Jira (PUP-9814) pxp-agent.conf file missing Administrators rights when puppet agent run as SYSTEM

10 views
Skip to first unread message

John O'Connor (JIRA)

unread,
Jul 5, 2019, 11:00:04 AM7/5/19
to puppe...@googlegroups.com
John O'Connor created an issue
 
Puppet / Bug PUP-9814
pxp-agent.conf file missing Administrators rights when puppet agent run as SYSTEM
Issue Type: Bug Bug
Affects Versions: PUP 6.4.2
Assignee: John O'Connor
Created: 2019/07/05 7:59 AM
Priority: Major Major
Reporter: John O'Connor

Puppet Version: 6.4.2
Puppet Server Version: N/A
OS Name/Version: Windows Server 2016 x64

This is a follow on issue from PUP-9719 to deal with the specific file pxp-agent.conf.

Although the main work for PUP-9719 appears to correct the permissions/rights issue for the cache files additional work is needed to resolve the issue for C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf

Desired Behavior:

Puppet Agent should run without error under Administrator

Actual Behavior:

Running the Puppet Agent command as Administrator gives the following result

PS C:\Users\Administrator> puppet agent -t
 
Info: Using configured environment 'production'
 
Info: Retrieving pluginfacts
 
Info: Retrieving plugin
 
Info: Retrieving locales
 
Info: Loading facts
 
Info: Caching catalog for umtzu5243z6go5b.delivery.puppetlabs.net
 
Info: Applying configuration version '1562236108'
 
Error: /Stage[main]/Puppet_enterprise::Pxp_agent/File[C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf]: Could not evaluate: Could not read file C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf: Permission denied @ rb_sysope
 
- C:/ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf
 
Notice: /Stage[main]/Puppet_enterprise::Pxp_agent::Service/Service[pxp-agent]: Dependency File[C:\ProgramData/PuppetLabs/pxp-agent/etc/pxp-agent.conf] has failures: true
 
Warning: /Stage[main]/Puppet_enterprise::Pxp_agent::Service/Service[pxp-agent]: Skipping because of failed dependencies
 
Notice: Applied catalog in 0.19 seconds
 
PS C:\Users\Administrator> puppet agent -t
 
Info: Using configured environment 'production'
 
Info: Retrieving pluginfacts
 
Info: Retrieving plugin
 
Info: Retrieving locales
 
Info: Loading facts
 
Info: Caching catalog for umtzu5243z6go5b.delivery.puppetlabs.net
 
Info: Applying configuration version '1562236108'
 
Notice: Applied catalog in 0.19 seconds

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

John O'Connor (JIRA)

unread,
Jul 5, 2019, 11:00:19 AM7/5/19
to puppe...@googlegroups.com
John O'Connor assigned an issue to Unassigned
Change By: John O'Connor
Assignee: John O'Connor

Mihai Buzgau (JIRA)

unread,
Jul 9, 2019, 9:26:03 AM7/9/19
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: PR - Triage

Mihai Buzgau (JIRA)

unread,
Jul 10, 2019, 5:40:02 AM7/10/19
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: PR - Triage 2019-07-23

Gabriel Nagy (JIRA)

unread,
Jul 15, 2019, 7:59:03 AM7/15/19
to puppe...@googlegroups.com
Gabriel Nagy assigned an issue to Gabriel Nagy
Change By: Gabriel Nagy
Assignee: Gabriel Nagy

Mihai Buzgau (JIRA)

unread,
Jul 24, 2019, 4:31:10 AM7/24/19
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Sprint: PR - 2019-07-23 , NW - 2019-08-07

Gabriel Nagy (JIRA)

unread,
Jul 25, 2019, 3:44:02 AM7/25/19
to puppe...@googlegroups.com

John O'Connor (JIRA)

unread,
Jul 25, 2019, 5:23:03 AM7/25/19
to puppe...@googlegroups.com
John O'Connor commented on Bug PUP-9814

Thanks Gabriel Nagy - I'm thinking there are two ways we could tackle this one:

  1. Modify the modify to explicitly set the Group to Administrators (my preference)
  2. Intercept the file: type and ensure any files under ProgramData\PuppetLabs or a sub-directory of that have group set as Administrators (quite a hacky approach hence my preference for the other).

/cc Gheorghe Popescu
Reply all
Reply to author
Forward
0 new messages