Bug #1801
closed
Permissions issue when running as non root
Description
My setup:
Ubuntu 12.04 - 32 bit "server"
puppet - 2.7.18 - installed from packages
foreman - Version 1.0 - installed from git, using "git clone https://github.com/theforeman/foreman.git -b develop" on 8/1/2012
foreman-proxy - 1.1-~nightlybuild13433420 - installed from packages
I have puppet master, foreman and foreman-proxy all installed on the same system.
When I run foreman-proxy as the package created 'foreman-proxy' user (using service foreman-proxy start), wget -q -O - http://localhost:8443/puppet/environments outputs ["production"], an environment that does not exist on my puppet master.
When I run foreman-proxy as root (using RAILS_ENV=production bin/smart-proxy or bin/smart-proxy) then wget -q -O - http://localhost:8443/puppet/environments outputs ["test"] which is the only environment I have installed on this box.
Some of the relevant permissions:
var/lib/puppet: drwxr-x--- 14 puppet puppet 4096 Aug 1 12:39 puppet/
root@puppet-test-vm-000:/var/lib/puppet# ll total 60 drwxr-x--- 14 puppet puppet 4096 Aug 1 12:39 ./ drwxr-xr-x 37 root root 4096 Aug 1 11:27 ../ -rw------- 1 puppet puppet 129 Aug 1 12:45 .bash_history drwxr-x--- 10 puppet puppet 4096 Aug 1 12:59 bucket/ drwxr-x--- 3 root root 4096 Aug 1 06:39 clientbucket/ drwxr-x--- 2 root root 4096 Aug 1 06:34 client_data/ drwxr-x--- 3 root root 4096 Aug 1 06:35 client_yaml/ drwxr-xr-x 2 root root 4096 Jul 31 14:56 facts/ drwxr-xr-x 3 root root 4096 Aug 1 06:34 lib/ drwxr-x--- 3 puppet puppet 4096 Aug 1 06:34 reports/ drwxr-x--- 2 puppet puppet 4096 Jul 31 14:56 rrd/ drwxr-x--- 2 puppet puppet 4096 Jul 31 14:56 server_data/ drwxrwx--x 8 puppet root 4096 Jul 31 14:56 ssl/ drwxr-xr-t 3 puppet puppet 4096 Aug 1 13:46 state/ drwxr-x--- 5 puppet puppet 4096 Aug 1 12:45 yaml/
root@puppet-test-vm-000:/etc/puppet# ll total 52 drwxr-xr-x 7 root root 4096 Aug 1 12:59 ./ drwxr-xr-x 85 root root 4096 Aug 1 11:00 ../ -rw-r--r-- 1 root root 2747 Aug 1 06:16 auth.conf drwxr-xr-x 3 root root 4096 Aug 1 06:12 environments/ -rw-r--r-- 1 root root 462 Aug 1 06:16 fileserver.conf drwxr-xr-x 2 root root 4096 Aug 1 06:16 hieradata/ -rw-r--r-- 1 root root 117 Aug 1 06:16 hiera.yaml drwxr-xr-x 2 root root 4096 Jul 10 14:04 manifests/ drwxr-xr-x 3 root root 4096 Aug 1 06:16 modules/ -rw-r--r-- 1 root root 27 Aug 1 06:16 namespaceauth.conf -rwxr-xr-x 1 root root 2708 Aug 1 12:43 node.rb* -rw-r--r-- 1 root root 975 Aug 1 12:59 puppet.conf drwxr-xr-x 2 root root 4096 Jul 10 14:04 templates/
Updated by Sam Kottler over 12 years ago
What user is the puppetmaster running as? It should be "puppet" if you are using webrick or httpd/www-data if you're using Apache w/ Passenger. In any case you should be able to run the smart-proxy as the "puppet" user and not run into any issues after changing the permissions of /etc/puppet so they are accessible by the user that smart-proxy is running as.
Make sense?
Updated by Anonymous over 8 years ago
- Description updated (diff)
- Status changed from New to Rejected
Smart-proxy returns 'production' environment if no environments have been detected/are accessible. Make sure that the account used to run smart-proxy process has access to /etc/puppet if puppet environment api isn't being used.