Good afternoon!
I'm trying to get RBAC working on Solaris 11.2 for Puppet 3.4.1. Namely, I
need to be able to list and sign waiting certificates as a non-root user
(but with elevated RBAC permissions). No matter what happens, I can not
seem to get the @ca object that puppet/application/cert.rb uses to be
generated from /etc/puppet. It's always using my own home directory.
Tracing through the various classes and methods, I end up in
[463, 468] in
/usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/ssl/certificate_authority.rb
463 def waiting?
=> 464 Puppet::SSL::CertificateRequest.indirection.search("*").collect
{ |r| r.name }
465 end
<....>
[99, 108] in
/usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/indirector/ssl_file.rb
99 end
100
101 # Search for more than one file. At this point, it just returns
102 # an instance for every file in the directory.
103 def search(request)
=> 104 dir = collection_directory
105 Dir.entries(dir).
106 select { |file| file =~ /\.pem$/ }.
107 collect { |file| create_model(file.sub(/\.pem$/, ''),
File.join(dir, file)) }.
108 compact
(rdb:1) p collection_directory
"/home/dfisher/.puppet/ssl/ca/requests"
Where collection_directory is my home directory rather that the 'puppet'
user's (/etc/puppet)
If anybody has any ideas on what's going on, I'd love to hear them.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/276c8b73-eff2-4679-9914-3a805b403bf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
