FAQ
Hi everyone,

Here is the task, I just need to get the file from master, untar it and
execute a file.

Step 1:

Working as a root user,having the default puppet.conf for root and the
agent could get the source file from master , untar it and execute it.

Step 2:

Moving to non-root user, I have a different puppet.conf with the conf the
master validates the agent and gets me the source , and untar it to the
agent , but on the agent side I got the error.


Here is my puppet.conf

[main]
logdir = /home/user/var/log/puppet
rundir = /home/user/var/run/puppet
vardir = /home/user/var/lib/puppet
ssldir = $vardir/ssl

server=puppetmaster.example.com
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
[master]
certname=puppetmaster.example.com

On executing,

puppet agent --confdir-/home/user/etc -t,

Error: Failed to set group to '0': Operation not permitted -
/home/user/unix.tar.gz
Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file
failed: Failed to set group to '0': Operation not permitted -
/home/user/.tar.gz

Though I set the tarball of the source in master to 777 permissions, I get
the same error.

Your help is great appreciated, please let me know if you need any further
info.

Thanks,

Dominic








--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/aXLCj3-DvsQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jcbollinger at Oct 22, 2012 at 1:54 pm

    On Friday, October 19, 2012 9:38:25 AM UTC-5, Dominic wrote:
    Hi everyone,

    Here is the task, I just need to get the file from master, untar it and
    execute a file.

    Step 1:

    Working as a root user,having the default puppet.conf for root and the
    agent could get the source file from master , untar it and execute it.

    Step 2:

    Moving to non-root user, I have a different puppet.conf with the conf the
    master validates the agent and gets me the source , and untar it to the
    agent , but on the agent side I got the error.


    Here is my puppet.conf

    [main]
    logdir = /home/user/var/log/puppet
    rundir = /home/user/var/run/puppet
    vardir = /home/user/var/lib/puppet
    ssldir = $vardir/ssl

    server=puppetmaster.example.com
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    [master]
    certname=puppetmaster.example.com

    On executing,

    puppet agent --confdir-/home/user/etc -t,

    Error: Failed to set group to '0': Operation not permitted -
    /home/user/unix.tar.gz
    Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file
    failed: Failed to set group to '0': Operation not permitted -
    /home/user/.tar.gz

    Though I set the tarball of the source in master to 777 permissions, I get
    the same error.

    Your help is great appreciated, please let me know if you need any further
    info.
    This problem is not directly related to puppet.conf. It is probably in
    issue in your init.pp file on the master (because that appears to be where
    you declare File[/home/user/unix.tar.gz]). The manifest leads Puppet to
    believe that the target file is supposed to have group 0, but changing the
    downloaded file's group requires the agent to run as root.

    If you post the declaration of that file, then we may be able to tell you
    more.

    I have a question, though: what is the purpose of having this run by an
    unprivileged user in the first place?


    John

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m_CIZDBB3B0J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Dominic at Oct 22, 2012 at 6:04 pm
    Hi JCBollinger, Thank you so much for your suggestions.

    Here goes my manifests:


    #init.pp

    class rabbitmq {
    include rabbitmq::source, rabbitmq::service
    }


    #source.pp

    class rabbitmq::source {
    file { "/home/user": ensure => directory }
    file { "/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz":
    source =>
    "puppet:///modules/rabbitmq/rabbitmq-server-generic-unix-2.8.7.tar.gz",
    alias => "rabbitmq-source-tgz",
    before => Exec["untar-rabbitmq-source"]
    }
    exec { "/bin/tar xzvf rabbitmq-server-generic-unix-2.8.7.tar.gz":
    cwd => "/home/user/",
    creates => "/home/user/rabbitmq_server-2.8.7",
    alias => "untar-rabbitmq-source",
    subscribe => File["rabbitmq-source-tgz"]
    }
    }

    #service.pp

    class rabbitmq::service {
    exec { "rabbitmq_service":
    environment => "HOME=/home/user",
    command=> "/home/user/rabbitmq_server-2.8.7/sbin/rabbitmq-server
    -detached ",
    require => Class["rabbitmq::source"]
    }
    }

    We dont have root permissions, as we are hosting it in the Cloud.

    But when I do extract the unix.tar.gz in user mode without any root
    permissions manually , and execute the ./sbin/rabbitmq-server, it gets
    executed.

    I really appreciate your suggestions and thoughts.

    Thanks again,

    Dominic.



    On Monday, October 22, 2012 6:54:47 AM UTC-7, jcbollinger wrote:


    On Friday, October 19, 2012 9:38:25 AM UTC-5, Dominic wrote:

    Hi everyone,

    Here is the task, I just need to get the file from master, untar it and
    execute a file.

    Step 1:

    Working as a root user,having the default puppet.conf for root and the
    agent could get the source file from master , untar it and execute it.

    Step 2:

    Moving to non-root user, I have a different puppet.conf with the conf the
    master validates the agent and gets me the source , and untar it to the
    agent , but on the agent side I got the error.


    Here is my puppet.conf

    [main]
    logdir = /home/user/var/log/puppet
    rundir = /home/user/var/run/puppet
    vardir = /home/user/var/lib/puppet
    ssldir = $vardir/ssl

    server=puppetmaster.example.com
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    [master]
    certname=puppetmaster.example.com

    On executing,

    puppet agent --confdir-/home/user/etc -t,

    Error: Failed to set group to '0': Operation not permitted -
    /home/user/unix.tar.gz
    Error: /File[/home/user/unix.tar.gz]/ensure: change from absent to file
    failed: Failed to set group to '0': Operation not permitted -
    /home/user/.tar.gz

    Though I set the tarball of the source in master to 777 permissions, I
    get the same error.

    Your help is great appreciated, please let me know if you need any
    further info.
    This problem is not directly related to puppet.conf. It is probably in
    issue in your init.pp file on the master (because that appears to be where
    you declare File[/home/user/unix.tar.gz]). The manifest leads Puppet to
    believe that the target file is supposed to have group 0, but changing the
    downloaded file's group requires the agent to run as root.

    If you post the declaration of that file, then we may be able to tell you
    more.

    I have a question, though: what is the purpose of having this run by an
    unprivileged user in the first place?


    John
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/pW5PcOypT24J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jcbollinger at Oct 22, 2012 at 10:34 pm

    On Monday, October 22, 2012 12:55:25 PM UTC-5, Dominic wrote:
    Hi JCBollinger, Thank you so much for your suggestions.

    Here goes my manifests:


    #init.pp

    class rabbitmq {
    include rabbitmq::source, rabbitmq::service
    }


    #source.pp

    class rabbitmq::source {
    file { "/home/user": ensure => directory }
    file { "/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz":
    source =>
    "puppet:///modules/rabbitmq/rabbitmq-server-generic-unix-2.8.7.tar.gz",
    alias => "rabbitmq-source-tgz",
    before => Exec["untar-rabbitmq-source"]
    }
    exec { "/bin/tar xzvf rabbitmq-server-generic-unix-2.8.7.tar.gz":
    cwd => "/home/user/",
    creates => "/home/user/rabbitmq_server-2.8.7",
    alias => "untar-rabbitmq-source",
    subscribe => File["rabbitmq-source-tgz"]
    }
    }

    #service.pp

    class rabbitmq::service {
    exec { "rabbitmq_service":
    environment => "HOME=/home/user",
    command=> "/home/user/rabbitmq_server-2.8.7/sbin/rabbitmq-server
    -detached ",
    require => Class["rabbitmq::source"]
    }
    }

    We dont have root permissions, as we are hosting it in the Cloud.

    I'm not sure why that inherently means you don't have root, but whatever.

    So, supposing the issue is with
    File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not
    immediately clear to me whether Puppet's behavior is correct here. It
    seems to be defaulting the target group to 0 (since you don't specify a
    group, that has to be coming in as a default). That's not documented
    behavior, but it may still be intentional. On the other hand, it is usual
    for the agent to run as root, which would mask this behavior. I would
    suggest that you file a ticket.

    In the mean time, I would try to work around the issue by adding a 'group'
    parameter to the file that specifies the correct target group (presumably
    the primary group of the user who is running Puppet).

    Good luck,

    John

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JpSUJqdNUt4J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Stefan Schulte at Oct 23, 2012 at 6:40 pm

    On Mon, Oct 22, 2012 at 03:05:40PM -0700, jcbollinger wrote:
    I'm not sure why that inherently means you don't have root, but whatever.

    So, supposing the issue is with
    File["/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz"], it's not
    immediately clear to me whether Puppet's behavior is correct here. It
    seems to be defaulting the target group to 0 (since you don't specify a
    group, that has to be coming in as a default). That's not documented
    behavior, but it may still be intentional. On the other hand, it is usual
    for the agent to run as root, which would mask this behavior. I would
    suggest that you file a ticket.
    If you do not specify owner/group/mode and you don't have a global
    default and the file needs to be created, it will be created with
    owner/group/mode of the source file. This can of course fail if the
    agent is not run as root.

    FWIW there was a discussion about the current behaviour quite a while
    ago, but the last comment is over a year old now:
    http://projects.puppetlabs.com/issues/5240

    -Stefan

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedOct 19, '12 at 3:37p
activeOct 23, '12 at 6:40p
posts5
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase