29285 2013-08-15 16:10:26 +0400 puppetmasterd is dead, but stale PID file exists 2013-09-05 15:29:05 +0400 1 1 3 Distributions Branch p7 puppet-server не указана all Linux CLOSED NOTABUG P3 normal --- 1 vic_1980 cas vic_1980 qa-p7 oldest_to_newest 142124 0 vic_1980 2013-08-15 16:10:26 +0400 Бодрого времени суток! При запуске puppetmasterd в syslog падает сообщение: puppetmasterd: /usr/lib/ruby/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. puppet-master[11596]: Reopening log files puppet-master[11596]: Starting Puppet master version 2.7.21 puppetmasterd: puppetmasterd startup succeeded В консоли: service puppetmasterd status puppetmasterd is dead, but stale PID file exists Pid-файл [root@linupd puppet]# ls -l итого 4 -rw-r--r-- 1 _puppet puppet 5 авг 15 16:05 master.pid rpm -qa |grep puppet puppet-server-2.7.21-alt2 puppet-2.7.21-alt2 puppet-http_server-mongrel-2.7.21-alt2 142332 1 cas 2013-08-30 13:34:22 +0400 Что выдаёт puppetmasterd -d --no-daemonize 142336 2 vic_1980 2013-08-30 14:04:24 +0400 (В ответ на комментарий №1) > Что выдаёт > > puppetmasterd -d --no-daemonize [root@linupd ~]# puppetmasterd -d --no-daemonize /usr/lib/ruby/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. debug: Failed to load library 'selinux' for feature 'selinux' debug: Failed to load library 'shadow' for feature 'libshadow' debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/linupd.titan.zn.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/private_keys/linupd.titan.zn.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/public_keys/linupd.titan.zn.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet] debug: /File[/var/log/puppet/masterhttp.log]: Autorequiring File[/var/log/puppet] debug: /File[/var/lib/puppet/bucket]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/server_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/reports]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/rrd]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 5418720 debug: /File[/var/lib/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/private]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/requests]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/signed]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/var/lib/puppet/ssl/ca/private] debug: /File[/var/lib/puppet/ssl/ca/serial]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: Finishing transaction 12674540 debug: Using cached certificate for ca debug: Using cached certificate for ca debug: Using cached certificate for linupd.titan.zn notice: Starting Puppet master version 2.7.21 Could not run: No mount specified for argument allow 10.0.0.0/16 142338 3 cas 2013-08-30 14:42:47 +0400 (В ответ на комментарий №2) > Could not run: No mount specified for argument allow 10.0.0.0/16 "Что это, Бэрримор?!" Откуда этот параметр взялся? grep ^allow /etc/puppet/* У меня в /etc/puppet/auth только кучка allow * allow $1 142371 4 vic_1980 2013-09-02 09:14:18 +0400 (В ответ на комментарий №3) > (В ответ на комментарий №2) > > Could not run: No mount specified for argument allow 10.0.0.0/16 > "Что это, Бэрримор?!" > Откуда этот параметр взялся? > > grep ^allow /etc/puppet/* > > У меня в /etc/puppet/auth только кучка > allow * > allow $1 Allow 10.0.0.0/16 - из fileserver.conf cat fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny # [files] # path /var/lib/puppet/files # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 allow 10.0.0.0/16 В auth.conf я вовсе ничего не добавлял cat auth.conf # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # --------------------------------- # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # ------------- # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their own reports path ~ ^/report/([^/]+)$ method save allow $1 # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any 142398 5 cas 2013-09-03 14:30:26 +0400 (В ответ на комментарий №4) > # Define a section 'files' > # Adapt the allow/deny settings to your needs. Order > # for allow/deny does not matter, allow always takes precedence > # over deny > # [files] > # path /var/lib/puppet/files > # allow *.example.com > # deny *.evil.example.com > # allow 192.168.0.0/24 > allow 10.0.0.0/16 А section кто раскомментировать будет? Должно быть [files] allow 10.0.0.0/16 142467 6 vic_1980 2013-09-05 13:06:40 +0400 (В ответ на комментарий №5) > (В ответ на комментарий №4) > > # Define a section 'files' > > # Adapt the allow/deny settings to your needs. Order > > # for allow/deny does not matter, allow always takes precedence > > # over deny > > # [files] > > # path /var/lib/puppet/files > > # allow *.example.com > > # deny *.evil.example.com > > # allow 192.168.0.0/24 > > allow 10.0.0.0/16 > А section кто раскомментировать будет? Должно быть > > [files] > allow 10.0.0.0/16 Да, Вы правы ... Ещё неплохо было-бы path раскомментировать =( Спасибо. Предлагаю считать закрытым. Извините 142475 7 cas 2013-09-05 15:29:05 +0400 Закрываю.