
      Notice: Applied catalog in 0.19 seconds
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gabriel.nagy Gabriel Nagy
              Reporter:
              john.oconnor John O'Connor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support