Puppet users - Feb 2011 - Passenger problem with /etc/puppet/ssl

I have been working on converting puppetmaster to use passenger and I 
can''t seem to get past this error message:

Could not prepare for execution: Got 1 failure(s) while initializing: 
change from absent to directory failed: Could not set ''directory on 
ensure: Permission denied - /etc/puppet/ssl

First off, the directory it wants doesn''t exist(by design, I have it in
/var/lib/puppet/ssl).
Now in /etc/puppet/puppet.conf I have:

     confdir=/etc/puppet
     vardir = /var/lib/puppet
     ssldir = $vardir/ssl

in all of the sections: [main], [agent],and [master].

But for some reason, passenger "really wants" /etc/puppet/ssl to
exist.

So just for grins, I created it, and voila!  I now have a whole newly 
populated ssl directory complete with a new CA, ignoring my existing CA 
in /var/lib/puppet/ssl.

What am I doing wrong? Is puppetmaster with passenger hard-wired to 
/etc/puppet/ssl ?

rpm -qa|grep ruby shows:

libselinux-ruby-1.33.4-5.5.el5
rrdtool-ruby-1.2.27-3.el5
ruby-1.8.6.287-2
ruby-augeas-0.3.0-1.el5
ruby-devel-1.8.6.287-2
rubygem-fastthread-1.0.7-1.el5
rubygem-rake-0.8.7-2.el5
rubygems-1.3.1-1.el5
ruby-irb-1.8.6.287-2
ruby-ldap-0.9.7-3.el5
ruby-libs-1.8.6.287-2
ruby-mysql-2.7.3-1.el5
ruby-rdoc-1.8.6.287-2
ruby-RRDtool-0.6.0-6.el5
ruby-shadow-1.4.1-7.el5

rpm -qa|grep puppet shows:
puppet-dashboard-1.0.4-1
puppet-2.6.4-0.5.el5
puppet-server-2.6.4-0.5.el5


  gem list --local shows:

*** LOCAL GEMS ***

actionmailer (2.2.2)
actionpack (2.2.2)
activerecord (2.2.2)
activeresource (2.2.2)
activesupport (2.2.2)
daemon_controller (0.2.5)
fastthread (1.0.7)
file-tail (1.0.5)
mysql (2.8.1)
passenger (2.2.5)
rack (1.1.0)
rails (2.2.2)
rake (0.8.7)
rubygems-update (1.3.6)
spruz (0.2.2)



Thanks for your help,
Dave

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Dave,

Just wondering if you tried to make a temporary symlink from /var/lib/puppet/ssl
to /etc/puppet/ssl to see if the error changes or goes away (just to narrow the
scope)?

Also, take a look at http://blog.kumina.nl/2011/01/puppet-on-puppetmaster/ --
perhaps you''re missing an ssldir declaration in the proper section(s).

-Mark

On Feb 1, 2011, at 11:51 AM, Dave Augustus wrote:
> I have been working on converting puppetmaster to use passenger and I
can''t seem to get past this error message:
> 
> Could not prepare for execution: Got 1 failure(s) while initializing:
change from absent to directory failed: Could not set ''directory on
ensure: Permission denied - /etc/puppet/ssl
> 
> First off, the directory it wants doesn''t exist(by design, I have
it in /var/lib/puppet/ssl).
> Now in /etc/puppet/puppet.conf I have:
> 
>    confdir=/etc/puppet
>    vardir = /var/lib/puppet
>    ssldir = $vardir/ssl
> 
> in all of the sections: [main], [agent],and [master].
> 
> But for some reason, passenger "really wants" /etc/puppet/ssl to
exist.
> 
> So just for grins, I created it, and voila!  I now have a whole newly
populated ssl directory complete with a new CA, ignoring my existing CA in
/var/lib/puppet/ssl.
> 
> What am I doing wrong? Is puppetmaster with passenger hard-wired to
/etc/puppet/ssl ?
> 
> rpm -qa|grep ruby shows:
> 
> libselinux-ruby-1.33.4-5.5.el5
> rrdtool-ruby-1.2.27-3.el5
> ruby-1.8.6.287-2
> ruby-augeas-0.3.0-1.el5
> ruby-devel-1.8.6.287-2
> rubygem-fastthread-1.0.7-1.el5
> rubygem-rake-0.8.7-2.el5
> rubygems-1.3.1-1.el5
> ruby-irb-1.8.6.287-2
> ruby-ldap-0.9.7-3.el5
> ruby-libs-1.8.6.287-2
> ruby-mysql-2.7.3-1.el5
> ruby-rdoc-1.8.6.287-2
> ruby-RRDtool-0.6.0-6.el5
> ruby-shadow-1.4.1-7.el5
> 
> rpm -qa|grep puppet shows:
> puppet-dashboard-1.0.4-1
> puppet-2.6.4-0.5.el5
> puppet-server-2.6.4-0.5.el5
> 
> 
> gem list --local shows:
> 
> *** LOCAL GEMS ***
> 
> actionmailer (2.2.2)
> actionpack (2.2.2)
> activerecord (2.2.2)
> activeresource (2.2.2)
> activesupport (2.2.2)
> daemon_controller (0.2.5)
> fastthread (1.0.7)
> file-tail (1.0.5)
> mysql (2.8.1)
> passenger (2.2.5)
> rack (1.1.0)
> rails (2.2.2)
> rake (0.8.7)
> rubygems-update (1.3.6)
> spruz (0.2.2)
> 
> 
> 
> Thanks for your help,
> Dave
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
> <davea.vcf>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hello Mark,

I ran into trouble using symlinks with puppet/puppetmaster as puppet 
would manage them directly and actually remove them. I know there is the 
ability to tell puppet NOT to do this but I didn''t explore that option.

At this point, I have puppetmaster/passenger now running on 
/etc/puppet/ssl which is not what I wanted but the only way I could get 
it to run.

Thanks,
Dave


On 02/01/2011 10:56 AM, Mark Stanislav wrote:
> Dave,
>
> Just wondering if you tried to make a temporary symlink from
/var/lib/puppet/ssl to /etc/puppet/ssl to see if the error changes or goes away
(just to narrow the scope)?
>
> Also, take a look at http://blog.kumina.nl/2011/01/puppet-on-puppetmaster/
-- perhaps you''re missing an ssldir declaration in the proper
section(s).
>
> -Mark
>
> On Feb 1, 2011, at 11:51 AM, Dave Augustus wrote:
>
>> I have been working on converting puppetmaster to use passenger and I
can''t seem to get past this error message:
>>
>> Could not prepare for execution: Got 1 failure(s) while initializing:
change from absent to directory failed: Could not set ''directory on
ensure: Permission denied - /etc/puppet/ssl
>>
>> First off, the directory it wants doesn''t exist(by design, I
have it in /var/lib/puppet/ssl).
>> Now in /etc/puppet/puppet.conf I have:
>>
>>     confdir=/etc/puppet
>>     vardir = /var/lib/puppet
>>     ssldir = $vardir/ssl
>>
>> in all of the sections: [main], [agent],and [master].
>>
>> But for some reason, passenger "really wants" /etc/puppet/ssl
to exist.
>>
>> So just for grins, I created it, and voila!  I now have a whole newly
populated ssl directory complete with a new CA, ignoring my existing CA in
/var/lib/puppet/ssl.
>>
>> What am I doing wrong? Is puppetmaster with passenger hard-wired to
/etc/puppet/ssl ?
>>
>> rpm -qa|grep ruby shows:
>>
>> libselinux-ruby-1.33.4-5.5.el5
>> rrdtool-ruby-1.2.27-3.el5
>> ruby-1.8.6.287-2
>> ruby-augeas-0.3.0-1.el5
>> ruby-devel-1.8.6.287-2
>> rubygem-fastthread-1.0.7-1.el5
>> rubygem-rake-0.8.7-2.el5
>> rubygems-1.3.1-1.el5
>> ruby-irb-1.8.6.287-2
>> ruby-ldap-0.9.7-3.el5
>> ruby-libs-1.8.6.287-2
>> ruby-mysql-2.7.3-1.el5
>> ruby-rdoc-1.8.6.287-2
>> ruby-RRDtool-0.6.0-6.el5
>> ruby-shadow-1.4.1-7.el5
>>
>> rpm -qa|grep puppet shows:
>> puppet-dashboard-1.0.4-1
>> puppet-2.6.4-0.5.el5
>> puppet-server-2.6.4-0.5.el5
>>
>>
>> gem list --local shows:
>>
>> *** LOCAL GEMS ***
>>
>> actionmailer (2.2.2)
>> actionpack (2.2.2)
>> activerecord (2.2.2)
>> activeresource (2.2.2)
>> activesupport (2.2.2)
>> daemon_controller (0.2.5)
>> fastthread (1.0.7)
>> file-tail (1.0.5)
>> mysql (2.8.1)
>> passenger (2.2.5)
>> rack (1.1.0)
>> rails (2.2.2)
>> rake (0.8.7)
>> rubygems-update (1.3.6)
>> spruz (0.2.2)
>>
>>
>>
>> Thanks for your help,
>> Dave
>>
>> -- 
>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>>
>> <davea.vcf>

-- 
*Dave Augustus*
President and Lead Developer
Web: Ingrafted Software <http://www.ingraftedsoftware.com/>
Email: davea@ingraftedsoftware.com <mailto:davea@ingraftedsoftware.com>
Office: (817) 741-1288
Cell: (817) 371-0585

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi, 
You only need to set the location of the ssl directory in the [main] section of
the puppet..

If you are using puppet with apache/passenger you need to put apache in the
puppet group.

Create the ssl directory first by running puppetmasterd once. 

The other thing to watch is the versions of rack and passenger(don''t
have my version numbers with me).

Cheers,
Den

On 02/02/2011, at 4:18, Dave Augustus <davea@ingraftedsoftware.com> wrote:
> Hello Mark,
> 
> I ran into trouble using symlinks with puppet/puppetmaster as puppet would
manage them directly and actually remove them. I know there is     the ability
to tell puppet NOT to do this but I didn''t explore that option.
> 
> At this point, I have puppetmaster/passenger now running on /etc/puppet/ssl
which is not what I wanted but the only way I could get it to run.
> 
> Thanks,
> Dave
> 
> 
> On 02/01/2011 10:56 AM, Mark Stanislav wrote:
>> 
>> Dave,
>> 
>> Just wondering if you tried to make a temporary symlink from
/var/lib/puppet/ssl to /etc/puppet/ssl to see if the error changes or goes away
(just to narrow the scope)?
>> 
>> Also, take a look at
http://blog.kumina.nl/2011/01/puppet-on-puppetmaster/ -- perhaps you''re
missing an ssldir declaration in the proper section(s).
>> 
>> -Mark
>> 
>> On Feb 1, 2011, at 11:51 AM, Dave Augustus wrote:
>> 
>>> I have been working on converting puppetmaster to use passenger and
I can''t seem to get past this error message:
>>> 
>>> Could not prepare for execution: Got 1 failure(s) while
initializing: change from absent to directory failed: Could not set
''directory on ensure: Permission denied - /etc/puppet/ssl
>>> 
>>> First off, the directory it wants doesn''t exist(by design,
I have it in /var/lib/puppet/ssl).
>>> Now in /etc/puppet/puppet.conf I have:
>>> 
>>>    confdir=/etc/puppet
>>>    vardir = /var/lib/puppet
>>>    ssldir = $vardir/ssl
>>> 
>>> in all of the sections: [main], [agent],and [master].
>>> 
>>> But for some reason, passenger "really wants"
/etc/puppet/ssl to exist.
>>> 
>>> So just for grins, I created it, and voila!  I now have a whole
newly populated ssl directory complete with a new CA, ignoring my existing CA in
/var/lib/puppet/ssl.
>>> 
>>> What am I doing wrong? Is puppetmaster with passenger hard-wired to
/etc/puppet/ssl ?
>>> 
>>> rpm -qa|grep ruby shows:
>>> 
>>> libselinux-ruby-1.33.4-5.5.el5
>>> rrdtool-ruby-1.2.27-3.el5
>>> ruby-1.8.6.287-2
>>> ruby-augeas-0.3.0-1.el5
>>> ruby-devel-1.8.6.287-2
>>> rubygem-fastthread-1.0.7-1.el5
>>> rubygem-rake-0.8.7-2.el5
>>> rubygems-1.3.1-1.el5
>>> ruby-irb-1.8.6.287-2
>>> ruby-ldap-0.9.7-3.el5
>>> ruby-libs-1.8.6.287-2
>>> ruby-mysql-2.7.3-1.el5
>>> ruby-rdoc-1.8.6.287-2
>>> ruby-RRDtool-0.6.0-6.el5
>>> ruby-shadow-1.4.1-7.el5
>>> 
>>> rpm -qa|grep puppet shows:
>>> puppet-dashboard-1.0.4-1
>>> puppet-2.6.4-0.5.el5
>>> puppet-server-2.6.4-0.5.el5
>>> 
>>> 
>>> gem list --local shows:
>>> 
>>> *** LOCAL GEMS ***
>>> 
>>> actionmailer (2.2.2)
>>> actionpack (2.2.2)
>>> activerecord (2.2.2)
>>> activeresource (2.2.2)
>>> activesupport (2.2.2)
>>> daemon_controller (0.2.5)
>>> fastthread (1.0.7)
>>> file-tail (1.0.5)
>>> mysql (2.8.1)
>>> passenger (2.2.5)
>>> rack (1.1.0)
>>> rails (2.2.2)
>>> rake (0.8.7)
>>> rubygems-update (1.3.6)
>>> spruz (0.2.2)
>>> 
>>> 
>>> 
>>> Thanks for your help,
>>> Dave
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>>> 
>>> <davea.vcf>
>> 
> 
> 
> -- 
> Dave Augustus 
> President and Lead Developer 
> Web: Ingrafted Software 
> Email: davea@ingraftedsoftware.com       
> Office: (817) 741-1288 
> Cell: (817) 371-0585
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> <davea.vcf>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.