Project

General

Profile

Bug #1014

sudoers file does not support puppet 2.6+ for puppetca and puppetrun

Added by Corey Osman over 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

The default permissions in the /etc/sudoers files that smart-proxy only supports puppetca and puppetrun. Since puppetca is depreciated in 2.6+ an additional binary will need to be added to the sudoers file. Puppet now uses puppet kick for puppetrun and puppet cert for puppetca.

current:


foreman ALL = NOPASSWD: /usr/sbin/puppetca
Defaults:foreman !requiretty
foreman ALL = NOPASSWD: /usr/bin/puppetrun

foreman-proxy ALL = NOPASSWD: /usr/sbin/puppetca
Defaults:foreman-proxy !requiretty

Support for both

foreman ALL = NOPASSWD: /usr/sbin/puppetca, /opt/puppet/bin/puppet, /usr/local/bin/puppet
Defaults:foreman !requiretty
foreman ALL = NOPASSWD: /usr/sbin/puppetrun, /opt/puppet/bin/puppet, /usr/local/bin/puppet

foreman-proxy ALL = NOPASSWD: /usr/sbin/puppetca, /opt/puppet/bin/puppet, /usr/local/bin/puppet
Defaults:foreman-proxy !requiretty

History

#1 Updated by Greg Sutcliffe about 8 years ago

  • Status changed from New to Closed
  • Target version set to Bug scrub
  • % Done changed from 0 to 100

The installer should now add correct sudo permissions for the version of puppet running it. Closing.

Also available in: Atom PDF