The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #1729

puppetmasterd suffers from permission problems that prohibit it from starting up correctly in master

Added by Luke Kanies over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:11/04/2008
Priority:HighDue date:
Assignee:Luke Kanies% Done:


Target version:0.25.0
Affected Puppet version:0.24.6 Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


If you start with a clean slate, you get:

info: Creating a new SSL key for ca
info: Creating a new SSL certificate request for ca
notice: Signed certificate request for ca
notice: Rebuilding inventory file
info: Creating a new certificate revocation list
notice: Starting Puppet server version 0.24.6
info: Creating a new SSL key for
/home/luke/puppet/lib/puppet/indirector/ssl_file.rb:96:in `save'
/home/luke/puppet/lib/puppet/indirector/key/file.rb:34:in `save'
/home/luke/puppet/lib/puppet/indirector/indirection.rb:249:in `save'
/home/luke/puppet/lib/puppet/indirector.rb:65:in `save'
/home/luke/puppet/lib/puppet/ssl/host.rb:121:in `generate_key'
/home/luke/puppet/lib/puppet/ssl/host.rb:151:in `generate'
/home/luke/puppet/lib/puppet/network/http/webrick.rb:94:in `setup_ssl'
/home/luke/puppet/lib/puppet/network/http/webrick.rb:33:in `listen'
/home/luke/puppet/lib/puppet/network/server.rb:128:in `listen'
/home/luke/puppet/lib/puppet/network/server.rb:143:in `start'
/home/luke/puppet/lib/puppet.rb:284:in `start'
/home/luke/puppet/lib/puppet.rb:144:in `newthread'
/home/luke/puppet/lib/puppet.rb:143:in `initialize'
/home/luke/puppet/lib/puppet.rb:143:in `new'
/home/luke/puppet/lib/puppet.rb:143:in `newthread'
/home/luke/puppet/lib/puppet.rb:282:in `start'
/home/luke/puppet/lib/puppet.rb:281:in `each'
/home/luke/puppet/lib/puppet.rb:281:in `start'
err: Could not start Puppet::Network::Server: Cannot save; parent directory /tmp/filetest/ssl/private_keys is not writable
notice: No remaining services; exiting

Adding the attached patch fixes the ssl problems, but there are still startup problems related to the client filebucket.

Most of the problems are related to an incorrect separation between setup and startup — all of these dirs and files should be created at setup, and then used on startup. That’s clearly not yet happening with the new design.

puppetmasterd_ssl.patch Magnifier - A patch to fix some of the ssl startup issues. (2.75 KB) Luke Kanies, 11/04/2008 10:17 pm


#1 Updated by Luke Kanies over 7 years ago

  • Status changed from Accepted to Closed

Fixed in commit:566bf7820e56b3be503a05645cad54152309b20f

Also available in: Atom PDF