In Puppet, I use an EXEC resource to "view" files from TFS by calling TF.EXE. The TF VIEW command allows me to fetch the files without needing a workspace.
I am using Puppet 3.4.3 with Puppet Enterprise 3.2.3. The agent is running on a Windows 2008R2 VM.
When the automatically scheduled puppet agent run occurs, the TF VIEW commands all succeed. When I use "Live Management" to perform a "runonce", the TF VIEW commands all log an error to puppet and the windows application log, the infamous TF30063 error.
Thinking that the two methods might use different authentication, I hard-coded a user/password in the TF command. This did not fix the problem.
I tried other things:
Here is the flavor of the TF.EXE command:
TF.exe view /collection:http://<MY_SERVER>.<MYCOMPANY>.com:8080/tfs/<MY_COLLECTION> /output:c:\phx_deployer\<MORE_PATH>\<MY_FILE>.zip $\ReleasePackages\<MORE_PATH>\<MY_FILE>.zip /login:<USER>,<PASSWORD> /version:L2.60.1.87
UPDATE:
Further testing reveals that the different behavior can be attributed to which user is running the puppet process on the agent machine.
I was able to determine this by two checking two things:
Why is puppet runonce using the wrong user? That is now the real question.
Update 2
I learned that runonce is executed by the Marionette Collective Service (pe-mcollective) which runs under a different account than the regular puppet agent service. This is a "feature". I changed the account that runs this service and all works as expected now.
"runonce" executes on the agent under the Marionette Collective Service (pe-mcollective). This is a separate service from the one that executes scheduled catalogs.
To fix the problem, I changed the user account associated with that service and bounced the service.