Permission Denied with concatfragments.sh

246 views
Skip to first unread message

Matthew Hyclak

unread,
Sep 11, 2014, 8:46:38 AM9/11/14
to puppet...@googlegroups.com
I'm facing a very strange problem and I'm honestly not sure where to look. Any pointers would be great. I have a system I'm using the hunner/wordpress module and for some reason when it tries to build the wp-config.php file, concatfragments.sh fails. The strange part is that the apache module uses the same script to build /etc/httpd/conf/ports.conf and it works fine.

Here's the debug output of both the apache and wordpress modules:

Debug: Exec[concat_/etc/httpd/conf/ports.conf](provider=posix): Executing check '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_etc_httpd_conf_ports.conf/fragments.concat.out" -d "/var/lib/puppet/concat/_etc_httpd_conf_ports.conf" -t'
Debug: Executing '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_etc_httpd_conf_ports.conf/fragments.concat.out" -d "/var/lib/puppet/concat/_etc_httpd_conf_ports.conf" -t'
...
Debug: Exec[concat_/opt/wordpress/wp-config.php](provider=posix): Executing check '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php" -t'
Debug: Executing '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php" -t'
Debug: /Stage[main]/Wordpress::App/Concat[/opt/wordpress/wp-config.php]/Exec[concat_/opt/wordpress/wp-config.php]/unless: sh: /var/lib/puppet/concat/bin/concatfragments.sh: Permission denied
Debug: Exec[concat_/opt/wordpress/wp-config.php](provider=posix): Executing '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php"'
Debug: Executing '/var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php"'
Notice: /Stage[main]/Wordpress::App/Concat[/opt/wordpress/wp-config.php]/Exec[concat_/opt/wordpress/wp-config.php]/returns: sh: /var/lib/puppet/concat/bin/concatfragments.sh: Permission denied
Error: /var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php" returned 126 instead of one of [0]
Error: /Stage[main]/Wordpress::App/Concat[/opt/wordpress/wp-config.php]/Exec[concat_/opt/wordpress/wp-config.php]/returns: change from notrun to 0 failed: /var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php" returned 126 instead of one of [0]
Notice: /Stage[main]/Wordpress::App/Concat[/opt/wordpress/wp-config.php]/File[/opt/wordpress/wp-config.php]: Dependency Exec[concat_/opt/wordpress/wp-config.php] has failures: true
Warning: /Stage[main]/Wordpress::App/Concat[/opt/wordpress/wp-config.php]/File[/opt/wordpress/wp-config.php]: Skipping because of failed dependencies

If I run /var/lib/puppet/concat/bin/concatfragments.sh -o "/var/lib/puppet/concat/_opt_wordpress_wp-config.php/fragments.concat.out" -d "/var/lib/puppet/concat/_opt_wordpress_wp-config.php" by hand, it returns 0 as normal. 

Anyone have any pointers where to look for the issue? The fragments all seem to be fine on file permissions and SELinux is disabled.

[root@www concat]# ls -lR
.:
total 12
drwxr-xr-x 2 root   root   4096 Sep 11 08:36 bin
drwxr-x--- 3 root   root   4096 Apr 28 09:23 _etc_httpd_conf_ports.conf
drwxr-x--- 3 apache apache 4096 Sep 11 08:30 _opt_wordpress_wp-config.php

./bin:
total 4
-rwxr-xr-x 1 root root 3945 Sep 11 08:36 concatfragments.sh

./_etc_httpd_conf_ports.conf:
total 12
drwxr-x--- 2 root root 4096 Jun 23 11:35 fragments
-rw-r----- 1 root root  195 Sep 11 08:36 fragments.concat
-rw-r----- 1 root root  195 Apr 28 09:23 fragments.concat.out

./_etc_httpd_conf_ports.conf/fragments:
total 12
-rw-r----- 1 root root 164 Apr 28 09:23 10_Apache ports header
-rw-r----- 1 root root  10 Apr 28 09:23 10_Listen 80
-rw-r----- 1 root root  21 Jun 23 11:35 10_NameVirtualHost *_80

./_opt_wordpress_wp-config.php:
total 12
drwxr-x--- 2 apache apache 4096 Sep 11 08:30 fragments
-rw-r----- 1 apache apache 3371 Sep 11 08:31 fragments.concat
-rw-r----- 1 apache apache 3371 Sep 11 08:31 fragments.concat.out

./_opt_wordpress_wp-config.php/fragments:
total 8
-rw-r----- 1 root apache 1052 Sep 11 08:30 10_wp-config.php keysalts
-rw-r----- 1 root apache 2319 Sep 11 08:30 20_wp-config.php body


Thanks!
Matt

Nan Liu

unread,
Sep 11, 2014, 10:42:13 AM9/11/14
to puppet...@googlegroups.com
Maybe an exec default lurking somewhere caused the concat exec to run as a non-root user. Try adding user => 'root' temporarily to the concat exec. If it solves the issue, start looking for Exec in your puppet manifests.

HTH,

Nan 

Matthew Hyclak

unread,
Sep 11, 2014, 10:57:14 AM9/11/14
to puppet...@googlegroups.com
There are some resource defaults set, but I don't see how that would throw the error based on the file permissions in the last mail.

  ## Resource defaults
  File {
    owner  => $wp_owner,
    group  => $wp_group,
    mode   => '0644',
  }
  Exec {
    path      => ['/bin','/sbin','/usr/bin','/usr/sbin'],
    cwd       => $install_dir,
    logoutput => 'on_failure',
    user      => $wp_owner,
    group     => $wp_group,
  }


wp_owner and wp_group are being set to apache:

  class { '::wordpress':
    wp_owner             => 'apache',
    wp_group             => 'apache',
    db_user              => 'wordpress',
    db_password          => 'redacted',
    wp_additional_config => 'profiles/idaho_wp/wp-config-extra.php.erb',
  }

That does seem to be the issue as running the command as apache gets me the same permission denied. I should have looked further up the tree - /var/lib/puppet is owned by puppet:puppet with 0750 permissions. Now to decide whether or not I fix the module or change permissions on /var/lib/puppet...

Thanks Nan!

Matt 


--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACqVBqB-Qy1FbqpOE%2B%2BR1fjJ77G4%3DHrMVqvy9bMur1si9FpS7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Matthew Hyclak

unread,
Sep 11, 2014, 3:27:26 PM9/11/14
to puppet...@googlegroups.com
So a little more searching revealed this bug report on the module: https://github.com/hunner/puppet-wordpress/issues/27

The Exec defaults are getting "passed through" from the wordpress module to the concat module. Is that correct behavior or a bug in puppet?

My solution for now is to remove the user and group parameters in the Exec defaults. 

Matt
Reply all
Reply to author
Forward
0 new messages