... | ... | @@ -26,7 +26,7 @@ Here is how to make the change: |
|
|
1. To any change on the Puppet server, you will first need to clone
|
|
|
the git repository:
|
|
|
|
|
|
git clone pauli.torproject.org:/srv/puppet.torproject.org/git/tor-puppet
|
|
|
git clone git@puppet.torproject.org:/srv/puppet.torproject.org/git/tor-puppet
|
|
|
|
|
|
This needs to be only done once.
|
|
|
|
... | ... | @@ -79,7 +79,7 @@ also confirm this tutorial is what is actually needed. |
|
|
1. To any change on the Puppet server, you will first need to clone
|
|
|
the git repository:
|
|
|
|
|
|
git clone pauli.torproject.org:/srv/puppet.torproject.org/git/tor-puppet
|
|
|
git clone git@puppet.torproject.org:/srv/puppet.torproject.org/git/tor-puppet
|
|
|
|
|
|
This needs to be only done once.
|
|
|
|
... | ... | @@ -1091,30 +1091,35 @@ more information: |
|
|
|
|
|
### Problems pushing to the Puppet server
|
|
|
|
|
|
Normally, when you push new commits to the Puppet server, a hook runs
|
|
|
and updates the working copy. But sometimes this fails with an error
|
|
|
like:
|
|
|
If you get this error when pushing commits to the Puppet server:
|
|
|
|
|
|
remote: error: unable to unlink old 'modules/ipsec/misc/config.yaml': Permission denied.
|
|
|
error: remote unpack failed: unable to create temporary object directory
|
|
|
|
|
|
The problem, in such cases, is that the files in the `/etc/puppet/`
|
|
|
checkout are not writable by your user. It could also happen that the
|
|
|
repository itself (in `/srv/puppet.torproject.org/git/tor-puppet`)
|
|
|
could have permission issues.
|
|
|
... or, longer version:
|
|
|
|
|
|
This problem is described in [issue 29663][] and is due to someone
|
|
|
not pushing properly before you. To fix the permissions, try:
|
|
|
anarcat@curie:tor-puppet$ LANG=C git push
|
|
|
Enumerating objects: 7, done.
|
|
|
Counting objects: 100% (7/7), done.
|
|
|
Delta compression using up to 4 threads
|
|
|
Compressing objects: 100% (3/3), done.
|
|
|
Writing objects: 100% (4/4), 772 bytes | 772.00 KiB/s, done.
|
|
|
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0
|
|
|
error: remote unpack failed: unable to create temporary object directory
|
|
|
To puppet.torproject.org:/srv/puppet.torproject.org/git/tor-puppet
|
|
|
! [remote rejected] master -> master (unpacker error)
|
|
|
error: failed to push some refs to 'puppet.torproject.org:/srv/puppet.torproject.org/git/tor-puppet'
|
|
|
anarcat@curie:tor-puppet[1]$
|
|
|
|
|
|
sudo chown -R root:adm /etc/puppet
|
|
|
sudo chown :puppet /etc/puppet/secret
|
|
|
sudo chmod -R g+rw /etc/puppet
|
|
|
sudo chmod g-w /etc/puppet/secret
|
|
|
It's because you're not using the `git` role account. Update your
|
|
|
remote URL configuration to use `git@puppet.torproject.org` instead,
|
|
|
with:
|
|
|
|
|
|
[issue 29663]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/29663
|
|
|
git remote set-url origin git@puppet.torproject.org:/srv/puppet.torproject.org/git/tor-puppet.git
|
|
|
|
|
|
A similar recipe could be applied to the git repository, as
|
|
|
needed. Hopefully this will be resolved when we start deploying with a
|
|
|
role account instead.
|
|
|
This is because we have switched to a role user for pushing changes to
|
|
|
the Git repository, see [issue 29663][] for details.
|
|
|
|
|
|
[issue 29663]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/29663
|
|
|
|
|
|
### Puppet server CA renewal
|
|
|
|
... | ... | |