Issue #7070 has been updated by Jeff McCune.
I think the expected behavior is that either the error message should be improved or Puppet should switch the behavior of using the default confdir when starting as root. The note about process managers is that if the process manager performs the switch to the target UID rather than letting Puppet do it, the behavior is different. In these situations the process manager often doesn't set the HOME environment variable. ---------------------------------------- Bug #7070: Rack muppet master fails to start with Permission denied if $HOME is not writable https://projects.puppetlabs.com/issues/7070 Author: Jeff McCune Status: Needs More Information Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.6.7 Keywords: permission, denied, rack, home, confdir, unicorn, god, passenger Branch: # Overview # Running Puppet 2.6.7 in Unicorn Rack the HOME environment variable is not set to /var/lib/puppet, which is the home directory of the puppet user. The process manager being used, god, sheds root and switches to puppet:puppet. # Expected Behavior # Puppet master should work well with process managers that do not set and export the HOME environment variable like shells do. # Work Around # Either export HOME=/var/lib/puppet from within the process manager or configure rack config.ru to specific a confdir with: ARGV << "--confdir" << "/etc/puppet" # Steps to reproduce # Switch to the puppet user sudo -H -u puppet -s Reset the HOME variable like process managers such as God do: export HOME=/ Start Puppet Master as a rack application in unicorn. (/usr/bin/unicorn -c /ebs/puppet/unicorn.conf) # unicorn.conf worker_processes 8 working_directory "/XXX/puppet" listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512 #listen 8140, :tcp_nopush => true timeout 120 pid "/var/run/puppet/puppetmaster_unicorn.pid" # if RACKUP[:daemonized] stderr_path "/var/log/unicorn/puppetmaster.log" stdout_path "/var/log/unicorn/puppetmaster.log" end # preload_app true if GC.respond_to?(:copy_on_write_friendly=) GC.copy_on_write_friendly = true end # before_fork do |server, worker| old_pid = "#{server.config[:pid]}.oldbin" if File.exists?(old_pid) && server.pid != old_pid begin Process.kill("QUIT", File.read(old_pid).to_i) rescue Errno::ENOENT, Errno::ESRCH # someone else did our job for us end end end Using the following config.ru $0 = "master" require 'puppet' puts "JJM: DEBUG Starting 2.6 area... HOME: #{ENV['HOME']}" ARGV << "--rack" << "--debug" << "--trace" require 'puppet/application/master' run Puppet::Application[:master].run When god starts unicorn, the rack application fails to start with the following error: I, [2011-04-12T13:54:10.984465 #15077] INFO -- : unlinking existing socket=/var/run/puppet/puppetmaster_unicorn.sock I, [2011-04-12T13:54:10.984829 #15077] INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=3 I, [2011-04-12T13:54:10.985302 #15077] INFO -- : Refreshing Gem list JJM: Starting 2.6 area... /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in `apply_parameter' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in `perform_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in `eval_children_and_apply_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `mkdir' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:66:in `set_directory' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:81:in `call_valuemethod' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:256:in `set' /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:310:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/type/file/ensure.rb:158:in `sync' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:114:in `apply_parameter' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:56:in `perform_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in `eval_children_and_apply_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:636:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:157:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:632:in `use' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:615:in `use' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:139:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:303:in `run' config.ru:83 /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `instance_eval' /usr/lib64/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/builder.rb:46:in `initialize' config.ru:1:in `new' config.ru:1 Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Permission denied - /.puppet master failed to start, check stderr log for details EOF -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
