Issue #10914 has been updated by Josh Cooper.
Status changed from Unreviewed to Investigating
Hi Peter,
Thanks for filing this detailed report. I'm not able to reproduce the error,
but I did confirm that `obj.group` is always nil when saving the CA public key
(ca_pub.pem). The reason is because the `Puppet::SSL::Key::File` terminus uses
the owner and group values from the :publickeydir setting when writing the
public key.
<pre>
Puppet.settings.writesub(:publickeydir, public_key_path(request.key)) { |f|
f.print request.instance.content.public_key.to_pem }
</pre>
And `:publickeydir` only defines an owner:
<pre>
:publickeydir => {
:default => "$ssldir/public_keys",
:owner => "service",
:desc => "The public key directory."
},
</pre>
But I think the bug here is that the terminus should be using the `:capub`
setting as the `defaults` parameter in the call to `Puppet.settings.writesub`
<pre>
Puppet.settings.writesub(:capub, public_key_path(...))
</pre>
Where `:capub` has both owner and group and not to mention is the setting that
matches the file we're trying to write:
<pre>
:capub => { :default => "$cadir/ca_pub.pem",
:owner => "service",
:group => "service",
:desc => "The CA public key."
},
</pre>
Can you please see if that resolves your issue, and if so, submit a pull
request?
As for why the lack of group causes the error, I'm not sure. It might be
related to your selinux policy or the file mode defaulting to 0640 (since we're
using the mode from the `:publickeydir` setting)
----------------------------------------
Bug #10914: Fail to generate a fresh CA with 2.6.12 (if ssldir not in std.
location)
https://projects.puppetlabs.com/issues/10914
Author: Peter Meier
Status: Investigating
Priority: Normal
Assignee:
Category: SSL
Target version:
Affected Puppet version: 2.6.12
Keywords:
Branch:
Had some problems while installing a fresh puppetmaster with 2.6.12. It failed
to properly generate its CA.
The master got the following config:
<pre>
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
autoflush=true
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Whether plugins should be synced with the central server.
pluginsync = true
[master]
# Puppet Master /var
vardir = /some_path/data/puppet/var
confdir = /some_path/data/puppet/etc
# Puppet Master
certname = dpuppet.example.com
# fix alt dns names bug. Requires puppetmaster >= 2.6.12
dns_alt_names = dpuppet
# Where SSL certificates are for the puppet master kept.
ssldir = /some_path/data/puppet/ssl
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /some_path/log/puppet
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
# Puppet Master code directory
manifests = /some_path/data/puppet/environments/$environment/manifests
modulepath = /some_path/data/puppet/environments/$environment/modules
# Report location
reports = http, store
reporturl = http://puppet-report/reports/upload
# use external nodes
node_terminus = exec
external_nodes = /usr/share/puppet-dashboard/bin/external_node
</pre>
A first run resulted in the following problem:
<pre>
# puppet master --no-daemonize --verbose --config
/some_path/data/puppet/etc/puppet.conf --debug --trace
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows
is missing
debug: /File[/some_path/data/puppet/ssl]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/selrange: Found selrange default 's0'
for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/var/reports]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/rrd]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/log/puppet/puppetmaster.log]/seluser: Found seluser
default 'system_u' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/selrole: Found selrole
default 'object_r' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/seltype: Found seltype
default 'default_t' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/selrange: Found selrange
default 's0' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet]/seluser: Found seluser default 'system_u'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/selrole: Found selrole default 'object_r'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/seltype: Found seltype default 'default_t'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/selrange: Found selrange default 's0' for
/some_path/log/puppet
debug: /File[/some_path/data/puppet/var/lib]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/seluser: Found
seluser default 'system_u' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/selrole: Found
selrole default 'object_r' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/seltype: Found
seltype default 'default_t' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/selrange: Found
selrange default 's0' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for
/var/run/puppet
debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for
/var/run/puppet
debug: /File[/var/run/puppet]/seltype: Found seltype default 'var_run_t' for
/var/run/puppet
debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for
/var/run/puppet
debug: /File[/some_path/log/puppet/masterhttp.log]/seluser: Found seluser
default 'system_u' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/selrole: Found selrole
default 'object_r' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/seltype: Found seltype
default 'default_t' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/selrange: Found selrange
default 's0' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/data/puppet/ssl/public_keys]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/etc]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/selrange: Found selrange default 's0'
for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/ssl/private]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/etc/auth.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/var/facts]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/etc/puppet.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/var/server_data]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/ssl/private_keys]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/certs]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/selrange: Found selrange default
's0' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/var]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/selrange: Found selrange default 's0'
for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/etc/manifests]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/var/yaml]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/state]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/bucket]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/etc/puppet.conf]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/log/puppet/masterhttp.log]: Autorequiring
File[/some_path/log/puppet]
debug: /File[/some_path/data/puppet/etc/auth.conf]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/data/puppet/var/facts]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/reports]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/log/puppet/puppetmaster.log]: Autorequiring
File[/some_path/log/puppet]
debug: /File[/some_path/data/puppet/ssl/certificate_requests]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/ssl/public_keys]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/rrd]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/ssl/certs]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/state]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/yaml]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/bucket]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/lib]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/ssl/private]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/server_data]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/etc/manifests]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/data/puppet/ssl/private_keys]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/ssl]/ensure: created
debug: /File[/some_path/data/puppet/ssl/private_keys]/ensure: created
debug: /File[/some_path/data/puppet/ssl/private]/ensure: created
debug: /File[/some_path/data/puppet/ssl/certs]/ensure: created
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/ensure: created
debug: /File[/some_path/data/puppet/ssl/public_keys]/ensure: created
debug: Finishing transaction 23935720502620
debug: /File[/some_path/data/puppet/ssl/ca/requests]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/private]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/selrange: Found selrange default
's0' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/etc/autosign.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/ssl/ca/signed]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/requests]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca/signed]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca/private]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/private]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/signed]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/requests]/ensure: created
debug: Finishing transaction 23935721564120
info: Creating a new SSL key for ca
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/key/file.rb:39:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:264:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:68:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:129:in `generate_key'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:171:in `certificate'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:242:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:166:in
`initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in
`init_singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
/usr/lib/ruby/1.8/monitor.rb:238:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:62:in `instance'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:148:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute'
/usr/bin/puppet:4
Could not prepare for execution: Could not write ca: Permission denied -
/some_path/data/puppet/ssl/ca/ca_pub.pem
</pre>
Also subsequent runs did not succeed in generating the CA.
Note: Parts of the CA were generated and the puppet user really has access
rights in th ca directory, as puppet itself generated the directory. So the
error is/was quite misleading.
I tracked it down that the group with which puppet tried to generate the file,
was `nil` and the following patch helped:
<pre>
# diff -Naur util/settings.rb.old util/settings.rb
--- util/settings.rb.old 2011-11-17 16:13:15.000000000 +0100
+++ util/settings.rb 2011-11-17 16:08:56.000000000 +0100
@@ -720,7 +720,7 @@
obj = get_config_file_default(default)
chown = nil
if Puppet.features.root?
- chown = [obj.owner, obj.group]
+ chown = [obj.owner, obj.group||'puppet']
else
chown = [nil, nil]
end
</pre>
I'm not exactly sure whether this is the proper fix, nor if I have done anything
The only issue I can see is that the CA is not at the std. location. However,
as I didn't try to do it with the normal location, I can't tell you if this is
really the problem. Maybe we have a general problem in generating a fresh CA
with 2.6.12.
I remember being able to bootstrap a fresh CA on a CentOS 5.7 with 2.6.11 and
ruby 1.8.7. But this is a RHEL 5.7 with ruby 1.8.5.
If you need any further information, please let me know.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
