Re: puppet agent won't recognize configuration

[catshirt]

i should add, i tried changing ownership (recursively) for /etc/puppet, to both my user, and the puppet user, to no avail.

On Friday, July 6, 2012 12:35:17 PM UTC-4, catshirt wrote:

hi all,

just started using puppet and i think it's great. but i'm having a number of problems surrounding the authentication of the servers.

on a fresh master, when i create a new client using the node_aws cloud provisioner (using --certname), the agent doesn't respect the generated configuration. `certname` is certainly listed under [main] in puppet.conf, so why wouldn't the agent recognize it?

$ sudo puppet master --configprint certname

analytics0

$ puppet master --configprint certname

analytics0

$ sudo puppet agent --configprint certname

analytics0

$ puppet agent --configprint certname

domu-x-x-x-x-x-x.compute-1.internal

$ ls -la /etc/puppet/puppet.conf

-rw-r--r--  1 root root puppet.conf

this pattern also occurs with the `server` option. i've also other, unrelated but similar sudo discrepancies that i think are leading to other problems (for another post...). for instance:

$ sudo puppet agent --configprint ssldir

/var/lib/puppet/ssl

$ puppet agent --configprint ssldir

/home/ubuntu/.puppet/ssl

thanks kindly!

[Nan Liu]

On Fri, Jul 6, 2012 at 9:35 AM, catshirt <n...@thefuture.fm> wrote:
> hi all,
>
> just started using puppet and i think it's great. but i'm having a number of
> problems surrounding the authentication of the servers.
>
> on a fresh master, when i create a new client using the node_aws cloud
> provisioner (using --certname), the agent doesn't respect the generated
> configuration. `certname` is certainly listed under [main] in puppet.conf,
> so why wouldn't the agent recognize it?

You are seeing the difference running puppet under root account vs.
the ubuntu account.

> $ sudo puppet master --configprint certname
> analytics0
> $ puppet master --configprint certname
> analytics0
> $ sudo puppet agent --configprint certname
> analytics0
> $ puppet agent --configprint certname
> domu-x-x-x-x-x-x.compute-1.internal

When running as root, puppet use the configuration specified in
/etc/puppet/puppet.conf. When running as a normal user such as ubuntu,
puppet use the configuration under ~/.puppet/puppet.conf, so in this
case this file is likely missing and puppet will use the default
certname which is the ec2 instance name as seen above.

> $ ls -la /etc/puppet/puppet.conf
> -rw-r--r-- 1 root root puppet.conf
>
> this pattern also occurs with the `server` option. i've also other,
> unrelated but similar sudo discrepancies that i think are leading to other
> problems (for another post...). for instance:
>
> $ sudo puppet agent --configprint ssldir
> /var/lib/puppet/ssl
> $ puppet agent --configprint ssldir
> /home/ubuntu/.puppet/ssl

So the settings above are correct between root vs. ubuntu user. In
general you need to run sudo puppet to make changes to the system
which should use the correct setting in /etc/puppet/puppet.conf.

Thanks,

Nan

[Nic Luciano]

thanks! this is what i suspected. but, my core issue then, it would seem, is that the node_aws cloud provisioner does not run the puppet agent in sudo.

i think this is the case, because when i provision a new agent via node_aws and provide a --certname, the autosigning process ignores it and uses the inferred certname instead. meaning whenever i bootstrap a node, i need to log in and reconfigure, which makes no sense.

what can i do to work around this?

thanks again.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.

To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.