Issue #20967 has been reported by Andrew Parker.
----------------------------------------
Bug #20967: Puppet does not correctly manage its rundir
https://projects.puppetlabs.com/issues/20967
* Author: Andrew Parker
* Status: Accepted
* Priority: Normal
* Assignee: Andrew Parker
* Category:
* Target version: 3.3.0
* Affected Puppet version:
* Keywords:
* Branch:
----------------------------------------
The `rundir` is the location that puppet keeps its pid files when running
daemonized. Both the agent and the master will use this location. For a very
long time, Redhat has been carrying a patch that updates the default mode for
`rundir` from `01777` to `0755`. At the same time, puppet is not managing the
owner of the `rundir`. This means that the following interaction ends in an
error when running with the redhat patch:
<pre>
[root@localhost ~]# ls -l /var/lib/puppet
ls: cannot access /var/lib/puppet: No such file or directory
[root@localhost ~]# puppet master
could not change to group "puppet"
Could not change to user puppet: Invalid user: puppet
[root@localhost ~]# ls -l /var/lib/puppet
total 36
drwxr-x--- 2 root root 4096 May 30 00:28 bucket
drwxr-xr-x 2 root root 4096 May 30 00:28 lib
drwxr-x--- 2 root root 4096 May 30 00:28 log
drwxr-x--- 2 root root 4096 May 30 00:28 reports
drwxr-x--- 2 root root 4096 May 30 00:28 rrd
drwxr-xr-x 2 root root 4096 May 30 00:28 run
drwxr-x--- 2 root root 4096 May 30 00:28 server_data
drwxr-xr-t 2 root root 4096 May 30 00:28 state
drwxr-x--- 2 root root 4096 May 30 00:28 yaml
[root@localhost ~]# puppet master --mkusers
[root@localhost ~]# ls -l /var/lib/puppet
total 36
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 bucket
drwxr-xr-x 2 root root 4096 May 30 00:28 lib
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 log
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 reports
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 rrd
drwxr-xr-x 2 root root 4096 May 30 00:28 run
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 server_data
drwxr-xr-t 2 root root 4096 May 30 00:28 state
drwxr-x--- 2 puppet puppet 4096 May 30 00:28 yaml
[root@localhost ~]# ls -l /var/lib/puppet/run/
total 0
[root@localhost ~]# tail /var/log/messages
May 30 00:25:53 localhost puppet-master[6385]: (/Group[puppet]/ensure) created
May 30 00:25:53 localhost puppet-master[6385]: (/User[puppet]/ensure) created
May 30 00:25:53 localhost puppet-master[6399]: Starting Puppet master version
3.2.1
May 30 00:25:53 localhost puppet-master[6399]: Reopening log files
May 30 00:25:53 localhost puppet-master[6399]: Reopening log files
May 30 00:26:42 localhost puppet-master[6399]: Caught TERM; calling stop
May 30 00:28:00 localhost puppet-master[6522]: could not change to group
"puppet": Invalid group: puppet
May 30 00:28:13 localhost puppet-master[6528]: (/Group[puppet]/ensure) created
May 30 00:28:13 localhost puppet-master[6528]: (/User[puppet]/ensure) created
May 30 00:28:13 localhost puppet-master[6542]: Could not run: Permission denied
- /var/lib/puppet/run/master.pid
[root@localhost ~]#
</pre>
The patch is:
<pre>
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 24552b6..ec58d1a 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -77,7 +77,7 @@ module Puppet
:rundir => {
:default => nil,
:type => :directory,
- :mode => 01777,
+ :mode => 0755,
:desc => "Where Puppet PID files are kept."
},
:genconfig => {
</pre>
This happens when working from a source install (simply using install.rb in the
puppet codebase). The problem is that initially the user/group did not exist
and the `rundir` was created with root as the owner. With the new permissions,
once the master daemonizes and drops its privileges it can no longer write to
the `rundir` for its pidfile.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
