On Tuesday, July 16, 2013 11:41:12 AM UTC-5, Piotr Jasiulewicz wrote:
>
> Hi John,
>
> thanks for your answer, lunching via service was the first thing I tried
> (which also produces the same error).
>
> The linux is Ubuntu 13.X
>
> The startup:
>
> root@puppet:/etc/puppet# service puppetmaster start
> * Starting puppet master
>
>
> Could not run: Could not write
> /var/lib/puppet/ssl/private_keys/puppet.sherstondevelopments.co.uk.pem to
> privatekeydir: Permission denied -
> /var/lib/puppet/ssl/private_keys/puppet.sherstondevelopments.co.uk.pem
>
>
> The directory:
>
> root@puppet:/etc/puppet# ls -la /var/lib/puppet/ssl/private_keys/
> total 8
> drwxr-x--- 2 puppet root 4096 Jul 12 12:27 .
> drwxrwx--x 8 puppet puppet 4096 Jun 25 12:54 ..
>
>
>
> The script:
>
> root@puppet:/etc/puppet# cat /etc/init.d/puppetmaster
> #! /bin/sh
> ### BEGIN INIT INFO
> # Provides: puppetmaster
> # Required-Start: $network $named $remote_fs $syslog
> # Required-Stop: $network $named $remote_fs $syslog
> # Default-Start: 2 3 4 5
> # Default-Stop: 0 1 6
> # Short-Description: puppet master
> # Description: The puppet master accepts connections from puppet
> agents,
> # compiles manifests into catalogs for them, acts as a
> file
> # server and report server.
> ### END INIT INFO
>
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> DAEMON=/usr/bin/puppet
> DAEMON_OPTS=""
> NAME=master
> DESC="puppet master"
>
> test -x $DAEMON || exit 0
>
> [ -r /etc/default/puppetmaster ] && . /etc/default/puppetmaster
>
> . /lib/lsb/init-functions
>
> if [ ! -d /var/run/puppet ]; then
> mkdir -p /var/run/puppet
> fi
>
> chown puppet:puppet /var/run/puppet
>
> is_true() {
> if [ "x$1" = "xtrue" -o "x$1" = "xyes" -o "x$1" = "x0" ] ; then
> return 0
> else
> return 1
> fi
> }
>
> start_puppet_master() {
> if is_true "$START" ; then
> start-stop-daemon --start --pidfile /var/run/puppet/${NAME}.pid \
> --startas $DAEMON -- $NAME $DAEMON_OPTS
> else
> echo ""
> echo "puppetmaster not configured to start, please edit
> /etc/default/puppetmaster to enable"
> fi
> }
>
> stop_puppet_master() {
> start-stop-daemon --stop --quiet --oknodo --pidfile
> /var/run/puppet/${NAME}.pid
> }
>
> status_puppet_master() {
> status_of_proc -p "/var/run/puppet/${NAME}.pid" "${DAEMON}" "${NAME}"
> }
>
>
> case "$1" in
> start)
> log_begin_msg "Starting $DESC"
> start_puppet_master
> log_end_msg $?
> ;;
> stop)
> log_begin_msg "Stopping $DESC"
> stop_puppet_master
> log_end_msg $?
> ;;
> reload)
> # Do nothing, as Puppetmaster rechecks its config automatically
> ;;
> status)
> status_puppet_master
> ;;
> restart|force-reload)
> log_begin_msg "Restarting $DESC"
> stop_puppet_master
> sleep 1
> start_puppet_master
> log_end_msg $?
> ;;
> *)
> echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2
> exit 1
> ;;
> esac
>
>
> Still dunno what to do:/
>
> any clues?
>
>
> Thanks,
> Piotr
>
>
> The directory has all rights for puppet as the user, still could not get
> anywhere with that.
>
>
Do continue to test via "service puppetmaster start".
At this point, I suspect an SELinux policy or labeling problem. You should
be able to test this fairly easily by switching SELinux to permissive mode
and trying again to start the master:
setenforce 0
service puppetmaster start
If the master then starts successfully then such an SELinux problem is
confirmed. Moreover, you will probably then find an AVC message in your
log, and maybe even a desktop alert, that explains the nature of the
problem. In fact, you may see explanatory AVC messages in your log already.
Supposing that you have an SELinux issue and you do want SELinux enforcing
mandatory access controls, the long-term solution is to ensure that your
SELinux policy provides for the required access and that your filesystem is
labeled correctly. The best way to achieve those objectives depends on
your distro and on how you installed Puppet.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
