never mind. puppet agent ignores the user/group config settings, so those should be kept at puppet, and ${::settings::user} / ${::settings::group} should not be used to configure agent-related options (such as file ownership).
On Tuesday, May 5, 2015 at 10:40:00 PM UTC-7, Johnson Earls wrote: > > I'm running into a frustrating issue, and I'm wondering if I'm just not > doing something right. > > My understanding is that the puppet agent has to run with the config > "user" and "group" set to "root" so that it can make changes to the system. > The puppet server, on the other hand, runs as user and group "puppet". > > However, every time the puppet agent activates, it changes the ownership > of *most* of the subdirectories and files within the > /etc/puppetlabs/puppet/ssl directory to root, which then prevents the > puppet server from either starting up or being able to sign certificates. > > Am I misunderstanding how these two processes work and interact? > > Should the puppet agent run with the config user/group set to "puppet", > even though puppet won't have permission to make most of the changes on the > system? > Or should the puppet server run as root? > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3955db48-4062-460c-a8a4-0df405277afb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.