Thanks, that workaround fixes it indeed. Verzonden met ProtonMail Mobile
-------- Oorspronkelijk bericht -------- Aan 6 feb. 2019 19:19, Benjamin Drung schreef: > reassign 919231 systemd 240-5 > retitle 919231 CacheDirectory/StateDirectory does not change owner/group > thanks > > Hi Stijn, > > your bug description was enough for me to reproduce this misbehavior > and tracked it down to systemd not behaving like the documentation > describes: > > StateDirectory=, CacheDirectory= > Except in case of ConfigurationDirectory=, the innermost specified > directories will be owned by the user and group specified in User= > and Group=. If the specified directories already exist and their > owning user or group do not match the configured ones, all files > and directories below the specified directories as well as the > directories themselves will have their file ownership recursively > changed to match what is configured. As an optimization, if the > specified directories are already owned by the right user and > group, files and directories below of them are left as-is, even > if they do not match what is requested. > > The salt-master systemd service is configured to use > /var/lib/salt/pki/master and /var/cache/salt/master as state and cache > directory. salt should change the ownership, but it does not. Steps to > reproduce: > > Take a minimal Debian 9 installation and: > > ``` > root@debian:~# apt install salt-master > root@debian:~# sed -i 's/stretch/buster/g' /etc/apt/sources.list > root@debian:~# apt upgrade > [...] > Setting up salt-master (2018.3.3+dfsg1-2) ... > Installing new version of config file /etc/salt/master ... > Job for salt-master.service failed because the control process exited > with error code. > See "systemctl status salt-master.service" and "journalctl -xe" for > details. > invoke-rc.d: initscript salt-master, action "restart" failed. > ● salt-master.service - The Salt Master Server > Loaded: loaded (/lib/systemd/system/salt-master.service; enabled; > vendor preset: enabled) > Active: failed (Result: exit-code) since Wed 2019-02-06 16:16:37 > UTC; 8ms ago > Docs: man:salt-master(1) > file:///usr/share/doc/salt/html/contents.html > https://docs.saltstack.com/en/latest/contents.html > Process: 31417 ExecStart=/usr/bin/salt-master (code=exited, > status=13) > Main PID: 31417 (code=exited, status=13) > > Feb 06 16:16:37 debian systemd[1]: Starting The Salt Master Server... > Feb 06 16:16:37 debian salt-master[31417]: Failed to create directory > path "/var/lib/salt/pki/master/minions" - [Errno 13] Permission denied: > '/var/lib/salt/pki/master/minions' > Feb 06 16:16:37 debian systemd[1]: salt-master.service: Main process > exited, code=exited, status=13/n/a > Feb 06 16:16:37 debian systemd[1]: salt-master.service: Failed with > result 'exit-code'. > Feb 06 16:16:37 debian systemd[1]: Failed to start The Salt Master > Server. > dpkg: error processing package salt-master (--configure): > installed salt-master package post-installation script subprocess > returned error exit status 1 > [...] > ``` > > Instead of doing an upgrade test, you can just do the test on testing > by stopping salt-master, changing the permission to root and starting > salt-master. > > ``` > root@debian:~# systemctl cat salt-master.service > # /lib/systemd/system/salt-master.service > [Unit] > Description=The Salt Master Server > Documentation=man:salt-master(1) > file:///usr/share/doc/salt/html/contents.html > https://docs.saltstack.com/en/latest/contents.html > After=network.target > > [Service] > LimitNOFILE=100000 > Type=notify > NotifyAccess=all > ExecStart=/usr/bin/salt-master > User=salt > Group=salt > CacheDirectory=salt/master > RuntimeDirectory=salt > StateDirectory=salt/pki/master > > [Install] > WantedBy=multi-user.target > root@debian:~# ls -ld /var/lib/salt /var/lib/salt/pki > /var/lib/salt/pki/master > drwxr-xr-x 3 salt salt 4096 Feb 6 16:16 /var/lib/salt > drwxr-xr-x 3 root root 4096 Feb 6 16:16 /var/lib/salt/pki > drwx------ 7 root root 4096 Feb 6 16:10 /var/lib/salt/pki/master > root@debian:~# ls -ld /var/cache/salt /var/cache/salt/master > drwxr-xr-x 3 root root 4096 Feb 6 16:10 /var/cache/salt > drwxr-xr-x 8 root root 4096 Feb 6 16:11 /var/cache/salt/master > rroot@debian:~# dpkg -l | grep systemd | sed 's/ \+amd64 .*$//' > ii libnss-systemd:amd64 240-5 > ii libpam-systemd:amd64 240-5 > ii libsystemd0:amd64 240-5 > ii python-systemd 234-2+b1 > ii python3-systemd 234-2+b1 > ii systemd 240-5 > ii systemd-sysv 240-5 > ``` > > The workaround is to manually change the owner/group to salt: > > root@debian:~# chown -R salt:salt /var/lib/salt/pki/master > /var/cache/salt/master > root@debian:~# systemctl start salt-master > > -- > Benjamin Drung > System Developer > Debian & Ubuntu Developer > > 1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany > E-mail: benjamin.dr...@cloud.ionos.com | Web: www.ionos.de > > Head Office: Berlin, Germany > District Court Berlin Charlottenburg, Registration number: HRB 125506 B > Executive Management: Christoph Steffens, Matthias Steinberg, Achim > Weiss > > Member of United Internet