Bug 475796 – puppet does not own al directories it needs

Bug 475796 - puppet does not own al directories it needs

Summary:	puppet does not own al directories it needs

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora EPEL
Classification:	Fedora
Component:	puppet (Show other bugs)
Sub Component:
Version:	el4
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	David Lutterkort
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2008-12-10 10:06 EST by S.A. Hartsuiker
Modified:	2013-04-30 19:40 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-12-16 13:34:12 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description S.A. Hartsuiker 2008-12-10 10:06:01 EST

Description of problem:
/var/lib/puppet/ssl en subdirectories not owned by puppet and therefore not created either.
The same goes for /var/lib/puppet/state/ and /var/lib/puppet/facts/

Version-Release number of selected component (if applicable):
puppet-0.24.4-1.el4
puppet-0.24.6-1.el5
puppet-0.24.4-1.fc8 (on F9)

How reproducible:
Always

Steps to Reproduce:
1. On a fresh install, yum install puppet
2. run puppetd --no-daemonize --verbose --debug --noop --one-time --wait-for-cert
3. 
  
Actual results:
Puppet complains about not being able to create a csr

Expected results:
Puppet waiting for signed cert

Additional info:

After making the following directories the problem is fixed:
/var/lib/puppet/ssl
/var/lib/puppet/ssl/certs
/var/lib/puppet/ssl/private
/var/lib/puppet/ssl/private_keys
/var/lib/puppet/ssl/public_keys
/var/lib/puppet/state
/var/lib/puppet/facts

Comment 1 Jeroen van Meeuwen 2008-12-10 10:12:45 EST

What is the ownership of /var/lib/puppet/ ? (Should be drwxr-xr-x puppet:puppet)

Can you provide the full output of the puppet run where it complains about not being able to create a csr?

Comment 2 Jeroen van Meeuwen 2008-12-10 10:14:26 EST

Note these directories should be created on-the-fly as the $vardir, $ssldir, $statedir settings in /etc/puppet/puppet.conf configure where these directories should be.

Comment 3 S.A. Hartsuiker 2008-12-10 10:23:39 EST

drwxr-xr-x 7 puppet puppet 4096 Dec 10 16:19 /var/lib/puppet

I can not at this point in time provide you with the output. 
Puppet generates to much output ... I will create a vm to do this again.

The above mentioned dirs are, at least on EPEL 5 *not* created on the fly.

Comment 4 S.A. Hartsuiker 2008-12-16 13:33:12 EST

I cannot reproduce this myself...
I don't know why this happened, I'm a bit puzzled about it really.
Therefore I am closing this bug as a one-of type of thing.

Comment 5 Sebastian Kayser 2010-04-26 04:47:06 EDT

I ran into the very same problem with 0.25.4. Putting the solution here for future reference in case anyone else stumbles upon the same problem.

puppetd usually ensures that required local directories exists, just like Jeroen pointed out. The only caveat here: it doesn't do so when called with --noop (this can be nicely seen with --debug).

So in case someon is seeing error messages like the following

err: Could not request certificate: Cannot save xxx; parent directory /var/lib/puppet/ssl/private_keys does not exist

please make sure you are not running in --noop mode.

Note You need to log in before you can comment on or make changes to this bug.