puppetmasterd suffers from permission problems that prohibit it from starting up correctly in master
|Assignee:||Luke Kanies||% Done:|
|Affected Puppet version:||0.24.6||Branch:|
If you start with a clean slate, you get:
info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list notice: Starting Puppet server version 0.24.6 info: Creating a new SSL key for culain.madstop.com /home/luke/puppet/lib/puppet/indirector/ssl_file.rb:96:in `save' /home/luke/puppet/lib/puppet/indirector/key/file.rb:34:in `save' /home/luke/puppet/lib/puppet/indirector/indirection.rb:249:in `save' /home/luke/puppet/lib/puppet/indirector.rb:65:in `save' /home/luke/puppet/lib/puppet/ssl/host.rb:121:in `generate_key' /home/luke/puppet/lib/puppet/ssl/host.rb:151:in `generate' /home/luke/puppet/lib/puppet/network/http/webrick.rb:94:in `setup_ssl' /home/luke/puppet/lib/puppet/network/http/webrick.rb:33:in `listen' /home/luke/puppet/lib/puppet/network/server.rb:128:in `listen' /home/luke/puppet/lib/puppet/network/server.rb:143:in `start' /home/luke/puppet/lib/puppet.rb:284:in `start' /home/luke/puppet/lib/puppet.rb:144:in `newthread' /home/luke/puppet/lib/puppet.rb:143:in `initialize' /home/luke/puppet/lib/puppet.rb:143:in `new' /home/luke/puppet/lib/puppet.rb:143:in `newthread' /home/luke/puppet/lib/puppet.rb:282:in `start' /home/luke/puppet/lib/puppet.rb:281:in `each' /home/luke/puppet/lib/puppet.rb:281:in `start' bin/puppetmasterd:222 err: Could not start Puppet::Network::Server: Cannot save culain.madstop.com; parent directory /tmp/filetest/ssl/private_keys is not writable notice: No remaining services; exiting
Adding the attached patch fixes the ssl problems, but there are still startup problems related to the client filebucket.
Most of the problems are related to an incorrect separation between setup and startup — all of these dirs and files should be created at setup, and then used on startup. That’s clearly not yet happening with the new design.