ankush grover
2012-Apr-05 11:43 UTC
[Puppet Users] Somehow puppet is not able to start ossec service
Hi Friends, I have configured Puppet 2.7.12-1 on Centos 6 as server and various clients running on Redhat/Centos/Ubuntu etc.. The issue I am facing is that somehow Puppet is not able to start the ossec service on the client. If the service is stopped on the client then puppet is not able to start the service. Below are the logs of the Puppet client running on the Centos 5 machine. puppetd --test --server puppetmaster-del.example.com --debug debug: Failed to load library ''shadow'' for feature ''libshadow'' debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library ''ldap'' for feature ''ldap'' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Failed to load library ''rubygems'' for feature ''rubygems'' debug: Failed to load library ''selinux'' for feature ''selinux'' debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] debug: /File[/var/run/puppet/agent.pid]: Autorequiring File[/var/run/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/certs/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction -607017838 debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/linuxbackup-del4.synapse.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: Finishing transaction -607864488 debug: Using cached certificate for ca debug: Using cached certificate for linuxbackup-del4.synapse.com notice: Ignoring --listen on onetime run debug: Finishing transaction -608144338 debug: Loaded state in 0.00 seconds debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using pson debug: Using cached certificate for ca debug: Using cached certificate for linuxbackup-del4.synapse.com debug: Using cached certificate_revocation_list for ca debug: Puppet::Type::Package::ProviderRpm: Executing ''/bin/rpm --version'' debug: Puppet::Type::Package::ProviderYum: Executing ''/bin/rpm --version'' debug: Puppet::Type::Package::ProviderUrpmi: Executing ''/bin/rpm -ql rpm'' debug: Puppet::Type::Package::ProviderAptrpm: Executing ''/bin/rpm -ql rpm'' info: Caching catalog for linuxbackup-del4.synapse.com debug: Puppet::Type::Service::ProviderRunit: file /usr/bin/sv does not exist debug: Puppet::Type::Service::ProviderLaunchd: file /bin/launchctl does not exist debug: Puppet::Type::Service::ProviderSystemd: file /bin/systemctl does not exist debug: Puppet::Type::Service::ProviderGentoo: file /sbin/rc-update does not exist debug: Puppet::Type::Service::ProviderDaemontools: file /usr/bin/svc does not exist debug: Puppet::Type::Service::ProviderDebian: file /usr/sbin/update-rc.d does not exist debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swinstall does not exist debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_delete does not exist debug: Puppet::Type::Package::ProviderPkg: file /usr/bin/pkg does not exist debug: Puppet::Type::Package::ProviderZypper: file /usr/bin/zypper does not exist debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/eix-update does not exist debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/pkg_deinstall does not exist debug: Puppet::Type::Package::ProviderAix: file /usr/bin/lslpp does not exist debug: Puppet::Type::Package::ProviderGem: file gem does not exist debug: Puppet::Type::Package::ProviderPortupgrade: file /usr/local/sbin/pkg_deinstall does not exist debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_delete does not exist debug: Puppet::Type::Package::ProviderSun: file /usr/sbin/pkgadd does not exist debug: Puppet::Type::Package::ProviderNim: file /usr/sbin/nimclient does not exist debug: Puppet::Type::Package::ProviderPacman: file /usr/bin/pacman does not exist debug: Puppet::Type::Package::ProviderUrpmi: file urpmq does not exist debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist debug: Creating default schedules debug: Loaded state in 0.00 seconds info: Applying configuration version ''1333625384'' debug: /Stage[main]/Ntp/Service[ntp]/subscribe: subscribes to File[ntp.conf] debug: /Stage[main]/Ntp/File[ntp.conf]/require: requires Package[ntp] debug: /Stage[main]/Noidamuninnode/File[/etc/munin.conf]/notify: subscribes to Service[munin-node] debug: /Stage[main]/Dnsresolve/File[/etc/resolv.conf]/notify: subscribes to Service[nscd] debug: /Stage[main]/Enablentpdate/Exec[/usr/local/sbin/ntp.sh]: Autorequiring File[enablentpdate] debug: /Schedule[daily]: Skipping device resources because running on a host debug: /Schedule[monthly]: Skipping device resources because running on a host debug: /Schedule[hourly]: Skipping device resources because running on a host debug: Prefetching yum resources for package debug: Puppet::Type::Package::ProviderYum: Executing ''/bin/rpm --version'' debug: Puppet::Type::Package::ProviderYum: Executing ''/bin/rpm -qa --nosignature --nodigest --qf ''%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH} '''' debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: /Schedule[never]: Skipping device resources because running on a host debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: Exec[/usr/local/sbin/ntp.sh](provider=posix): Executing ''/usr/local/sbin/ntp.sh'' debug: Executing ''/usr/local/sbin/ntp.sh'' notice: /Stage[main]/Enablentpdate/Exec[/usr/local/sbin/ntp.sh]/returns: executed successfully debug: /Stage[main]/Enablentpdate/Exec[/usr/local/sbin/ntp.sh]: The container Class[Enablentpdate] will propagate my refresh event debug: Class[Enablentpdate]: The container Stage[main] will propagate my refresh event debug: Service[ntp](provider=redhat): Executing ''/sbin/service ntpd status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig ntpd'' debug: Service[sendmail](provider=redhat): Executing ''/sbin/service sendmail status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig sendmail'' debug: Service[xinetd](provider=redhat): Executing ''/sbin/service xinetd status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig xinetd'' debug: /Schedule[weekly]: Skipping device resources because running on a host debug: Prefetching crontab resources for cron debug: /Schedule[puppet]: Skipping device resources because running on a host debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: Service[munin-node](provider=redhat): Executing ''/sbin/service munin-node status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig munin-node'' debug: Service[ossec](provider=redhat): Executing ''/sbin/service ossec status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig ossec'' debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: Service[nscd](provider=redhat): Executing ''/sbin/service nscd status'' debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig nscd'' debug: Finishing transaction -608279958 debug: Storing state debug: Stored state in 0.01 seconds notice: Finished catalog run in 13.46 seconds debug: Value of ''preferred_serialization_format'' (pson) is invalid for report, using default (marshal) debug: report supports formats: b64_zlib_yaml marshal raw yaml; using marshal service ossec status ossec-logcollector not running... ossec-syscheckd not running... ossec-agentd not running... ossec-execd not running... Ossec is starting fine through the service command root@linuxbackup-del4 ~]# service ossec start Starting OSSEC: [ OK ] [root@linuxbackup-del4 ~]# service ossec status ossec-logcollector is running... ossec-syscheckd is running... ossec-agentd is running... ossec-execd is running... Client Details Puppet version: puppet-2.7.12-1.el5 ruby -v ruby 1.8.5 (2006-08-25) [i386-linux] Server Details puppet-2.7.12-1 ruby -v ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] What could be the reason Puppet not being able to start the ossec service? Regards Ankush -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rDEmoH3jtPAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Apr-06 15:09 UTC
[Puppet Users] Re: Somehow puppet is not able to start ossec service
On Apr 5, 6:43 am, ankush grover <ankushcen...@gmail.com> wrote:> Hi Friends, > > I have configured Puppet 2.7.12-1 on Centos 6 as server and various clients > running on Redhat/Centos/Ubuntu etc.. The issue I am facing is that > somehow Puppet is not able to start the ossec service on the client. > > If the service is stopped on the client then puppet is not able to start > the service. Below are the logs of the Puppet client running on the Centos > 5 machine.From the log, it does not appear that Puppet is unable to start the service, but rather that it thinks it doesn''t needs to do. The log shows it checking the service''s current status> debug: Service[ossec](provider=redhat): Executing ''/sbin/service ossec > status''and whether the service is enabled> debug: Puppet::Type::Service::ProviderRedhat: Executing ''/sbin/chkconfig > ossec''but not any attempt to start the service. There are two main possibilities: 1) Your manifest doesn''t declare that the service should be running, or 2) the service''s initscript does not follow LSB convention for the return value of the ''status'' command. Puppet relies on the return value, not the text output. See, for example, http://refspecs.linux-foundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html. My bet would be that the initscript''s ''status'' command is always returning 0, regardless of the actual status. Instead, it ought to return 1, 2, or 3 when the service is not running, depending on whether there is a leftover pid file, lock file, or neither. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.