Ask Your Question
0

Puppet tries to create /etc/puppet/ssl when it is configured to use /var/lib/puppet/ssl

asked 2018-07-20 05:06:35 -0500

willsewell gravatar image

I am using puppet 3.8.7 in the rack/appache/passenger setup. I have created /var/lib/puppet/ssl with appropriate keys/certificates in it. I have configured puppet to use this:

$ sudo puppet config print --section master ssldir
/var/lib/puppet/ssl
$ sudo puppet config print --section agent ssldir
/var/lib/puppet/ssl

However, when I run the puppet agent with

$ sudo /usr/bin/puppet agent --test --environment /path/to/env

It fails with a bunch of HTML error pages returned from the puppet master. I won't post them here because I get the same errors in a much clearer format in the apache error logs:

[ 2018-07-20 09:28:10.8956 23617/7feaf0cea700 agents/HelperAgent/RequestHandler.h:2088 ]: [Client 20] Cannot checkout session.
Error page:
exit (SystemExit)
  /usr/lib/ruby/vendor_ruby/puppet/util.rb:511:in `exit'
  /usr/lib/ruby/vendor_ruby/puppet/util.rb:511:in `rescue in exit_on_fail'
  /usr/lib/ruby/vendor_ruby/puppet/util.rb:496:in `exit_on_fail'
  /usr/lib/ruby/vendor_ruby/puppet/application.rb:378:in `run'
  /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run'
  /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'
  config.ru:35:in `block in <main>'
  /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `instance_eval'
  /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `initialize'
  config.ru:1:in `new'
  config.ru:1:in `<main>'
  /usr/share/passenger/helper-scripts/rack-preloader.rb:112:in `eval'
  /usr/share/passenger/helper-scripts/rack-preloader.rb:112:in `preload_app'
  /usr/share/passenger/helper-scripts/rack-preloader.rb:158:in `<module:App>'
  /usr/share/passenger/helper-scripts/rack-preloader.rb:29:in `<module:PhusionPassenger>'
  /usr/share/passenger/helper-scripts/rack-preloader.rb:28:in `<main>'

It's very cryptic, so if I turn on the debug logging in /usr/lib/ruby/vendor_ruby/puppet/util.rb, I get the much more helpful output:

App 24518 stdout: #<RuntimeError: Got 1 failure(s) while initializing: File[/etc/puppet/ssl]: change from absent to directory failed: Could not set 'directory' on ensure: Permission denied @ dir_s_mkdir - /etc/puppet/ssl>
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:998:in `block in use'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:177:in `apply'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:988:in `use'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:267:in `setup'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/application.rb:378:in `block (2 levels) in run'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/application.rb:507:in `plugin_hook'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/application.rb:378:in `block in run'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/util.rb:496:in `exit_on_fail'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/application.rb:378:in `run'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run'
App 24518 stdout: /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'
App 24518 stdout: /usr/share/puppet/rack/puppetmasterd ...
(more)
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-07-25 08:06:07 -0500

willsewell gravatar image

updated 2018-07-25 08:06:59 -0500

We fixed this by adding

ARGV << "--ssldir"  << "/var/lib/puppet/ssl"

to config.ru.

The reason for this confuses me because we already have

ssldir = /var/lib/puppet/ssl

set in the [main] section of puppet.conf.

edit flag offensive delete link more

Comments

This means that the way you have it configured is not reading your `puppet.conf` path properly. Double check the paths and that your httpd user can read the file.

binford2k gravatar imagebinford2k ( 2018-07-25 13:14:01 -0500 )edit

From what I can tell, the file is being read correctly since if I run `sudo puppet config print environment`, then it prints the environment I have configured in `/etc/puppet/puppet.conf`. Both `/etc/puppet` and `/etc/puppet/puppet.conf` are world-readable.

willsewell gravatar imagewillsewell ( 2018-07-26 04:08:07 -0500 )edit
0

answered 2018-07-24 12:44:37 -0500

binford2k gravatar image

Just a friendly PSA that Puppet 3.x reached its end of life 570 days ago on December 31, 2016. I suggest upgrading to an LTS release for access to bug fixes and security updates.

In any case, you likely don't have the proper configuration settings in your config.ru. See https://github.com/puppetlabs/puppet/... for an example of that.

edit flag offensive delete link more

Comments

We are trying to upgrade to Puppet 4 :) The reason I am trying (and failing) to set up Puppet 3 is so that we can test the upgrade process. Our `config.ru` file is identical to the one you linked to. Is this a problem? Should I be setting `--ssldir` there?

willsewell gravatar imagewillsewell ( 2018-07-25 06:26:53 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2018-07-20 05:06:35 -0500

Seen: 84 times

Last updated: Jul 25