[Puppet - Bug #7070] (Unreviewed) Rack muppet master fails to start with Permission denied if $HOME is not writable

tickets Tue, 12 Apr 2011 11:43:31 -0700

Issue #7070 has been reported by Jeff McCune.

----------------------------------------
Bug #7070: Rack muppet master fails to start with Permission denied if $HOME is 
not writable
https://projects.puppetlabs.com/issues/7070


Author: Jeff McCune
Status: Unreviewed
Priority: Normal
Assignee: 
Category: 
Target version: 
Affected Puppet version: 2.6.7
Keywords: permission, denied, rack, home, confdir, unicorn, god, passenger
Branch: 


# Overview #

Running Puppet 2.6.7 in Unicorn Rack the HOME environment variable is not set 
to /var/lib/puppet, which is the home directory of the puppet user.  The 
process manager being used, god, sheds root and switches to puppet:puppet.

# Expected Behavior #

Puppet master should work well with process managers that do not set and export 
the HOME environment variable like shells do.

# Work Around #

Either export HOME=/var/lib/puppet from within the process manager or configure 
rack config.ru to specific a confdir with:

    ARGV << "--confdir" << "/etc/puppet"

# Steps to reproduce #

1. Switch to the puppet user

    sudo -H -u puppet -s

2. Reset the HOME variable like process managers such as God do:

    export HOME=/

3. Start Puppet Master as a rack application in unicorn. (/usr/bin/unicorn -c 
/ebs/puppet/unicorn.conf)

    # unicorn.conf
    worker_processes 8
    working_directory "/XXX/puppet"
    listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
    #listen 8140, :tcp_nopush => true
    timeout 120
    pid "/var/run/puppet/puppetmaster_unicorn.pid"

    if RACKUP[:daemonized]
      stderr_path "/var/log/unicorn/puppetmaster.log"
      stdout_path "/var/log/unicorn/puppetmaster.log"
    end
    
    preload_app true
    if GC.respond_to?(:copy_on_write_friendly=)
      GC.copy_on_write_friendly = true
    end
    
    before_fork do |server, worker|
      old_pid = "#{server.config[:pid]}.oldbin"
      if File.exists?(old_pid) && server.pid != old_pid
        begin
          Process.kill("QUIT", File.read(old_pid).to_i)
        rescue Errno::ENOENT, Errno::ESRCH
          # someone else did our job for us
        end
      end
    end

Using the following config.ru

    $0 = "master"
    require 'puppet'
    puts "JJM: DEBUG Starting 2.6 area... HOME: #{ENV['HOME']}"
    ARGV << "--rack" << "--debug" << "--trace"
    require 'puppet/application/master'
    run Puppet::Application[:master].run

When god starts unicorn, the rack application fails to start with the following 
error:

    I, [2011-04-12T13:54:10.984465 #15077]  INFO -- : unlinking existing 
socket=/var/run/puppet/puppetmaster_unicorn.sock
    I, [2011-04-12T13:54:10.984829 #15077]  INFO -- : listening on 
addr=/var/run/puppet/puppetmaster_unicorn.sock fd=3
    I, [2011-04-12T13:54:10.985302 #15077]  INFO -- : Refreshing Gem list
    JJM: Starting 2.6 area...
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir'
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync'
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in 
`apply_parameter'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in 
`perform_changes'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in 
`evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in 
`eval_children_and_apply_resource'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark'
    /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
    /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
    /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use'
    /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use'
    /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    config.ru:83
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`instance_eval'
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`initialize'
    config.ru:1:in `new'
    config.ru:1
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir'
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set'
    /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync'
    /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in 
`apply_parameter'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in 
`perform_changes'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in 
`evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in 
`eval_children_and_apply_resource'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark'
    /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
    /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
    /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each'
    /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate'
    /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use'
    /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use'
    /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    config.ru:83
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`instance_eval'
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`initialize'
    config.ru:1:in `new'
    config.ru:1
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:636:in `use'
    /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:157:in `apply'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use'
    /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
    /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use'
    /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
    /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run'
    config.ru:83
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`instance_eval'
    /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in 
`initialize'
    config.ru:1:in `new'
    config.ru:1
    Could not prepare for execution: Got 1 failure(s) while initializing: 
change from absent to directory failed: Could not set 'directory on ensure: 
Permission denied - /.puppet
    master failed to start, check stderr log for details



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

[Puppet - Bug #7070] (Unreviewed) Rack muppet master fails to start with Permission denied if $HOME is not writable

Reply via email to