[tor-bugs] #29663 [Internal Services/Services Admin Team]: Deploy /etc/puppet as a role account

[Tor Bug Tracker & Wiki]

#29663: Deploy /etc/puppet as a role account
-------------------------------------------------+-------------------------
 Reporter:  ln5                                  |          Owner:  anarcat
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Services Admin     |        Version:
  Team                                           |
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 this was obviously naive, on hetzner-hel1-01:

 {{{
 Error: /Stage[main]/Ssl/File[/etc/ssl/torproject-
 auto/serverkeys/thishost.key]: Could not evaluate: Could not retrieve file
 metadata for puppet:///modules/ssl/certs/hetzner-
 hel1-01.torproject.org.key: Error 500 on SERVER: Server Error: Permission
 denied @ rb_sysopen -
 /srv/puppet.torproject.org/stages/production/modules/ssl/files/certs
 /hetzner-hel1-01.torproject.org.key
 }}}

 Those files are now:

 {{{
 -rw-rw-r-- 1 root adm  5550 mar 13 16:05 hetzner-
 nbg1-01.torproject.org.crt
 -rw--w---- 1 root adm  1675 mar 13 16:05 hetzner-
 nbg1-01.torproject.org.key
 }}}

 Not sure what the permissions were before, but I'll grant a+r.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29663#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online