The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
puppetmasterd suffers from permission problems that prohibit it from starting up correctly in master
|Assignee:||Luke Kanies||% Done:|
|Affected Puppet version:||0.24.6||Branch:|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.
If you start with a clean slate, you get:
info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list notice: Starting Puppet server version 0.24.6 info: Creating a new SSL key for culain.madstop.com /home/luke/puppet/lib/puppet/indirector/ssl_file.rb:96:in `save' /home/luke/puppet/lib/puppet/indirector/key/file.rb:34:in `save' /home/luke/puppet/lib/puppet/indirector/indirection.rb:249:in `save' /home/luke/puppet/lib/puppet/indirector.rb:65:in `save' /home/luke/puppet/lib/puppet/ssl/host.rb:121:in `generate_key' /home/luke/puppet/lib/puppet/ssl/host.rb:151:in `generate' /home/luke/puppet/lib/puppet/network/http/webrick.rb:94:in `setup_ssl' /home/luke/puppet/lib/puppet/network/http/webrick.rb:33:in `listen' /home/luke/puppet/lib/puppet/network/server.rb:128:in `listen' /home/luke/puppet/lib/puppet/network/server.rb:143:in `start' /home/luke/puppet/lib/puppet.rb:284:in `start' /home/luke/puppet/lib/puppet.rb:144:in `newthread' /home/luke/puppet/lib/puppet.rb:143:in `initialize' /home/luke/puppet/lib/puppet.rb:143:in `new' /home/luke/puppet/lib/puppet.rb:143:in `newthread' /home/luke/puppet/lib/puppet.rb:282:in `start' /home/luke/puppet/lib/puppet.rb:281:in `each' /home/luke/puppet/lib/puppet.rb:281:in `start' bin/puppetmasterd:222 err: Could not start Puppet::Network::Server: Cannot save culain.madstop.com; parent directory /tmp/filetest/ssl/private_keys is not writable notice: No remaining services; exiting
Adding the attached patch fixes the ssl problems, but there are still startup problems related to the client filebucket.
Most of the problems are related to an incorrect separation between setup and startup — all of these dirs and files should be created at setup, and then used on startup. That’s clearly not yet happening with the new design.