Hi all,
I've setup a puppet module to install and keep the bacula backup system
running on a number of systems.
Part of the formula I've come up with is to transfer an SSL cert/key pair
to each host that uses the module. So that bacula can work over TLS.
I have this defined in my bacula config manifest:
file { "/etc/pki/tls/private/${::hostname}.mydomain.com.key":
notify => Service["bacula-fd"],
owner => "bacula",
group => "bacula",
mode => 0400,
require => Package["bacula-client","bacula-common"],
source =>
"puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.key",
}
file { "/etc/pki/tls/certs/${::hostname}.mydomain.com.crt":
notify => Service["bacula-fd"],
owner => "bacula",
group => "bacula",
mode => 0400,
require => Package["bacula-client","bacula-common"],
source =>
"puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.crt",
}
This has been working perfectly fine for a while now. But only on SOME
hosts that were recently added I'm getting permission denied errors on the
keypairs that I'm trying to send over.
*Error:*
/Stage[main]/Bacula::Config/File[/etc/pki/tls/certs/monitor1.mydomain.com.crt]:*
Could not evaluate: Could not retrieve information from environment
production source(s)*
puppet:///modules/bacula/monitor1/monitor1.mydomain.com.crt
*Error*:
/Stage[main]/Bacula::Config/File[/etc/pki/tls/private/monitor1.mydomain.com.key]:
*Could not evaluate: Could not retrieve information from environment
production source(s) *
puppet:///modules/bacula/monitor1/monitor1.mydomain.com.key
And this is the weird part! All of the directories that I'm transferring
keys and certs from have identical ownership and permissions for both the
working and the non working hosts!
This is a directory listing of certs and keys that does NOT work:
environments/production/modules/bacula/files/monitor1:
total 8.0K
-rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt
-rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key
And this is a listing from a directory containing certs and keys that DOES
work:
environments/production/modules/bacula/files/logs:
total 8.0K
-rw-r--r--. 1 puppet puppet 1.9K Apr 23 22:14 logs.jokefire.com.crt
-rw-r--r--. 1 puppet puppet 3.2K Apr 23 22:14 logs.jokefire.com.key
And these are permissions on the directories themselves:
drwxr-xr-x. 2 puppet puppet 62 Jun 16 22:13
environments/production/modules/bacula/files/logs
drwxr-xr-x. 2 puppet puppet 70 Jun 16 22:14
environments/production/modules/bacula/files/monitor1
Trouble is I can tell no difference between the working and non working
directories.
If I run puppet with the bacula module on the monitor1 host, I get the
error. If I run puppet with the bacula module on the logs host, everything
works fine!
I'm just wondering what I may be missing that could get rid of that error!
Thanks,
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0ekwcGN%2B609_K0pS6-zm%2B5tEpCpqkx_LHHmrhCk0cb-MsQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
