Issue #10914 has been updated by Dan Lowe.
Josh Cooper's patch appears to fix the described problem, but then things fail
further down the line (in certs/ instead of ca/).
# puppet master --verbose --no-daemonize
info: Creating a new SSL key for ca
info: Creating a new SSL certificate request for ca
info: Certificate Request fingerprint (md5):
96:60:5A:FF:44:B2:EC:93:62:38:68:CF:04:CA:FE:3A
notice: Signed certificate request for ca
notice: Rebuilding inventory file
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:733:in
`initialize': Permission denied - /etc/puppet/ssl/certs/ca.pem (Errno::EACCES)
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:733:in `open'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:733:in
`writesub'
from /usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util.rb:149:in
`withumask'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:732:in
`writesub'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:65:in
`asuser'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:725:in
`writesub'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:711:in
`write'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:160:in
`write'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:102:in
`save'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:268:in
`save'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:288:in
`sign'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:156:in
`generate_ca_certificate'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:245:in
`setup'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:169:in
`initialize'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:41:in
`new'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:41:in
`singleton_instance'
from /usr/local/pkg/ruby/lib/ruby/1.8/monitor.rb:242:in `synchronize'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:40:in
`singleton_instance'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:64:in
`instance'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application/master.rb:238:in
`setup'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `hook'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application.rb:401:in
`exit_on_fail'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from
/usr/local/pkg/ruby/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:69:in
`execute'
from /usr/local/bin/puppet:4
Still hunting through the code to figure out exactly what might be wrong. No
luck yet.
----------------------------------------
Bug #10914: Fail to generate a fresh CA with 2.6.12 (if ssldir not in std.
location)
https://projects.puppetlabs.com/issues/10914
Author: Peter Meier
Status: Investigating
Priority: Normal
Assignee:
Category: SSL
Target version:
Affected Puppet version: 2.6.12
Keywords:
Branch:
Had some problems while installing a fresh puppetmaster with 2.6.12. It failed
to properly generate its CA.
The master got the following config:
<pre>
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
autoflush=true
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Whether plugins should be synced with the central server.
pluginsync = true
[master]
# Puppet Master /var
vardir = /some_path/data/puppet/var
confdir = /some_path/data/puppet/etc
# Puppet Master
certname = dpuppet.example.com
# fix alt dns names bug. Requires puppetmaster >= 2.6.12
dns_alt_names = dpuppet
# Where SSL certificates are for the puppet master kept.
ssldir = /some_path/data/puppet/ssl
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /some_path/log/puppet
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
# Puppet Master code directory
manifests = /some_path/data/puppet/environments/$environment/manifests
modulepath = /some_path/data/puppet/environments/$environment/modules
# Report location
reports = http, store
reporturl = http://puppet-report/reports/upload
# use external nodes
node_terminus = exec
external_nodes = /usr/share/puppet-dashboard/bin/external_node
</pre>
A first run resulted in the following problem:
<pre>
# puppet master --no-daemonize --verbose --config
/some_path/data/puppet/etc/puppet.conf --debug --trace
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows
is missing
debug: /File[/some_path/data/puppet/ssl]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/ssl]/selrange: Found selrange default 's0'
for /some_path/data/puppet/ssl
debug: /File[/some_path/data/puppet/var/reports]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/reports]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/reports
debug: /File[/some_path/data/puppet/var/rrd]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/data/puppet/var/rrd]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/rrd
debug: /File[/some_path/log/puppet/puppetmaster.log]/seluser: Found seluser
default 'system_u' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/selrole: Found selrole
default 'object_r' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/seltype: Found seltype
default 'default_t' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet/puppetmaster.log]/selrange: Found selrange
default 's0' for /some_path/log/puppet/puppetmaster.log
debug: /File[/some_path/log/puppet]/seluser: Found seluser default 'system_u'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/selrole: Found selrole default 'object_r'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/seltype: Found seltype default 'default_t'
for /some_path/log/puppet
debug: /File[/some_path/log/puppet]/selrange: Found selrange default 's0' for
/some_path/log/puppet
debug: /File[/some_path/data/puppet/var/lib]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/var/lib]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/lib
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/seluser: Found
seluser default 'system_u' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/selrole: Found
selrole default 'object_r' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/seltype: Found
seltype default 'default_t' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/selrange: Found
selrange default 's0' for /some_path/data/puppet/ssl/certificate_requests
debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for
/var/run/puppet
debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for
/var/run/puppet
debug: /File[/var/run/puppet]/seltype: Found seltype default 'var_run_t' for
/var/run/puppet
debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for
/var/run/puppet
debug: /File[/some_path/log/puppet/masterhttp.log]/seluser: Found seluser
default 'system_u' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/selrole: Found selrole
default 'object_r' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/seltype: Found seltype
default 'default_t' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/log/puppet/masterhttp.log]/selrange: Found selrange
default 's0' for /some_path/log/puppet/masterhttp.log
debug: /File[/some_path/data/puppet/ssl/public_keys]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/ssl/public_keys]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/public_keys
debug: /File[/some_path/data/puppet/etc]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/etc]/selrange: Found selrange default 's0'
for /some_path/data/puppet/etc
debug: /File[/some_path/data/puppet/ssl/private]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/ssl/private]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/private
debug: /File[/some_path/data/puppet/etc/auth.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/etc/auth.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/auth.conf
debug: /File[/some_path/data/puppet/var/facts]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/var/facts]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/facts
debug: /File[/some_path/data/puppet/etc/puppet.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/etc/puppet.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/puppet.conf
debug: /File[/some_path/data/puppet/var/server_data]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/var/server_data]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/server_data
debug: /File[/some_path/data/puppet/ssl/private_keys]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/private_keys]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/private_keys
debug: /File[/some_path/data/puppet/ssl/certs]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/ssl/certs]/selrange: Found selrange default
's0' for /some_path/data/puppet/ssl/certs
debug: /File[/some_path/data/puppet/var]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/var]/selrange: Found selrange default 's0'
for /some_path/data/puppet/var
debug: /File[/some_path/data/puppet/etc/manifests]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/etc/manifests]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/manifests
debug: /File[/some_path/data/puppet/var/yaml]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/yaml]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/yaml
debug: /File[/some_path/data/puppet/var/state]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/state]/selrange: Found selrange default
's0' for /some_path/data/puppet/var/state
debug: /File[/some_path/data/puppet/var/bucket]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/var/bucket]/selrange: Found selrange
default 's0' for /some_path/data/puppet/var/bucket
debug: /File[/some_path/data/puppet/etc/puppet.conf]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/log/puppet/masterhttp.log]: Autorequiring
File[/some_path/log/puppet]
debug: /File[/some_path/data/puppet/etc/auth.conf]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/data/puppet/var/facts]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/reports]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/log/puppet/puppetmaster.log]: Autorequiring
File[/some_path/log/puppet]
debug: /File[/some_path/data/puppet/ssl/certificate_requests]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/ssl/public_keys]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/rrd]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/ssl/certs]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/state]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/yaml]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/bucket]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/var/lib]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/ssl/private]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/var/server_data]: Autorequiring
File[/some_path/data/puppet/var]
debug: /File[/some_path/data/puppet/etc/manifests]: Autorequiring
File[/some_path/data/puppet/etc]
debug: /File[/some_path/data/puppet/ssl/private_keys]: Autorequiring
File[/some_path/data/puppet/ssl]
debug: /File[/some_path/data/puppet/ssl]/ensure: created
debug: /File[/some_path/data/puppet/ssl/private_keys]/ensure: created
debug: /File[/some_path/data/puppet/ssl/private]/ensure: created
debug: /File[/some_path/data/puppet/ssl/certs]/ensure: created
debug: /File[/some_path/data/puppet/ssl/certificate_requests]/ensure: created
debug: /File[/some_path/data/puppet/ssl/public_keys]/ensure: created
debug: Finishing transaction 23935720502620
debug: /File[/some_path/data/puppet/ssl/ca/requests]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/requests]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/requests
debug: /File[/some_path/data/puppet/ssl/ca/private]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca/private]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/private
debug: /File[/some_path/data/puppet/ssl/ca]/seluser: Found seluser default
'system_u' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/selrole: Found selrole default
'object_r' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/seltype: Found seltype default
'default_t' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/ssl/ca]/selrange: Found selrange default
's0' for /some_path/data/puppet/ssl/ca
debug: /File[/some_path/data/puppet/etc/autosign.conf]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/etc/autosign.conf]/selrange: Found selrange
default 's0' for /some_path/data/puppet/etc/autosign.conf
debug: /File[/some_path/data/puppet/ssl/ca/signed]/seluser: Found seluser
default 'system_u' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/selrole: Found selrole
default 'object_r' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/seltype: Found seltype
default 'default_t' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/signed]/selrange: Found selrange
default 's0' for /some_path/data/puppet/ssl/ca/signed
debug: /File[/some_path/data/puppet/ssl/ca/requests]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca/signed]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca/private]: Autorequiring
File[/some_path/data/puppet/ssl/ca]
debug: /File[/some_path/data/puppet/ssl/ca]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/private]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/signed]/ensure: created
debug: /File[/some_path/data/puppet/ssl/ca/requests]/ensure: created
debug: Finishing transaction 23935721564120
info: Creating a new SSL key for ca
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/key/file.rb:39:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:264:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:68:in `save'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:129:in `generate_key'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:171:in `certificate'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:242:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:166:in
`initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in
`init_singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
/usr/lib/ruby/1.8/monitor.rb:238:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:62:in `instance'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:148:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute'
/usr/bin/puppet:4
Could not prepare for execution: Could not write ca: Permission denied -
/some_path/data/puppet/ssl/ca/ca_pub.pem
</pre>
Also subsequent runs did not succeed in generating the CA.
Note: Parts of the CA were generated and the puppet user really has access
rights in th ca directory, as puppet itself generated the directory. So the
error is/was quite misleading.
I tracked it down that the group with which puppet tried to generate the file,
was `nil` and the following patch helped:
<pre>
# diff -Naur util/settings.rb.old util/settings.rb
--- util/settings.rb.old 2011-11-17 16:13:15.000000000 +0100
+++ util/settings.rb 2011-11-17 16:08:56.000000000 +0100
@@ -720,7 +720,7 @@
obj = get_config_file_default(default)
chown = nil
if Puppet.features.root?
- chown = [obj.owner, obj.group]
+ chown = [obj.owner, obj.group||'puppet']
else
chown = [nil, nil]
end
</pre>
I'm not exactly sure whether this is the proper fix, nor if I have done
anything completely wrong.
The only issue I can see is that the CA is not at the std. location. However,
as I didn't try to do it with the normal location, I can't tell you if this is
really the problem. Maybe we have a general problem in generating a fresh CA
with 2.6.12.
I remember being able to bootstrap a fresh CA on a CentOS 5.7 with 2.6.11 and
ruby 1.8.7. But this is a RHEL 5.7 with ruby 1.8.5.
If you need any further information, please let me know.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
