Hi John
there is no SELinux on this system. Issue still is an issue.. :/
Cheers,
Piotr
W dniu środa, 17 lipca 2013 16:13:24 UTC+1 użytkownik jcbollinger napisał:
>
>
>
> On Tuesday, July 16, 2013 11:41:12 AM UTC-5, Piotr Jasiulewicz wrote:
>>
>> Hi John,
>>
>> thanks for your answer, lunching via service was the first thing I tried
>> (which also produces the same error).
>>
>> The linux is Ubuntu 13.X
>>
>> The startup:
>>
>> root@puppet:/etc/puppet# service puppetmaster start
>> * Starting puppet master
>>
>>
>> Could not run: Could not write
>> /var/lib/puppet/ssl/private_keys/puppet.sherstondevelopments.co.uk.pem to
>> privatekeydir: Permission denied -
>> /var/lib/puppet/ssl/private_keys/puppet.sherstondevelopments.co.uk.pem
>>
>>
>> The directory:
>>
>> root@puppet:/etc/puppet# ls -la /var/lib/puppet/ssl/private_keys/
>> total 8
>> drwxr-x--- 2 puppet root 4096 Jul 12 12:27 .
>> drwxrwx--x 8 puppet puppet 4096 Jun 25 12:54 ..
>>
>>
>>
>> The script:
>>
>> root@puppet:/etc/puppet# cat /etc/init.d/puppetmaster
>> #! /bin/sh
>> ### BEGIN INIT INFO
>> # Provides: puppetmaster
>> # Required-Start: $network $named $remote_fs $syslog
>> # Required-Stop: $network $named $remote_fs $syslog
>> # Default-Start: 2 3 4 5
>> # Default-Stop: 0 1 6
>> # Short-Description: puppet master
>> # Description: The puppet master accepts connections from puppet
>> agents,
>> # compiles manifests into catalogs for them, acts as a
>> file
>> # server and report server.
>> ### END INIT INFO
>>
>> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
>> DAEMON=/usr/bin/puppet
>> DAEMON_OPTS=""
>> NAME=master
>> DESC="puppet master"
>>
>> test -x $DAEMON || exit 0
>>
>> [ -r /etc/default/puppetmaster ] && . /etc/default/puppetmaster
>>
>> . /lib/lsb/init-functions
>>
>> if [ ! -d /var/run/puppet ]; then
>> mkdir -p /var/run/puppet
>> fi
>>
>> chown puppet:puppet /var/run/puppet
>>
>> is_true() {
>> if [ "x$1" = "xtrue" -o "x$1" = "xyes" -o "x$1" = "x0" ] ; then
>> return 0
>> else
>> return 1
>> fi
>> }
>>
>> start_puppet_master() {
>> if is_true "$START" ; then
>> start-stop-daemon --start --pidfile /var/run/puppet/${NAME}.pid \
>> --startas $DAEMON -- $NAME $DAEMON_OPTS
>> else
>> echo ""
>> echo "puppetmaster not configured to start, please edit
>> /etc/default/puppetmaster to enable"
>> fi
>> }
>>
>> stop_puppet_master() {
>> start-stop-daemon --stop --quiet --oknodo --pidfile
>> /var/run/puppet/${NAME}.pid
>> }
>>
>> status_puppet_master() {
>> status_of_proc -p "/var/run/puppet/${NAME}.pid" "${DAEMON}" "${NAME}"
>> }
>>
>>
>> case "$1" in
>> start)
>> log_begin_msg "Starting $DESC"
>> start_puppet_master
>> log_end_msg $?
>> ;;
>> stop)
>> log_begin_msg "Stopping $DESC"
>> stop_puppet_master
>> log_end_msg $?
>> ;;
>> reload)
>> # Do nothing, as Puppetmaster rechecks its config automatically
>> ;;
>> status)
>> status_puppet_master
>> ;;
>> restart|force-reload)
>> log_begin_msg "Restarting $DESC"
>> stop_puppet_master
>> sleep 1
>> start_puppet_master
>> log_end_msg $?
>> ;;
>> *)
>> echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2
>> exit 1
>> ;;
>> esac
>>
>>
>> Still dunno what to do:/
>>
>> any clues?
>>
>>
>> Thanks,
>> Piotr
>>
>>
>> The directory has all rights for puppet as the user, still could not get
>> anywhere with that.
>>
>>
>
> Do continue to test via "service puppetmaster start".
>
> At this point, I suspect an SELinux policy or labeling problem. You
> should be able to test this fairly easily by switching SELinux to
> permissive mode and trying again to start the master:
>
> setenforce 0
> service puppetmaster start
>
> If the master then starts successfully then such an SELinux problem is
> confirmed. Moreover, you will probably then find an AVC message in your
> log, and maybe even a desktop alert, that explains the nature of the
> problem. In fact, you may see explanatory AVC messages in your log already.
>
> Supposing that you have an SELinux issue and you do want SELinux enforcing
> mandatory access controls, the long-term solution is to ensure that your
> SELinux policy provides for the required access and that your filesystem is
> labeled correctly. The best way to achieve those objectives depends on
> your distro and on how you installed Puppet.
>
>
> John
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
