Bug #1885
closeduser: "foreman-proxy" is unable to read inventory.txt
Description
I have installed a smart-proxy to manage PuppetCa.
The foreman-user is able to do sudo puppetca and list certificates.
But it can't read /var/lib/puppet/ssl/ca/inventory.txt since the folder ca is owned by puppet:root and it`s access-policy is set to 770.
Whenever I change permissions to file and folder it is going to be reset by puppet the next time I click on certificates from the foreman
Web-Ui.
Output from the foreman-proxy log:
E, [2012-10-04T11:32:20.947150 #27798] ERROR -- : Failed to list certificates: Unable to find CA inventory file at /var/lib/puppet/ssl/ca/inventory.txt
The inventory.txt is present. But the foreman-proxy user can't pass /var/lib/puppet/ssl/ca/ even for reading.
puppetd version = 2.6.17
foreman-proxy = 1.0.0-2
Updated by Greg Sutcliffe about 12 years ago
Can you try making it owned by puppet:puppet? The foreman-proxy should be a member of the puppet group, will then be able to read the file.
Updated by Greg Sutcliffe about 12 years ago
- Status changed from New to Resolved