Trying to configure ENC with Puppet 3.1.1 and getting an error while
running node.rb as puppet user
Neither PUB key nor PRIV key:: header too long
I can manually see the created yaml files, but it looks like its failing to
do SSL to server. Running foreman under apache… as far as I know the ssl
certs look good, the ones references in node.rb are the same as the ones in
the conf.d/foreman.conf for apache and I can visit the apache site and see
all the foreman activity there.
anything obvious I should try?
Oracle Linux 6.4
-bash-4.1$ rpm -qa | grep foreman
foreman-release-1.1stable-3.el6.noarch
foreman-sqlite-1.1stable-3.el6.noarch
foreman-1.1stable-3.el6.noarch
foreman-proxy-1.1stable-1.el6.noarch
foreman-installer-1.1.1-1.noarch
-bash-4.1$ rpm -qa | grep ssl
nss_compat_ossl-0.9.6-1.el6.x86_64
mod_ssl-2.2.15-26.0.1.el6.x86_64
openssl-1.0.0-27.el6_4.2.x86_64
openssl-devel-1.0.0-27.el6_4.2.x86_64
I can go to the host on the web and view "external node YAML dump" ok…
···
---
environment: production
classes: {}
parameters:
puppetmaster: ""
foreman_env: production
root_pw: abcdefghi
I restored a snapshot pre foreman, re-ran the setup after fixing some mroe
.pp files fore improper handling of OracleLinux and i seem to be good now.
Submitted my updates as a bug to redmine, going to try and pull the git
repos down and submit a patch, little rusty on my git skills though 
-byron
···
On Tuesday, March 19, 2013 4:37:04 PM UTC-5, Byron Miller wrote:
>
> Trying to configure ENC with Puppet 3.1.1 and getting an error while
> running node.rb as puppet user
>
> Neither PUB key nor PRIV key:: header too long
>
> I can manually see the created yaml files, but it looks like its failing
> to do SSL to server. Running foreman under apache.. as far as I know the
> ssl certs look good, the ones references in node.rb are the same as the
> ones in the conf.d/foreman.conf for apache and I can visit the apache site
> and see all the foreman activity there.
>
> anything obvious I should try?
>
> Oracle Linux 6.4
>
> -bash-4.1$ rpm -qa | grep foreman
> foreman-release-1.1stable-3.el6.noarch
> foreman-sqlite-1.1stable-3.el6.noarch
> foreman-1.1stable-3.el6.noarch
> foreman-proxy-1.1stable-1.el6.noarch
> foreman-installer-1.1.1-1.noarch
>
> -bash-4.1$ rpm -qa | grep ssl
> nss_compat_ossl-0.9.6-1.el6.x86_64
> mod_ssl-2.2.15-26.0.1.el6.x86_64
> openssl-1.0.0-27.el6_4.2.x86_64
> openssl-devel-1.0.0-27.el6_4.2.x86_64
> I can go to the host on the web and view "external node YAML dump" ok..
>
>
> ---
> environment: production
> classes: {}
> parameters:
> puppetmaster: ""
> foreman_env: production
> root_pw: abcdefghi
>
>
nvm, i spoke too soon, I'm getting the same error… it was working, now its
giving me the same error.
-bash$ ./node.rb puppet.mydomain.com
Could not send facts to Foreman: Neither PUB key nor PRIV key:: header too
long
if it runs as root i get…
[@puppet puppet]# sudo su - puppet -s /bin/bash /etc/puppet/node.rb
puppet.mydomain.com
/etc/puppet/node.rb: line 8: SETTINGS: command not found
/etc/puppet/node.rb: line 9: https://puppet.mydomain.com,: No such file or
directory
/etc/puppet/node.rb: line 10: /var/lib/puppet,: Permission denied
/etc/puppet/node.rb: line 11: :facts: command not found
/etc/puppet/node.rb: line 12: :storeconfigs: command not found
/etc/puppet/node.rb: line 13: :timeout: command not found
/etc/puppet/node.rb: line 15: :ssl_ca: command not found
/etc/puppet/node.rb: line 17: :ssl_cert: command not found
/etc/puppet/node.rb: line 18: :ssl_key: command not found
/etc/puppet/node.rb: line 19: syntax error near unexpected token }' /etc/puppet/node.rb: line 19:}'
···
On Wednesday, March 20, 2013 8:01:37 AM UTC-5, Byron Miller wrote:
>
> I restored a snapshot pre foreman, re-ran the setup after fixing some mroe
> .pp files fore improper handling of OracleLinux and i seem to be good now.
>
> Submitted my updates as a bug to redmine, going to try and pull the git
> repos down and submit a patch, little rusty on my git skills though :)
>
> -byron
>
> On Tuesday, March 19, 2013 4:37:04 PM UTC-5, Byron Miller wrote:
>>
>> Trying to configure ENC with Puppet 3.1.1 and getting an error while
>> running node.rb as puppet user
>>
>> Neither PUB key nor PRIV key:: header too long
>>
>> I can manually see the created yaml files, but it looks like its failing
>> to do SSL to server. Running foreman under apache.. as far as I know the
>> ssl certs look good, the ones references in node.rb are the same as the
>> ones in the conf.d/foreman.conf for apache and I can visit the apache site
>> and see all the foreman activity there.
>>
>> anything obvious I should try?
>>
>> Oracle Linux 6.4
>>
>> -bash-4.1$ rpm -qa | grep foreman
>> foreman-release-1.1stable-3.el6.noarch
>> foreman-sqlite-1.1stable-3.el6.noarch
>> foreman-1.1stable-3.el6.noarch
>> foreman-proxy-1.1stable-1.el6.noarch
>> foreman-installer-1.1.1-1.noarch
>>
>> -bash-4.1$ rpm -qa | grep ssl
>> nss_compat_ossl-0.9.6-1.el6.x86_64
>> mod_ssl-2.2.15-26.0.1.el6.x86_64
>> openssl-1.0.0-27.el6_4.2.x86_64
>> openssl-devel-1.0.0-27.el6_4.2.x86_64
>> I can go to the host on the web and view "external node YAML dump" ok..
>>
>>
>> ---
>> environment: production
>> classes: {}
>> parameters:
>> puppetmaster: ""
>> foreman_env: production
>> root_pw: abcdefghi
>>
>>
looks like something is stomping on my private key…
[root@puppet puppet]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 29 of /etc/httpd/conf.d/foreman.conf:
SSLCertificateKeyFile: file
'/var/lib/puppet/ssl/private_keys/puppet.mydomain.com.pem' does not exist
or is empty
[FAILED]
[root@puppet puppet]# cd /var/lib/puppet/ssl
[root@puppet private_keys]# ll
total 0
-rw-r----- 1 puppet puppet 0 Mar 20 08:23 puppet.mydomain.com.pem
···
On Wednesday, March 20, 2013 8:21:57 AM UTC-5, Byron Miller wrote:
>
> nvm, i spoke too soon, I'm getting the same error.. it was working, now
> its giving me the same error.
>
> -bash$ ./node.rb puppet.mydomain.com
> Could not send facts to Foreman: Neither PUB key nor PRIV key:: header too
> long
>
> if it runs as root i get..
>
> [@puppet puppet]# sudo su - puppet -s /bin/bash /etc/puppet/node.rb
> puppet.mydomain.com
> /etc/puppet/node.rb: line 8: SETTINGS: command not found
> /etc/puppet/node.rb: line 9: https://puppet.mydomain.com,: No such file
> or directory
> /etc/puppet/node.rb: line 10: /var/lib/puppet,: Permission denied
> /etc/puppet/node.rb: line 11: :facts: command not found
> /etc/puppet/node.rb: line 12: :storeconfigs: command not found
> /etc/puppet/node.rb: line 13: :timeout: command not found
> /etc/puppet/node.rb: line 15: :ssl_ca: command not found
> /etc/puppet/node.rb: line 17: :ssl_cert: command not found
> /etc/puppet/node.rb: line 18: :ssl_key: command not found
> /etc/puppet/node.rb: line 19: syntax error near unexpected token `}'
> /etc/puppet/node.rb: line 19: `}'
>
>
> On Wednesday, March 20, 2013 8:01:37 AM UTC-5, Byron Miller wrote:
>>
>> I restored a snapshot pre foreman, re-ran the setup after fixing some
>> mroe .pp files fore improper handling of OracleLinux and i seem to be good
>> now.
>>
>> Submitted my updates as a bug to redmine, going to try and pull the git
>> repos down and submit a patch, little rusty on my git skills though :)
>>
>> -byron
>>
>> On Tuesday, March 19, 2013 4:37:04 PM UTC-5, Byron Miller wrote:
>>>
>>> Trying to configure ENC with Puppet 3.1.1 and getting an error while
>>> running node.rb as puppet user
>>>
>>> Neither PUB key nor PRIV key:: header too long
>>>
>>> I can manually see the created yaml files, but it looks like its failing
>>> to do SSL to server. Running foreman under apache.. as far as I know the
>>> ssl certs look good, the ones references in node.rb are the same as the
>>> ones in the conf.d/foreman.conf for apache and I can visit the apache site
>>> and see all the foreman activity there.
>>>
>>> anything obvious I should try?
>>>
>>> Oracle Linux 6.4
>>>
>>> -bash-4.1$ rpm -qa | grep foreman
>>> foreman-release-1.1stable-3.el6.noarch
>>> foreman-sqlite-1.1stable-3.el6.noarch
>>> foreman-1.1stable-3.el6.noarch
>>> foreman-proxy-1.1stable-1.el6.noarch
>>> foreman-installer-1.1.1-1.noarch
>>>
>>> -bash-4.1$ rpm -qa | grep ssl
>>> nss_compat_ossl-0.9.6-1.el6.x86_64
>>> mod_ssl-2.2.15-26.0.1.el6.x86_64
>>> openssl-1.0.0-27.el6_4.2.x86_64
>>> openssl-devel-1.0.0-27.el6_4.2.x86_64
>>> I can go to the host on the web and view "external node YAML dump" ok..
>>>
>>>
>>> ---
>>> environment: production
>>> classes: {}
>>> parameters:
>>> puppetmaster: ""
>>> foreman_env: production
>>> root_pw: abcdefghi
>>>
>>>
> nvm, i spoke too soon, I'm getting the same error… it was working, now
> its giving me the same error.
>
> -bash$ ./node.rb puppet.mydomain.com
> Could not send facts to Foreman: Neither PUB key nor PRIV key:: header
> too long
This suggests to me it can't read one of the files defined in the ssl_*
settings at the top of the script, or perhaps the filename is wrong?
Check they all exist and are readable by the puppet user.
> if it runs as root i get…
>
> [@puppet puppet]# sudo su - puppet -s /bin/bash /etc/puppet/node.rb
> puppet.mydomain.com
> /etc/puppet/node.rb: line 8: SETTINGS: command not found
It's not a bash script, it should be run with Ruby or just
/etc/puppet/node.rb to use the shebang line.
sudo -u puppet /etc/puppet/node.rb puppet.mydomain.com
···
On 20/03/13 13:21, Byron Miller wrote:
–
Dominic Cleal
Red Hat Engineering
doing another restore, making a backup of ssl certs and - re-running setup
and seeing if i can find out what is zeroing out the ssl key.
-byron
···
On Wednesday, March 20, 2013 8:26:34 AM UTC-5, Dominic Cleal wrote:
>
> On 20/03/13 13:21, Byron Miller wrote:
> > nvm, i spoke too soon, I'm getting the same error.. it was working, now
> > its giving me the same error.
> >
> > -bash$ ./node.rb puppet.mydomain.com
> > Could not send facts to Foreman: Neither PUB key nor PRIV key:: header
> > too long
>
> This suggests to me it can't read one of the files defined in the ssl_*
> settings at the top of the script, or perhaps the filename is wrong?
> Check they all exist and are readable by the puppet user.
>
> > if it runs as root i get..
> >
> > [@puppet puppet]# sudo su - puppet -s /bin/bash /etc/puppet/node.rb
> > puppet.mydomain.com
> > /etc/puppet/node.rb: line 8: SETTINGS: command not found
>
> It's not a bash script, it should be run with Ruby or just
> /etc/puppet/node.rb to use the shebang line.
>
> sudo -u puppet /etc/puppet/node.rb puppet.mydomain.com
>
> --
> Dominic Cleal
> Red Hat Engineering
>
You're the third person to report this, but I no idea how it is, or
could be happening. If you can narrow down what it is somehow, that'd
be great.
···
On 20/03/13 13:26, Byron Miller wrote:
> looks like something is stomping on my private key..
> [root@puppet puppet]# service httpd restart
> Stopping httpd: [ OK ]
> Starting httpd: Syntax error on line 29 of /etc/httpd/conf.d/foreman.conf:
> SSLCertificateKeyFile: file
> '/var/lib/puppet/ssl/private_keys/puppet.mydomain.com.pem' does not
> exist or is empty
> [FAILED]
> [root@puppet puppet]# cd /var/lib/puppet/ssl
>
> [root@puppet private_keys]# ll
> total 0
> -rw-r----- 1 puppet puppet 0 Mar 20 08:23 puppet.mydomain.com.pem
–
Dominic Cleal
Red Hat Engineering
I took a snapshot of the buggered instance, i'll copy over the SSL certs
again from my pre-upgrade snapshot and see if i can find out what is 0'ing
out the file. I'll keep ya posted!
Thanks!
-byron
···
On Wednesday, March 20, 2013 8:37:49 AM UTC-5, Dominic Cleal wrote:
>
> On 20/03/13 13:26, Byron Miller wrote:
> > looks like something is stomping on my private key..
> > [root@puppet puppet]# service httpd restart
> > Stopping httpd: [ OK ]
> > Starting httpd: Syntax error on line 29 of
> /etc/httpd/conf.d/foreman.conf:
> > SSLCertificateKeyFile: file
> > '/var/lib/puppet/ssl/private_keys/puppet.mydomain.com.pem' does not
> > exist or is empty
> > [FAILED]
> > [root@puppet puppet]# cd /var/lib/puppet/ssl
> >
> > [root@puppet private_keys]# ll
> > total 0
> > -rw-r----- 1 puppet puppet 0 Mar 20 08:23 puppet.mydomain.com.pem
>
> You're the third person to report this, but I no idea how it is, or
> could be happening. If you can narrow down what it is somehow, that'd
> be great.
>
> --
> Dominic Cleal
> Red Hat Engineering
>
Restoring my private key and everything works again, will keep hammering my
system and see if the key gets 0'd out.
I'm curious of its the config in puppet.conf that is 0'ing out the key.
Allow services in the 'puppet' group to access key (Foreman + proxy)
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
puppet 3.1.1
-byron
···
On Wednesday, March 20, 2013 8:37:49 AM UTC-5, Dominic Cleal wrote:
>
> On 20/03/13 13:26, Byron Miller wrote:
> > looks like something is stomping on my private key..
> > [root@puppet puppet]# service httpd restart
> > Stopping httpd: [ OK ]
> > Starting httpd: Syntax error on line 29 of
> /etc/httpd/conf.d/foreman.conf:
> > SSLCertificateKeyFile: file
> > '/var/lib/puppet/ssl/private_keys/puppet.mydomain.com.pem' does not
> > exist or is empty
> > [FAILED]
> > [root@puppet puppet]# cd /var/lib/puppet/ssl
> >
> > [root@puppet private_keys]# ll
> > total 0
> > -rw-r----- 1 puppet puppet 0 Mar 20 08:23 puppet.mydomain.com.pem
>
> You're the third person to report this, but I no idea how it is, or
> could be happening. If you can narrow down what it is somehow, that'd
> be great.
>
> --
> Dominic Cleal
> Red Hat Engineering
>
Hopefully not - those simply change the existing built-in defaults that
Puppet has of setting the group to "root" and mode to 600. Puppet will
continue to manage those files with or without them.
···
On 20/03/13 14:47, Byron Miller wrote:
> Restoring my private key and everything works again, will keep hammering
> my system and see if the key gets 0'd out.
>
> I'm curious of its the config in puppet.conf that is 0'ing out the key.
>
> # Allow services in the 'puppet' group to access key (Foreman + proxy)
> privatekeydir = $ssldir/private_keys { group = service }
> hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>
> puppet 3.1.1
–
Dominic Cleal
Red Hat Engineering
I see that this topic has not had any updates for a while, but I ran into
this issue today myself with foreman 1.1 on RHEL6. Any other ideas what
may have caused this yet?
···
On Wednesday, March 20, 2013 10:53:47 AM UTC-4, Dominic Cleal wrote:
>
> On 20/03/13 14:47, Byron Miller wrote:
> > Restoring my private key and everything works again, will keep hammering
> > my system and see if the key gets 0'd out.
> >
> > I'm curious of its the config in puppet.conf that is 0'ing out the key.
> >
> > # Allow services in the 'puppet' group to access key (Foreman + proxy)
> > privatekeydir = $ssldir/private_keys { group = service }
> > hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
> >
> > puppet 3.1.1
>
> Hopefully not - those simply change the existing built-in defaults that
> Puppet has of setting the group to "root" and mode to 600. Puppet will
> continue to manage those files with or without them.
>
> --
> Dominic Cleal
> Red Hat Engineering
>
I got the same problem right now, puppet stoped working and foud out that
the private pem size is 0…
Using Foreman 1.1stable with puppet 3.2.1
Will post more if I find something more
···
On Wednesday, June 26, 2013 6:15:40 PM UTC+2, gilbe...@gmail.com wrote:
>
> I see that this topic has not had any updates for a while, but I ran into
> this issue today myself with foreman 1.1 on RHEL6. Any other ideas what
> may have caused this yet?
>
> On Wednesday, March 20, 2013 10:53:47 AM UTC-4, Dominic Cleal wrote:
>>
>> On 20/03/13 14:47, Byron Miller wrote:
>> > Restoring my private key and everything works again, will keep
>> hammering
>> > my system and see if the key gets 0'd out.
>> >
>> > I'm curious of its the config in puppet.conf that is 0'ing out the key.
>> >
>> > # Allow services in the 'puppet' group to access key (Foreman + proxy)
>> > privatekeydir = $ssldir/private_keys { group = service }
>> > hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>> >
>> > puppet 3.1.1
>>
>> Hopefully not - those simply change the existing built-in defaults that
>> Puppet has of setting the group to "root" and mode to 600. Puppet will
>> continue to manage those files with or without them.
>>
>> --
>> Dominic Cleal
>> Red Hat Engineering
>>
>
I just found out that executing
sudo su - puppet -s /bin/bash /etc/puppet/node.rb whateverhost
Makes the private pem certificat become empty :S, I hope it was just that.
···
On Wednesday, July 3, 2013 3:33:05 PM UTC+2, David Caro wrote:
>
> I got the same problem right now, puppet stoped working and foud out that
> the private pem size is 0...
>
> Using Foreman 1.1stable with puppet 3.2.1
>
> Will post more if I find something more
>
>
> On Wednesday, June 26, 2013 6:15:40 PM UTC+2, gilbe...@gmail.com wrote:
>>
>> I see that this topic has not had any updates for a while, but I ran into
>> this issue today myself with foreman 1.1 on RHEL6. Any other ideas what
>> may have caused this yet?
>>
>> On Wednesday, March 20, 2013 10:53:47 AM UTC-4, Dominic Cleal wrote:
>>>
>>> On 20/03/13 14:47, Byron Miller wrote:
>>> > Restoring my private key and everything works again, will keep
>>> hammering
>>> > my system and see if the key gets 0'd out.
>>> >
>>> > I'm curious of its the config in puppet.conf that is 0'ing out the
>>> key.
>>> >
>>> > # Allow services in the 'puppet' group to access key (Foreman +
>>> proxy)
>>> > privatekeydir = $ssldir/private_keys { group = service }
>>> > hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>>> >
>>> > puppet 3.1.1
>>>
>>> Hopefully not - those simply change the existing built-in defaults that
>>> Puppet has of setting the group to "root" and mode to 600. Puppet will
>>> continue to manage those files with or without them.
>>>
>>> --
>>> Dominic Cleal
>>> Red Hat Engineering
>>>
>>
Confirming this. My private key was also wiped out after running that
command. Interestingly, that command came from
http://projects.theforeman.org/projects/foreman/wiki/External_Nodes
Will try to update the wiki or submit a bug there.
···
On Wednesday, 3 July 2013 19:23:12 UTC+5:30, David Caro wrote:
>
> I just found out that executing
>
> sudo su - puppet -s /bin/bash /etc/puppet/node.rb whateverhost
>
> Makes the private pem certificat become empty :S, I hope it was just that.
>
> On Wednesday, July 3, 2013 3:33:05 PM UTC+2, David Caro wrote:
>>
>> I got the same problem right now, puppet stoped working and foud out that
>> the private pem size is 0...
>>
>> Using Foreman 1.1stable with puppet 3.2.1
>>
>> Will post more if I find something more
>>
>>
>> On Wednesday, June 26, 2013 6:15:40 PM UTC+2, gilbe...@gmail.com wrote:
>>>
>>> I see that this topic has not had any updates for a while, but I ran
>>> into this issue today myself with foreman 1.1 on RHEL6. Any other ideas
>>> what may have caused this yet?
>>>
>>> On Wednesday, March 20, 2013 10:53:47 AM UTC-4, Dominic Cleal wrote:
>>>>
>>>> On 20/03/13 14:47, Byron Miller wrote:
>>>> > Restoring my private key and everything works again, will keep
>>>> hammering
>>>> > my system and see if the key gets 0'd out.
>>>> >
>>>> > I'm curious of its the config in puppet.conf that is 0'ing out the
>>>> key.
>>>> >
>>>> > # Allow services in the 'puppet' group to access key (Foreman +
>>>> proxy)
>>>> > privatekeydir = $ssldir/private_keys { group = service }
>>>> > hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>>>> >
>>>> > puppet 3.1.1
>>>>
>>>> Hopefully not - those simply change the existing built-in defaults that
>>>> Puppet has of setting the group to "root" and mode to 600. Puppet will
>>>> continue to manage those files with or without them.
>>>>
>>>> --
>>>> Dominic Cleal
>>>> Red Hat Engineering
>>>>
>>>
Fixed the said wiki page. Actually in the original author's defense I can
say that it was a multi-line command! First line switched to the puppet
user and started bash and second one called the ENC script.
···
On Wednesday, 31 July 2013 15:18:43 UTC+5:30, Knight Samar wrote:
>
> Confirming this. My private key was also wiped out after running that
> command. Interestingly, that command came from
> http://projects.theforeman.org/projects/foreman/wiki/External_Nodes
>
> Will try to update the wiki or submit a bug there.
>
> On Wednesday, 3 July 2013 19:23:12 UTC+5:30, David Caro wrote:
>>
>> I just found out that executing
>>
>> sudo su - puppet -s /bin/bash /etc/puppet/node.rb whateverhost
>>
>> Makes the private pem certificat become empty :S, I hope it was just that.
>>
>> On Wednesday, July 3, 2013 3:33:05 PM UTC+2, David Caro wrote:
>>>
>>> I got the same problem right now, puppet stoped working and foud out
>>> that the private pem size is 0...
>>>
>>> Using Foreman 1.1stable with puppet 3.2.1
>>>
>>> Will post more if I find something more
>>>
>>>
>>> On Wednesday, June 26, 2013 6:15:40 PM UTC+2, gilbe...@gmail.com wrote:
>>>>
>>>> I see that this topic has not had any updates for a while, but I ran
>>>> into this issue today myself with foreman 1.1 on RHEL6. Any other ideas
>>>> what may have caused this yet?
>>>>
>>>> On Wednesday, March 20, 2013 10:53:47 AM UTC-4, Dominic Cleal wrote:
>>>>>
>>>>> On 20/03/13 14:47, Byron Miller wrote:
>>>>> > Restoring my private key and everything works again, will keep
>>>>> hammering
>>>>> > my system and see if the key gets 0'd out.
>>>>> >
>>>>> > I'm curious of its the config in puppet.conf that is 0'ing out the
>>>>> key.
>>>>> >
>>>>> > # Allow services in the 'puppet' group to access key (Foreman +
>>>>> proxy)
>>>>> > privatekeydir = $ssldir/private_keys { group = service }
>>>>> > hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
>>>>> >
>>>>> > puppet 3.1.1
>>>>>
>>>>> Hopefully not - those simply change the existing built-in defaults
>>>>> that
>>>>> Puppet has of setting the group to "root" and mode to 600. Puppet
>>>>> will
>>>>> continue to manage those files with or without them.
>>>>>
>>>>> --
>>>>> Dominic Cleal
>>>>> Red Hat Engineering
>>>>>
>>>>
