Page MenuHomeMiraheze

Puppet errors on servers caused by permission changes on puppet1 (puppet-users)
Closed, ResolvedPublic

Description

As revi has recently become a puppet-user, he tried to commit a private key, only that did not work, so I tried changing the permission for /home/puppet-users/ssl-keys. That worked, but after, he could not push to /etc/puppet/ssl-keys, so I changed the permission for that.
Then, puppet started failing with the following error:

Error: /Stage[main]/Ssl::Hiera/Ssl::Hiera::Certs[wwwhistories]/File[www.histories.wiki_private]: Could not evaluate: Could not retrieve file metadata for puppet:///ssl-keys/www.histories.wiki.key: Error 400 on SERVER: Not authorized to call find on /file_metadata/ssl-keys/www.histories.wiki.key with {:links=>"manage", :source_permissions=>"use"}

Tagged as unbreak now since this prevents any changes to custom domains, and since Puppet is failing, to config as a whole.

Event Timeline

Reception123 triaged this task as Unbreak Now! priority.Feb 5 2018, 05:44
Reception123 created this task.
Reception123 moved this task from Radar to Bugs on the Operations board.Feb 5 2018, 05:45
John added a comment.Feb 5 2018, 09:25

/etc/puppet/ssl-keys should be root owned.

@John it's root:puppet-users, I also tried chown to root:root but the error still appeared

Paladox added a subscriber: Paladox.Feb 5 2018, 16:25

Did you also do sudo chown -R root:root /etc/puppet/ssl-keys?

Yes, I tried that as well.

Reception123 closed this task as Resolved.Feb 5 2018, 16:55
Reception123 assigned this task to Southparkfan.

•SPF|Cloud> I've set chmod to 770 for the dir+keys and ownership to root:puppet

@John revi still can't push/commit private keys, since you have access now please take a look