The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #2190

puppetmasterd --mkusers fails to create necessary directories, user, and group when run as root

Added by K Hightower about 5 years ago. Updated almost 4 years ago.

Status:ClosedStart date:04/23/2009
Priority:NormalDue date:
Assignee:Luke Kanies% Done:

0%

Category:Red Hat
Target version:0.25.0
Affected Puppet version:0.25.0 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

I am currently testing puppet from HEAD on a freshly install VM running the following

OS: Red Hat Enterprise Linux Server release 5.3 (Tikanga)

RPMs from Base repo ruby-1.8.5-5.el5_2.6

RPMs from EPEL repos augeas-libs : 0.5.0-2.el5 facter: 1.5.4-1.el5 ruby-augeas: 0.2.0-1.el5 ruby-shadow: 1.4.1-7.el5

[root@jake puppet]# puppetmasterd --mkusers
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:95:in `save': Cannot save ca; parent directory /etc/puppet/ssl/ca does not exist (Puppet::Error)
        from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/key/file.rb:34:in `save'
        from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:257:in `save'
        from /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:65:in `save'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:140:in `generate_key'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:170:in `certificate'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:233:in `setup'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:146:in `initialize'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `new'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `init_singleton_instance'
        from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `send'
        from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `cached_value'
        from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
        from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:37:in `instance'
        from /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:125:in `run_setup'
        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
        from /usr/sbin/puppetmasterd:66

History

#1 Updated by K Hightower about 5 years ago

Adding trace output

[root@jake puppet]# puppetmasterd --mkusers --trace
/usr/lib/ruby/site_ruby/1.8/puppet/simple_graph.rb:105:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:283:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:603:in `use'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:597:in `use'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:113:in `run_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
/usr/sbin/puppetmasterd:66
/usr/lib/ruby/site_ruby/1.8/puppet/simple_graph.rb:105:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:283:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:603:in `use'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:597:in `use'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:124:in `run_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
/usr/sbin/puppetmasterd:66
/usr/lib/ruby/site_ruby/1.8/puppet/simple_graph.rb:105:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:283:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:603:in `use'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:597:in `use'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:140:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `init_singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `cached_value'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:37:in `instance'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:125:in `run_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
/usr/sbin/puppetmasterd:66
/usr/lib/ruby/site_ruby/1.8/puppet/simple_graph.rb:105:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:283:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:541:in `to_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:603:in `use'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:597:in `use'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:50:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:309:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:309:in `make_terminus'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:130:in `terminus'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:297:in `prepare'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:186:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:130:in `key'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:170:in `certificate'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:233:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:146:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `init_singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `cached_value'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:37:in `instance'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:125:in `run_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
/usr/sbin/puppetmasterd:66
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:95:in `save': Cannot save ca; parent directory /etc/puppet/ssl/ca does not exist (Puppet::Error)
    from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/key/file.rb:34:in `save'
    from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:257:in `save'
    from /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:65:in `save'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:140:in `generate_key'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:170:in `certificate'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:233:in `setup'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:146:in `initialize'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `new'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:23:in `init_singleton_instance'
    from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `send'
    from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:92:in `cached_value'
    from /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
    from /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:37:in `instance'
    from /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:125:in `run_setup'
    from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:216:in `run'
    from /usr/sbin/puppetmasterd:66

#2 Updated by Luke Kanies about 5 years ago

  • Status changed from Unreviewed to Accepted
  • Assignee set to Luke Kanies

I’m not going to be able to get this fixed for beta1, I think, but it’s got easy workarounds (just make the users/groups yourselves).

#3 Updated by K Hightower about 5 years ago

luke wrote:

I’m not going to be able to get this fixed for beta1, I think, but it’s got easy workarounds (just make the users/groups yourselves).

When not using a “package” to install puppet, I found it necessary to take the following steps on a RHEL 5 based server.

Add the puppet user and group.

[root@jake ~]# useradd puppet

Create the required SSL directory layout.

[root@jake ~]# mkdir -p /etc/puppet/ssl/{ca/{private,requests,signed},certificate_requests,certs,private_keys,public_keys}

Set all directories under “/etc/puppet” to puppet user and group ownership.

[root@jake ~]# chown puppet:puppet -R /etc/puppet/

Verify directory structure.

[root@jake ~]# tree /etc/puppet/ssl/
/etc/puppet/ssl/
|-- ca
|   |-- private
|   |-- requests
|   `-- signed
|-- certificate_requests
|-- certs
|-- private_keys
`-- public_keys

8 directories, 0 files

#4 Updated by St├ęphan Gorget old account almost 5 years ago

I’ve tried this on a fresh install of CentOS 5.2 from the HEAD of the master and it works fine.

#5 Updated by James Turnbull almost 5 years ago

  • Status changed from Accepted to Closed

Fix in #2188 and workaround. Please re-open if you continue to have issues.

Also available in: Atom PDF