Issue #20967 has been updated by Adrien Thebo. Status changed from Merged - Pending Release to Code Insufficient Target version changed from 3.3.0 to 3.x
Reverted in https://github.com/puppetlabs/puppet/pull/1697 due to acceptance test failures. ---------------------------------------- Bug #20967: Puppet does not correctly manage its rundir https://projects.puppetlabs.com/issues/20967#change-92642 * Author: Andrew Parker * Status: Code Insufficient * Priority: Normal * Assignee: * Category: usability * Target version: 3.x * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/1682 ---------------------------------------- The `rundir` is the location that puppet keeps its pid files when running daemonized. Both the agent and the master will use this location. For a very long time, Redhat has been carrying a patch that updates the default mode for `rundir` from `01777` to `0755` (see <https://bugzilla.redhat.com/show_bug.cgi?id=495096>). At the same time, puppet is not managing the owner of the `rundir`. This means that the following interaction ends in an error when running with the redhat patch: <pre> [root@localhost ~]# ls -l /var/lib/puppet ls: cannot access /var/lib/puppet: No such file or directory [root@localhost ~]# puppet master could not change to group "puppet" Could not change to user puppet: Invalid user: puppet [root@localhost ~]# ls -l /var/lib/puppet total 36 drwxr-x--- 2 root root 4096 May 30 00:28 bucket drwxr-xr-x 2 root root 4096 May 30 00:28 lib drwxr-x--- 2 root root 4096 May 30 00:28 log drwxr-x--- 2 root root 4096 May 30 00:28 reports drwxr-x--- 2 root root 4096 May 30 00:28 rrd drwxr-xr-x 2 root root 4096 May 30 00:28 run drwxr-x--- 2 root root 4096 May 30 00:28 server_data drwxr-xr-t 2 root root 4096 May 30 00:28 state drwxr-x--- 2 root root 4096 May 30 00:28 yaml [root@localhost ~]# puppet master --mkusers [root@localhost ~]# ls -l /var/lib/puppet total 36 drwxr-x--- 2 puppet puppet 4096 May 30 00:28 bucket drwxr-xr-x 2 root root 4096 May 30 00:28 lib drwxr-x--- 2 puppet puppet 4096 May 30 00:28 log drwxr-x--- 2 puppet puppet 4096 May 30 00:28 reports drwxr-x--- 2 puppet puppet 4096 May 30 00:28 rrd drwxr-xr-x 2 root root 4096 May 30 00:28 run drwxr-x--- 2 puppet puppet 4096 May 30 00:28 server_data drwxr-xr-t 2 root root 4096 May 30 00:28 state drwxr-x--- 2 puppet puppet 4096 May 30 00:28 yaml [root@localhost ~]# ls -l /var/lib/puppet/run/ total 0 [root@localhost ~]# tail /var/log/messages May 30 00:25:53 localhost puppet-master[6385]: (/Group[puppet]/ensure) created May 30 00:25:53 localhost puppet-master[6385]: (/User[puppet]/ensure) created May 30 00:25:53 localhost puppet-master[6399]: Starting Puppet master version 3.2.1 May 30 00:25:53 localhost puppet-master[6399]: Reopening log files May 30 00:25:53 localhost puppet-master[6399]: Reopening log files May 30 00:26:42 localhost puppet-master[6399]: Caught TERM; calling stop May 30 00:28:00 localhost puppet-master[6522]: could not change to group "puppet": Invalid group: puppet May 30 00:28:13 localhost puppet-master[6528]: (/Group[puppet]/ensure) created May 30 00:28:13 localhost puppet-master[6528]: (/User[puppet]/ensure) created May 30 00:28:13 localhost puppet-master[6542]: Could not run: Permission denied - /var/lib/puppet/run/master.pid [root@localhost ~]# </pre> The patch is: <pre> diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 24552b6..ec58d1a 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -77,7 +77,7 @@ module Puppet :rundir => { :default => nil, :type => :directory, - :mode => 01777, + :mode => 0755, :desc => "Where Puppet PID files are kept." }, :genconfig => { </pre> This happens when working from a source install (simply using install.rb in the puppet codebase). The problem is that initially the user/group did not exist and the `rundir` was created with root as the owner. With the new permissions, once the master daemonizes and drops its privileges it can no longer write to the `rundir` for its pidfile. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
