Issue #22499 has been updated by Melissa Stone. Status changed from Merged - Pending Release to Closed
Released in Puppet 3.4.0-rc1 ---------------------------------------- Bug #22499: Puppet does not manage :vardir owner group https://projects.puppetlabs.com/issues/22499#change-100382 * Author: Josh Partlow * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: 3.4.0 * Affected Puppet version: 3.2.4 * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/1891 ---------------------------------------- This affects all the Redhat and Debian packages. I’m wondering if it comes down to /var/lib/puppet not having user/group controlled. The failure is from: https://github.com/puppetlabs/puppet/blob/master/lib/puppet/network/http/webrick.rb#L98 Sep 10 16:04:40 (none) puppet-master[2910]: Starting Puppet master version 3.3.0-rc3 Sep 10 16:04:40 (none) puppet-master[2910]: Could not run: Could not find CA certificate Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:98:in `setup_ssl' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:18:in `listen' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/network/server.rb:27:in `start' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/daemon.rb:139:in `start' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:289:in `start_webrick_master' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:205:in `main' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:165:in `run_command' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application.rb:457:in `plugin_hook' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/util.rb:485:in `exit_on_fail' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in `run' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:86:in `execute' Sep 10 16:04:40 (none) puppet-master[2910]: /usr/bin/puppet:4 The Webrick@setup_ssl code throws the exception if it can’t find the ca cert via the indirector. But the cert is still owned by puppet, even though it’s group is not set properly. However /var/lib/puppet itself is no longer owned by puppet (this was on Lucid): root@oxp25qoyatg0yty:~# ls -ld /var/lib/puppet drwxr-x--- 13 104 112 4096 2013-09-10 15:44 /var/lib/puppet root@oxp25qoyatg0yty:~# ls -l /var/lib/puppet/ssl/certs total 8 -rw-r--r-- 1 puppet 112 1948 2013-09-10 14:02 ca.pem -rw-r--r-- 1 puppet 112 2082 2013-09-10 14:02 oxp25qoyatg0yty.delivery.puppetlabs.net.pem So I think the problem is that puppet can no longer read access /var/lib/puppet at all. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.