Puppet users - Jul 2012 - puppet agent won't recognize configuration

hi all,

just started using puppet and i think it''s great. but i''m
having a number
of problems surrounding the authentication of the servers.

on a fresh master, when i create a new client using the node_aws cloud 
provisioner (using --certname), the agent doesn''t respect the generated
configuration. `certname` is certainly listed under [main] in puppet.conf, 
so why wouldn''t the agent recognize it?

$ sudo puppet master --configprint certname
analytics0
$ puppet master --configprint certname
analytics0
$ sudo puppet agent --configprint certname
analytics0
$ puppet agent --configprint certname
domu-x-x-x-x-x-x.compute-1.internal
$ ls -la /etc/puppet/puppet.conf
-rw-r--r--  1 root root puppet.conf

this pattern also occurs with the `server` option. i''ve also other, 
unrelated but similar sudo discrepancies that i think are leading to other 
problems (for another post...). for instance:

$ sudo puppet agent --configprint ssldir
/var/lib/puppet/ssl
$ puppet agent --configprint ssldir
/home/ubuntu/.puppet/ssl

thanks kindly!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ed2879tLeWEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

i should add, i tried changing ownership (recursively) for /etc/puppet, to 
both my user, and the puppet user, to no avail.

On Friday, July 6, 2012 12:35:17 PM UTC-4, catshirt
wrote:
>
> hi all,
>
> just started using puppet and i think it''s great. but i''m
having a number
> of problems surrounding the authentication of the servers.
>
> on a fresh master, when i create a new client using the node_aws cloud 
> provisioner (using --certname), the agent doesn''t respect the
generated
> configuration. `certname` is certainly listed under [main] in puppet.conf, 
> so why wouldn''t the agent recognize it?
>
> $ sudo puppet master --configprint certname
> analytics0
> $ puppet master --configprint certname
> analytics0
> $ sudo puppet agent --configprint certname
> analytics0
> $ puppet agent --configprint certname
> domu-x-x-x-x-x-x.compute-1.internal
> $ ls -la /etc/puppet/puppet.conf
> -rw-r--r--  1 root root puppet.conf
>
> this pattern also occurs with the `server` option. i''ve also
other,
> unrelated but similar sudo discrepancies that i think are leading to other 
> problems (for another post...). for instance:
>
> $ sudo puppet agent --configprint ssldir
> /var/lib/puppet/ssl
> $ puppet agent --configprint ssldir
> /home/ubuntu/.puppet/ssl
>
> thanks kindly!
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/RvmqFDQL0_AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Fri, Jul 6, 2012 at 9:35 AM, catshirt <nic@thefuture.fm>
wrote:
> hi all,
>
> just started using puppet and i think it''s great. but i''m
having a number of
> problems surrounding the authentication of the servers.
>
> on a fresh master, when i create a new client using the node_aws cloud
> provisioner (using --certname), the agent doesn''t respect the
generated
> configuration. `certname` is certainly listed under [main] in puppet.conf,
> so why wouldn''t the agent recognize it?
You are seeing the difference running puppet under root account vs.
the ubuntu account.
> $ sudo puppet master --configprint certname
> analytics0
> $ puppet master --configprint certname
> analytics0
> $ sudo puppet agent --configprint certname
> analytics0
> $ puppet agent --configprint certname
> domu-x-x-x-x-x-x.compute-1.internal
When running as root, puppet use the configuration specified in
/etc/puppet/puppet.conf. When running as a normal user such as ubuntu,
puppet use the configuration under ~/.puppet/puppet.conf, so in this
case this file is likely missing and puppet will use the default
certname which is the ec2 instance name as seen above.
> $ ls -la /etc/puppet/puppet.conf
> -rw-r--r--  1 root root puppet.conf
>
> this pattern also occurs with the `server` option. i''ve also
other,
> unrelated but similar sudo discrepancies that i think are leading to other
> problems (for another post...). for instance:
>
> $ sudo puppet agent --configprint ssldir
> /var/lib/puppet/ssl
> $ puppet agent --configprint ssldir
> /home/ubuntu/.puppet/ssl
So the settings above are correct between root vs. ubuntu user. In
general you need to run sudo puppet to make changes to the system
which should use the correct setting in /etc/puppet/puppet.conf.

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

thanks! this is what i suspected. but, my core issue then, it would seem,
is that the node_aws cloud provisioner does not run the puppet agent in
sudo.

i think this is the case, because when i provision a new agent via node_aws
and provide a --certname, the autosigning process ignores it and uses the
inferred certname instead. meaning whenever i bootstrap a node, i need to
log in and reconfigure, which makes no sense.

what can i do to work around this?

thanks again.

On Sun, Jul 8, 2012 at 5:12 PM, Nan Liu <nan@puppetlabs.com> wrote:
> On Fri, Jul 6, 2012 at 9:35 AM, catshirt <nic@thefuture.fm> wrote:
> > hi all,
> >
> > just started using puppet and i think it''s great. but
i''m having a
> number of
> > problems surrounding the authentication of the servers.
> >
> > on a fresh master, when i create a new client using the node_aws cloud
> > provisioner (using --certname), the agent doesn''t respect the
generated
> > configuration. `certname` is certainly listed under [main] in
> puppet.conf,
> > so why wouldn''t the agent recognize it?
>
> You are seeing the difference running puppet under root account vs.
> the ubuntu account.
>
> > $ sudo puppet master --configprint certname
> > analytics0
> > $ puppet master --configprint certname
> > analytics0
> > $ sudo puppet agent --configprint certname
> > analytics0
> > $ puppet agent --configprint certname
> > domu-x-x-x-x-x-x.compute-1.internal
>
> When running as root, puppet use the configuration specified in
> /etc/puppet/puppet.conf. When running as a normal user such as ubuntu,
> puppet use the configuration under ~/.puppet/puppet.conf, so in this
> case this file is likely missing and puppet will use the default
> certname which is the ec2 instance name as seen above.
>
> > $ ls -la /etc/puppet/puppet.conf
> > -rw-r--r--  1 root root puppet.conf
> >
> > this pattern also occurs with the `server` option. i''ve also
other,
> > unrelated but similar sudo discrepancies that i think are leading to
> other
> > problems (for another post...). for instance:
> >
> > $ sudo puppet agent --configprint ssldir
> > /var/lib/puppet/ssl
> > $ puppet agent --configprint ssldir
> > /home/ubuntu/.puppet/ssl
>
> So the settings above are correct between root vs. ubuntu user. In
> general you need to run sudo puppet to make changes to the system
> which should use the correct setting in /etc/puppet/puppet.conf.
>
> Thanks,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.