Red Hat Bugzilla – Bug 475796
puppet does not own al directories it needs
Last modified: 2013-04-30 19:40:51 EDT
Description of problem:
/var/lib/puppet/ssl en subdirectories not owned by puppet and therefore not created either.
The same goes for /var/lib/puppet/state/ and /var/lib/puppet/facts/
Version-Release number of selected component (if applicable):
puppet-0.24.4-1.fc8 (on F9)
Steps to Reproduce:
1. On a fresh install, yum install puppet
2. run puppetd --no-daemonize --verbose --debug --noop --one-time --wait-for-cert
Puppet complains about not being able to create a csr
Puppet waiting for signed cert
After making the following directories the problem is fixed:
What is the ownership of /var/lib/puppet/ ? (Should be drwxr-xr-x puppet:puppet)
Can you provide the full output of the puppet run where it complains about not being able to create a csr?
Note these directories should be created on-the-fly as the $vardir, $ssldir, $statedir settings in /etc/puppet/puppet.conf configure where these directories should be.
drwxr-xr-x 7 puppet puppet 4096 Dec 10 16:19 /var/lib/puppet
I can not at this point in time provide you with the output.
Puppet generates to much output ... I will create a vm to do this again.
The above mentioned dirs are, at least on EPEL 5 *not* created on the fly.
I cannot reproduce this myself...
I don't know why this happened, I'm a bit puzzled about it really.
Therefore I am closing this bug as a one-of type of thing.
I ran into the very same problem with 0.25.4. Putting the solution here for future reference in case anyone else stumbles upon the same problem.
puppetd usually ensures that required local directories exists, just like Jeroen pointed out. The only caveat here: it doesn't do so when called with --noop (this can be nicely seen with --debug).
So in case someon is seeing error messages like the following
err: Could not request certificate: Cannot save xxx; parent directory /var/lib/puppet/ssl/private_keys does not exist
please make sure you are not running in --noop mode.