Issue #7070 has been updated by Jacob Helwig. Status changed from Accepted to Needs More Information
This really strikes me as a bug in the particular configuration you're using for the exact reasons you stated (you're not using `--confdir`, and `$HOME` is inappropriate). I'm also a little confused by the expected behavior of "Puppet master should work well with process managers that do not set and export the HOME environment variable like shells do.". What would you expect to happen in this scenario? What confdir should Puppet try to use? ---------------------------------------- Bug #7070: Rack muppet master fails to start with Permission denied if $HOME is not writable https://projects.puppetlabs.com/issues/7070 Author: Jeff McCune Status: Needs More Information Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.6.7 Keywords: permission, denied, rack, home, confdir, unicorn, god, passenger Branch: # Overview # Running Puppet 2.6.7 in Unicorn Rack the HOME environment variable is not set to /var/lib/puppet, which is the home directory of the puppet user. The process manager being used, god, sheds root and switches to puppet:puppet. # Expected Behavior # Puppet master should work well with process managers that do not set and export the HOME environment variable like shells do. # Work Around # Either export HOME=/var/lib/puppet from within the process manager or configure rack config.ru to specific a confdir with: ARGV << "--confdir" << "/etc/puppet" # Steps to reproduce # Switch to the puppet user sudo -H -u puppet -s Reset the HOME variable like process managers such as God do: export HOME=/ Start Puppet Master as a rack application in unicorn. (/usr/bin/unicorn -c /ebs/puppet/unicorn.conf) # unicorn.conf worker_processes 8 working_directory "/XXX/puppet" listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512 #listen 8140, :tcp_nopush => true timeout 120 pid "/var/run/puppet/puppetmaster_unicorn.pid" # if RACKUP[:daemonized] stderr_path "/var/log/unicorn/puppetmaster.log" stdout_path "/var/log/unicorn/puppetmaster.log" end # preload_app true if GC.respond_to?(:copy_on_write_friendly=) GC.copy_on_write_friendly = true end # before_fork do |server, worker| old_pid = "#{server.config[:pid]}.oldbin" if File.exists?(old_pid) && server.pid != old_pid begin Process.kill("QUIT", File.read(old_pid).to_i) rescue Errno::ENOENT, Errno::ESRCH # someone else did our job for us end end end Using the following config.ru $0 = "master" require 'puppet' puts "JJM: DEBUG Starting 2.6 area... HOME: #{ENV['HOME']}" ARGV << "--rack" << "--debug" << "--trace" require 'puppet/application/master' run Puppet::Application[:master].run When god starts unicorn, the rack application fails to start with the following error: I, [2011-04-12T13:54:10.984465 #15077] INFO -- : unlinking existing socket=/var/run/puppet/puppetmaster_unicorn.sock I, [2011-04-12T13:54:10.984829 #15077] INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=3 I, [2011-04-12T13:54:10.985302 #15077] INFO -- : Refreshing Gem list JJM: Starting 2.6 area... /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in `apply_parameter' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in `perform_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in `eval_children_and_apply_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in `apply_parameter' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in `perform_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in `eval_children_and_apply_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:636:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:157:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Permission denied - /.puppet master failed to start, check stderr log for details EOF -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
