On Wed, May 7, 2014 at 4:07 PM, Drew Fisher <[email protected]> wrote:
> Good afternoon!
>
> I'm trying to get RBAC working on Solaris 11.2 for Puppet 3.4.1. Namely,
> I need to be able to list and sign waiting certificates as a non-root user
> (but with elevated RBAC permissions). No matter what happens, I can not
> seem to get the @ca object that puppet/application/cert.rb uses to be
> generated from /etc/puppet. It's always using my own home directory.
> Tracing through the various classes and methods, I end up in
>
>
Just to clarify what you are doing. You are running "puppet cert list" as a
non-root user? This isn't some ruby code that you wrote to use the puppet
code as a library.
If that is the case, then I think all that you are seeing is that when
puppet is running as non-root it will use $HOME/.puppet as its confdir and
$HOME/.puppet/var as the $vardir. When puppet runs as root it will use
/etc/puppet and /var/lib/puppet. So one way of doing this is to specify
"--confdir /etc/puppet --vardir /var/lib/puppet" on the command line. You
may still hit file permission problems when it tries to read and write
files, but I suppose you are taking care of that with the RBAC system on
Solaris (I don't know the details of that system).
> [463, 468] in
> /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/ssl/certificate_authority.rb
> 463 def waiting?
> => 464
> Puppet::SSL::CertificateRequest.indirection.search("*").collect { |r|
> r.name }
> 465 end
>
> <....>
>
> [99, 108] in
> /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/indirector/ssl_file.rb
> 99 end
> 100
> 101 # Search for more than one file. At this point, it just returns
> 102 # an instance for every file in the directory.
> 103 def search(request)
> => 104 dir = collection_directory
> 105 Dir.entries(dir).
> 106 select { |file| file =~ /\.pem$/ }.
> 107 collect { |file| create_model(file.sub(/\.pem$/, ''),
> File.join(dir, file)) }.
> 108 compact
>
> (rdb:1) p collection_directory
> "/home/dfisher/.puppet/ssl/ca/requests"
>
> Where collection_directory is my home directory rather that the 'puppet'
> user's (/etc/puppet)
>
> If anybody has any ideas on what's going on, I'd love to hear them.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-dev/276c8b73-eff2-4679-9914-3a805b403bf6%40googlegroups.com<https://groups.google.com/d/msgid/puppet-dev/276c8b73-eff2-4679-9914-3a805b403bf6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Andrew Parker
[email protected]
Freenode: zaphod42
Twitter: @aparker42
Software Developer
*Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September
22-24 in San Francisco*
*Register by May 30th to take advantage of the Early Adopter discount
<http://links.puppetlabs.com/puppetconf-early-adopter> **—**save $349!*
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/CANhgQXuTq1UPP2DMy51WAQk1h3o_ZnbQP%2BDX7BiRpT4BV%2BEdOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
