Message from application: Permission denied - /etc/puppet/modules (Errno::EACCES)

j...@poweriep.com

unread,

May 11, 2015, 7:51:50 AM5/11/15

to puppet...@googlegroups.com

Hi All,

Brand new to puppet and am trying to get a simpler master server set up to test it out. I've been following the install guide at http://docs.puppetlabs.com/guides/install_puppet/install_el.html. This is on CentOS 7 on AWS. Everything goes fine, through the installation of passenger. When I start apache and fire up a browser, I get a generic error message in my browser and this shows up in the error_log. Any clues as to what the permissions issue is would be great. Originally, everything in /etc/puppet/ was owned by root. I changed it to puppet (which is the user that owns the config.ru file) and that didn't matter either. I'm at a loss a this point, so any help would be great.

[ 2015-05-10 21:09:09.6731 1455/7f09e7bc0700 App/Implementation.cpp:287 ]: Could not spawn process for application /usr/share/puppet/rack/puppetmasterd: An error occured while starting up the preloader.

Error ID: a313ca62

Error details saved to: /tmp/passenger-error-Lw6ZvE.html

Message from application: Permission denied - /etc/puppet/modules (Errno::EACCES)

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `open'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `entries'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `block in module_directories'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:135:in `collect'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:135:in `module_directories'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:164:in `search_directories'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:94:in `files_to_load'

/usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:225:in `files_to_load'

/usr/share/ruby/vendor_ruby/puppet/application.rb:229:in `available_application_names'

/usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:105:in `find_subcommand'

/usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'

config.ru:35:in `block in <main>'

/usr/local/share/gems/gems/rack-1.6.1/lib/rack/builder.rb:55:in `instance_eval'

/usr/local/share/gems/gems/rack-1.6.1/lib/rack/builder.rb:55:in `initialize'

config.ru:1:in `new'

config.ru:1:in `<main>'

/usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:107:in `eval'

/usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:107:in `preload_app'

/usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:153:in `<module:App>'

/usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:29:in `<module:PhusionPassenger>'

/usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:28:in `<main>'

[ 2015-05-10 21:09:09.6767 1455/7f09e209e700 age/Hel/Req/CheckoutSession.cpp:252 ]: [Client 1-2] Cannot checkout session because a spawning error occurred. The identifier of the error is a313ca62. Please see earlier logs for details about the error.

Thanks!

Joe

Gabriel Filion

unread,

May 11, 2015, 12:24:02 PM5/11/15

to puppet...@googlegroups.com

Hey there,

On 10/05/15 10:15 PM, j...@poweriep.com wrote:
> Message from application: Permission denied - /etc/puppet/modules
> (Errno::EACCES)

make sure to also verify permissions on /etc/puppet itself. If the
puppet user can't traverse the directory then the process won't be able
to open up the modules subdir.

to help out with permissions errors, what you can usually do is to
switch to that user and try listing directories/accessing files:

# su -s /bin/bash - puppet
> ls /etc/puppet/modules
> ls -ld /etc/puppet

hth

--
Gabriel Filion

signature.asc

Joe Koenig

unread,

May 11, 2015, 8:51:07 PM5/11/15

to puppet...@googlegroups.com, gab...@lelutin.ca

Great, thank you. That got me past that hangup. However, now, when I try to load it up in my browser, it just spins for a while and then tells me it timed out. Nothing is in my /var/log/messages or any of the Apache logs...so...not sure where to start on that...Anyone have any thoughts?

Gabriel Filion

unread,

May 11, 2015, 9:38:23 PM5/11/15

to j...@poweriep.com, puppet...@googlegroups.com

On 11/05/15 08:51 PM, Joe Koenig wrote:
> On Monday, May 11, 2015 at 11:24:02 AM UTC-5, Gabriel Filion wrote:

> On 10/05/15 10:15 PM, j...@poweriep.com <javascript:> wrote:
> > Message from application: Permission denied - /etc/puppet/modules
> > (Errno::EACCES)

> # su -s /bin/bash - puppet
> > ls /etc/puppet/modules
> > ls -ld /etc/puppet
>
> Great, thank you. That got me past that hangup. However, now, when I try
> to load it up in my browser, it just spins for a while and then tells me
> it timed out. Nothing is in my /var/log/messages or any of the Apache
> logs...so...not sure where to start on that...Anyone have any thoughts?

I'm not sure exactly what you're loading up in your browser.. If I
didn't put my finger on it below, tell us which URL you're loading up
(or better, exactly what you're trying to do to achieve a test)

If you're trying to access a puppet URI like
https://puppetmaster:8140/.../ then the master is probably waiting for
you to send a client TLS certificate to authenticate yourself. This is
how the puppet master ensures that only client that it knows of are
trying to get information out of it.

To test out that puppet is working right, I'd recommend rather to try
running a puppet agent run from the master server as a client to the
puppet master on the same server (e.g. configure /etc/puppet/puppet.conf
to specify master host, create a node in your manifests for the puppet
master host that does something simple like a notify{ 'some text': }
then run puppet agent -t). Since the puppet master will use the same TLS
cert as a client then as server, the cert will be already valid.

--
Gabriel Filion

Joe Koenig

unread,

May 14, 2015, 3:37:14 PM5/14/15

to puppet...@googlegroups.com, gab...@lelutin.ca, j...@poweriep.com

On Monday, May 11, 2015 at 8:38:23 PM UTC-5, Gabriel Filion wrote:

If you're trying to access a puppet URI like
https://puppetmaster:8140/.../ then the master is probably waiting for
you to send a client TLS certificate to authenticate yourself. This is
how the puppet master ensures that only client that it knows of are
trying to get information out of it.

To test out that puppet is working right, I'd recommend rather to try
running a puppet agent run from the master server as a client to the
puppet master on the same server (e.g. configure /etc/puppet/puppet.conf
to specify master host, create a node in your manifests for the puppet
master host that does something simple like a notify{ 'some text': }
then run puppet agent -t). Since the puppet master will use the same TLS
cert as a client then as server, the cert will be already valid.

--
Gabriel Filion

Yes, I was trying to load it up in a browser, so that explains why that didn't work. I went ahead and did some basic configuration on the master server to set up a simple agent as well. I feel like I'm right back to where I started though. When I run puppet agent -t, I get some 500 errors (html prints to my terminal) and looking in the apache error_log I see:

[ 2015-05-14 14:31:09.6396 2593/7f3e24760700 App/Implementation.cpp:287 ]: Could not spawn process for application /usr/share/puppet/rack/puppetmasterd: An error occured while starting up the preloader.

Error ID: 25487624

Error details saved to: /tmp/passenger-error-xaaVuJ.html