Issue #9862 has been updated by Alex Harvey.
I've run into this issue after upgrading to puppet 3.0.1 on Solaris and spent
the morning trying to figure out why this is happening.
In lib/puppet/defaults.rb we've got -
<pre>
define_settings(:master,
:user => {
:default => "puppet",
:desc => "The user puppet master should run as.",
},
:group => {
:default => "puppet",
:desc => "The group puppet master should run as.",
},
</pre>
This is where the code's picking up the missing group 'puppet' from. To prove
this we can change this default group setting to 'foo' and puppet will fail to
find group 'foo' instead -
<pre>
# puppet agent -t
Error: /File[/var/log/puppet]: Could not evaluate: Could not find group foo
Error: Could not prepare for execution: Got 1 failure(s) while initializing:
Could not evaluate: Could not find group foo
</pre>
Or we can comment the default group out altogether and puppet runs without a
problem.
Meanwhile, puppet doesn't care what I set the default user to. It's evidently
figuring out that the process is running as root and that's all that matters.
Next I see in lib/puppet/defaults.rb we have -
<pre>
:mkusers => {
:default => false,
:type => :boolean,
:desc => "Whether to create the necessary user and group that
puppet agent will run as.",
},
</pre>
If I change this setting to 'true' then puppet also runs fine and happily
creates both the puppet user and group for me.
Thus I'm led to this piece of code in lib/puppet/settings/file_setting.rb that
looks suspicious to me -
<pre>
def group=(value)
unless AllowedGroups.include?(value)
identifying_fields = [desc,name,default].compact.join(': ')
raise SettingError, "Internal error: The :group setting for
#{identifying_fields} must be 'service', not '#{value}'"
end
@group = value
end
def group
return unless @group
@settings[:group]
end
def owner=(value)
unless AllowedOwners.include?(value)
identifying_fields = [desc,name,default].compact.join(': ')
raise SettingError, "Internal error: The :owner setting for
#{identifying_fields} must be either 'root' or 'service', not '#{value}'"
end
@owner = value
end
def owner
return unless @owner
return "root" if @owner == "root" or ! use_service_user?
@settings[:user]
end
def use_service_user?
@settings[:mkusers] or @settings.service_user_available?
end
</pre>
My gut feeling is that a hack has been implemented for the user root but not
the group root.
I apply the following patch -
<pre>
# diff -u
/usr/local/lib/ruby/gems/1.8/gems/puppet-3.0.1/lib/puppet/settings/file_setting.rb.orig
/usr/local/lib/ruby/gems/1.8/gems/puppet-3.0.1/lib/puppet/settings/file_setting.rb
---
/usr/local/lib/ruby/gems/1.8/gems/puppet-3.0.1/lib/puppet/settings/file_setting.rb.orig
Tue Dec 18 12:03:24 2012
+++
/usr/local/lib/ruby/gems/1.8/gems/puppet-3.0.1/lib/puppet/settings/file_setting.rb
Tue Dec 18 11:47:29 2012
@@ -24,6 +24,7 @@
def group
return unless @group
+ return "root" if ! use_service_user? # alex
@settings[:group]
end
</pre>
And this fixes it - although not the ideal solution I suppose.
The method use_service_user? calls service_user_available? from
lib/puppet/settings.rb -
<pre>
def service_user_available?
return @service_user_available if defined?(@service_user_available)
return @service_user_available = false unless user_name = self[:user]
user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
@service_user_available = user.exists?
end
</pre>
So it looks like some of the corresponding methods for the service group just
weren't implemented.
I am still new to ruby and I don't fully understand what the method
service_user_available? is doing. If someone can explain that to me I can
probably submit a patch.
----------------------------------------
Bug #9862: puppet cannot run without puppet group on the system
https://projects.puppetlabs.com/issues/9862#change-79107
Author: Jeff McCune
Status: Accepted
Priority: High
Assignee: Andrew Parker
Category: settings
Target version: 3.1.0
Affected Puppet version: 2.7.0
Keywords: settings
Branch:
# Overview #
Working with Puppet 2.7.5 I notice that `puppet apply` fails to work properly
if the user puppet is not present on the system. In previous versions of
Puppet, `puppet apply` does not require the user puppet to be present.
This is a problem because puppet apply may be responsible for managing the user
puppet itself. This presents a chicken and an egg problem if puppet apply is
not able to properly manage the resources puppet itself needs.
# Steps to reproduce #
With 2.7.5:
<pre>
root@pe-centos6:~# puppet apply --modulepath /vagrant/modules
/vagrant/manifests/vmsetup.pp --noop
notice: Finished catalog run in 0.74 seconds
err: /File[/var/lib/puppet/rrd]: Could not evaluate: Could not find group puppet
err: Could not send report: Got 1 failure(s) while initializing: Could not
evaluate: Could not find group puppet
root@pe-centos6:~# puppet --version
2.7.5
root@pe-centos6:~# facter --version
1.6.1
</pre>
# Expected Behavior #
With 2.6.10 it works as expected:
<pre>
root@pe-centos6:~# puppet --version
2.6.10
root@pe-centos6:~# facter --version
1.6.1
root@pe-centos6:~# puppet apply --modulepath /vagrant/modules
/vagrant/manifests/vmsetup.pp --noop
notice: Finished catalog run in 0.67 seconds
root@pe-centos6:~#
</pre>
# Additional Information #
This bug appears to have been introduced in 2.7.0:
<pre>
root@pe-centos6:~# facter --version
1.6.1
root@pe-centos6:~# puppet --version
2.7.0
root@pe-centos6:~# puppet apply --modulepath /vagrant/modules
/vagrant/manifests/vmsetup.pp --noop
notice: Finished catalog run in 0.75 seconds
err: /File[/var/lib/puppet/rrd]: Could not evaluate: Could not find group puppet
err: Could not send report: Got 1 failure(s) while initializing: Could not
evaluate: Could not find group puppet
</pre>
Also, I should note this problem exists in the default case. I have no
customizations to puppet.conf at all:
<pre>
root@pe-centos6:~# cat /etc/puppet/puppet.conf
cat: /etc/puppet/puppet.conf: No such file or directory
</pre>
# Trace #
Here is the trace when running against 2.7.x (2.7.5-91-g2958b05)
<pre>
notice: Finished catalog run in 1.04 seconds
/root/src/puppet/lib/puppet/type/file/group.rb:18:in `insync?'
/root/src/puppet/lib/puppet/type/file/group.rb:17:in `map!'
/root/src/puppet/lib/puppet/type/file/group.rb:17:in `insync?'
/root/src/puppet/lib/puppet/property.rb:162:in `safe_insync?'
/root/src/puppet/lib/puppet/transaction/resource_harness.rb:61:in
`perform_changes'
/root/src/puppet/lib/puppet/transaction/resource_harness.rb:60:in `each'
/root/src/puppet/lib/puppet/transaction/resource_harness.rb:60:in
`perform_changes'
/root/src/puppet/lib/puppet/transaction/resource_harness.rb:133:in `evaluate'
/root/src/puppet/lib/puppet/transaction.rb:49:in `apply'
/root/src/puppet/lib/puppet/transaction.rb:84:in `eval_resource'
/root/src/puppet/lib/puppet/transaction.rb:103:in `evaluate'
/root/src/puppet/lib/puppet/util.rb:459:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
/root/src/puppet/lib/puppet/util.rb:458:in `thinmark'
/root/src/puppet/lib/puppet/transaction.rb:103:in `evaluate'
/root/src/puppet/lib/puppet/transaction.rb:311:in `traverse'
/root/src/puppet/lib/puppet/transaction.rb:99:in `evaluate'
/root/src/puppet/lib/puppet/resource/catalog.rb:141:in `apply'
/root/src/puppet/lib/puppet/util/settings.rb:629:in `use'
/usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
/root/src/puppet/lib/puppet/util/settings.rb:612:in `use'
/root/src/puppet/lib/puppet/indirector/report/processor.rb:10:in `initialize'
/root/src/puppet/lib/puppet/indirector/indirection.rb:315:in `new'
/root/src/puppet/lib/puppet/indirector/indirection.rb:315:in `make_terminus'
/root/src/puppet/lib/puppet/indirector/indirection.rb:124:in `terminus'
/root/src/puppet/lib/puppet/indirector/indirection.rb:303:in `prepare'
/root/src/puppet/lib/puppet/indirector/indirection.rb:263:in `save'
/root/src/puppet/lib/puppet/configurer.rb:174:in `send_report'
/root/src/puppet/lib/puppet/configurer.rb:168:in `run'
/root/src/puppet/lib/puppet/application/apply.rb:215:in `main'
/root/src/puppet/lib/puppet/application/apply.rb:135:in `run_command'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/application.rb:410:in `hook'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/application.rb:401:in `exit_on_fail'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/util/command_line.rb:69:in `execute'
/root/src/puppet/bin/puppet:4
err: /File[/var/lib/puppet/rrd]: Could not evaluate: Could not find group puppet
/root/src/puppet/lib/puppet/util/settings.rb:633:in `use'
/root/src/puppet/lib/puppet/resource/catalog.rb:157:in `apply'
/root/src/puppet/lib/puppet/util/settings.rb:629:in `use'
/usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
/root/src/puppet/lib/puppet/util/settings.rb:612:in `use'
/root/src/puppet/lib/puppet/indirector/report/processor.rb:10:in `initialize'
/root/src/puppet/lib/puppet/indirector/indirection.rb:315:in `new'
/root/src/puppet/lib/puppet/indirector/indirection.rb:315:in `make_terminus'
/root/src/puppet/lib/puppet/indirector/indirection.rb:124:in `terminus'
/root/src/puppet/lib/puppet/indirector/indirection.rb:303:in `prepare'
/root/src/puppet/lib/puppet/indirector/indirection.rb:263:in `save'
/root/src/puppet/lib/puppet/configurer.rb:174:in `send_report'
/root/src/puppet/lib/puppet/configurer.rb:168:in `run'
/root/src/puppet/lib/puppet/application/apply.rb:215:in `main'
/root/src/puppet/lib/puppet/application/apply.rb:135:in `run_command'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/application.rb:410:in `hook'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/application.rb:401:in `exit_on_fail'
/root/src/puppet/lib/puppet/application.rb:306:in `run'
/root/src/puppet/lib/puppet/util/command_line.rb:69:in `execute'
/root/src/puppet/bin/puppet:4
err: Could not send report: Got 1 failure(s) while initializing: Could not
evaluate: Could not find group puppet
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
