Re: [Puppet Users] Re: Failed to set group to '0': Operation not permitted
On Mon, Oct 22, 2012 at 03:05:40PM -0700, jcbollinger wrote: I'm not sure why that inherently means you don't have root, but whatever. So, supposing the issue is with File[/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz], it's not immediately clear to me whether Puppet's behavior is correct here. It seems to be defaulting the target group to 0 (since you don't specify a group, that has to be coming in as a default). That's not documented behavior, but it may still be intentional. On the other hand, it is usual for the agent to run as root, which would mask this behavior. I would suggest that you file a ticket. If you do not specify owner/group/mode and you don't have a global default and the file needs to be created, it will be created with owner/group/mode of the source file. This can of course fail if the agent is not run as root. FWIW there was a discussion about the current behaviour quite a while ago, but the last comment is over a year old now: http://projects.puppetlabs.com/issues/5240 -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Failed to set group to '0': Operation not permitted
On Friday, October 19, 2012 9:38:25 AM UTC-5, Dominic wrote: Hi everyone, Here is the task, I just need to get the file from master, untar it and execute a file. Step 1: Working as a root user,having the default puppet.conf for root and the agent could get the source file from master , untar it and execute it. Step 2: Moving to non-root user, I have a different puppet.conf with the conf the master validates the agent and gets me the source , and untar it to the agent , but on the agent side I got the error. Here is my puppet.conf [main] logdir = /home/user/var/log/puppet rundir = /home/user/var/run/puppet vardir = /home/user/var/lib/puppet ssldir = $vardir/ssl server=puppetmaster.example.com [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig [master] certname=puppetmaster.example.com On executing, puppet agent --confdir-/home/user/etc -t, Error: Failed to set group to '0': Operation not permitted - /home/user/unix.tar.gz Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file failed: Failed to set group to '0': Operation not permitted - /home/user/.tar.gz Though I set the tarball of the source in master to 777 permissions, I get the same error. Your help is great appreciated, please let me know if you need any further info. This problem is not directly related to puppet.conf. It is probably in issue in your init.pp file on the master (because that appears to be where you declare File[/home/user/unix.tar.gz]). The manifest leads Puppet to believe that the target file is supposed to have group 0, but changing the downloaded file's group requires the agent to run as root. If you post the declaration of that file, then we may be able to tell you more. I have a question, though: what is the purpose of having this run by an unprivileged user in the first place? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m_CIZDBB3B0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Failed to set group to '0': Operation not permitted
Hi JCBollinger, Thank you so much for your suggestions.
Here goes my manifests:
#init.pp
class rabbitmq {
include rabbitmq::source, rabbitmq::service
}
#source.pp
class rabbitmq::source {
file { /home/user: ensure = directory }
file { /home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz:
source =
puppet:///modules/rabbitmq/rabbitmq-server-generic-unix-2.8.7.tar.gz,
alias = rabbitmq-source-tgz,
before = Exec[untar-rabbitmq-source]
}
exec { /bin/tar xzvf rabbitmq-server-generic-unix-2.8.7.tar.gz:
cwd = /home/user/,
creates = /home/user/rabbitmq_server-2.8.7,
alias = untar-rabbitmq-source,
subscribe = File[rabbitmq-source-tgz]
}
}
#service.pp
class rabbitmq::service {
exec { rabbitmq_service:
environment = HOME=/home/user,
command= /home/user/rabbitmq_server-2.8.7/sbin/rabbitmq-server
-detached ,
require = Class[rabbitmq::source]
}
}
We dont have root permissions, as we are hosting it in the Cloud.
But when I do extract the unix.tar.gz in user mode without any root
permissions manually , and execute the ./sbin/rabbitmq-server, it gets
executed.
I really appreciate your suggestions and thoughts.
Thanks again,
Dominic.
On Monday, October 22, 2012 6:54:47 AM UTC-7, jcbollinger wrote:
On Friday, October 19, 2012 9:38:25 AM UTC-5, Dominic wrote:
Hi everyone,
Here is the task, I just need to get the file from master, untar it and
execute a file.
Step 1:
Working as a root user,having the default puppet.conf for root and the
agent could get the source file from master , untar it and execute it.
Step 2:
Moving to non-root user, I have a different puppet.conf with the conf the
master validates the agent and gets me the source , and untar it to the
agent , but on the agent side I got the error.
Here is my puppet.conf
[main]
logdir = /home/user/var/log/puppet
rundir = /home/user/var/run/puppet
vardir = /home/user/var/lib/puppet
ssldir = $vardir/ssl
server=puppetmaster.example.com
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
[master]
certname=puppetmaster.example.com
On executing,
puppet agent --confdir-/home/user/etc -t,
Error: Failed to set group to '0': Operation not permitted -
/home/user/unix.tar.gz
Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file
failed: Failed to set group to '0': Operation not permitted -
/home/user/.tar.gz
Though I set the tarball of the source in master to 777 permissions, I
get the same error.
Your help is great appreciated, please let me know if you need any
further info.
This problem is not directly related to puppet.conf. It is probably in
issue in your init.pp file on the master (because that appears to be where
you declare File[/home/user/unix.tar.gz]). The manifest leads Puppet to
believe that the target file is supposed to have group 0, but changing the
downloaded file's group requires the agent to run as root.
If you post the declaration of that file, then we may be able to tell you
more.
I have a question, though: what is the purpose of having this run by an
unprivileged user in the first place?
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/pW5PcOypT24J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Failed to set group to '0': Operation not permitted
On Monday, October 22, 2012 12:55:25 PM UTC-5, Dominic wrote:
Hi JCBollinger, Thank you so much for your suggestions.
Here goes my manifests:
#init.pp
class rabbitmq {
include rabbitmq::source, rabbitmq::service
}
#source.pp
class rabbitmq::source {
file { /home/user: ensure = directory }
file { /home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz:
source =
puppet:///modules/rabbitmq/rabbitmq-server-generic-unix-2.8.7.tar.gz,
alias = rabbitmq-source-tgz,
before = Exec[untar-rabbitmq-source]
}
exec { /bin/tar xzvf rabbitmq-server-generic-unix-2.8.7.tar.gz:
cwd = /home/user/,
creates = /home/user/rabbitmq_server-2.8.7,
alias = untar-rabbitmq-source,
subscribe = File[rabbitmq-source-tgz]
}
}
#service.pp
class rabbitmq::service {
exec { rabbitmq_service:
environment = HOME=/home/user,
command= /home/user/rabbitmq_server-2.8.7/sbin/rabbitmq-server
-detached ,
require = Class[rabbitmq::source]
}
}
We dont have root permissions, as we are hosting it in the Cloud.
I'm not sure why that inherently means you don't have root, but whatever.
So, supposing the issue is with
File[/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz], it's not
immediately clear to me whether Puppet's behavior is correct here. It
seems to be defaulting the target group to 0 (since you don't specify a
group, that has to be coming in as a default). That's not documented
behavior, but it may still be intentional. On the other hand, it is usual
for the agent to run as root, which would mask this behavior. I would
suggest that you file a ticket.
In the mean time, I would try to work around the issue by adding a 'group'
parameter to the file that specifies the correct target group (presumably
the primary group of the user who is running Puppet).
Good luck,
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/JpSUJqdNUt4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
