Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5808

puppet via sudo from nfs home is not working

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: PUP 3.8.4
    • Fix Version/s: PUP 5.5.7
    • Component/s: Types and Providers
    • Labels:
      None
    • Environment:

      RHEL7.2, RHEL6.7
      puppet-3.8.4-1.el7.noarch, puppet-3.8.4-1.el6.noarch

      Description

      We use NFS mounted home directories for all our users. If a sysadmin or devop wants to trigger a puppet agent run via sudo, he/she must change dir from the nfs home directory to a local directory, otherwise the puppet run will fail.

      This is nothing new, but I'd like to know if it is intended behaviour or if it is something that could be fixed.

      So, running an strace on the puppet agent run, I see that puppet repeatedly executes a 'chdir' to the cwd. These chdirs are typically performed before a stat operation to get the correct path for a provider (i.e. /usr/bin/mount or /usr/local/sbin/mount). When running via sudo from my homedir, this fails since root has no permissions to enter that directory.

      I can work around this by cd'ing to a local dir before running 'sudo puppet', or invoking sudo with the '-i' flag, but to make it failsafe for our devops it would be better if they didnt have to think about that. I would suggest to use the default tempdir of the system (linux=/tmp) instead of the cwd for these chdir operations, but I might fail to see the complete picture.

      Outtake from strace log:

      chdir("/home/a001329")                  = -1 EACCES (Permission denied)
      write(2, "\33[1;31mError: /Stage[pre]/Core::"..., 137^[[1;31mError: /Stage[pre]/Core::Users::Update_root_pw/Exec[set_grub2_password]: Could not evaluate: Permission denied - /home/a001329^[[0m) = 137
      write(2, "\n", 1
      )                       = 1
      sendto(7, "<27>Feb  3 11:48:42 puppet-agent"..., 161, MSG_NOSIGNAL, NULL, 0) = 161
      write(1, "\33[mNotice: /Stage[pre]/Core::Use"..., 131^[[mNotice: /Stage[pre]/Core::Users::Update_root_pw/Exec[grub2-mkconfig]: Dependency Exec[set_grub2_password] has failures: true^[[0m) = 131
      write(1, "\n", 1
      )                       = 1
      sendto(7, "<29>Feb  3 11:48:42 puppet-agent"..., 158, MSG_NOSIGNAL, NULL, 0) = 158
      write(2, "\33[1;31mWarning: /Stage[pre]/Core"..., 121^[[1;31mWarning: /Stage[pre]/Core::Users::Update_root_pw/Exec[grub2-mkconfig]: Skipping because of failed dependencies^[[0m) = 121
      write(2, "\n", 1
      )                       = 1
      sendto(7, "<28>Feb  3 11:48:42 puppet-agent"..., 143, MSG_NOSIGNAL, NULL, 0) = 143
      stat("/usr/bin/useradd", 0x7ffd573a3f70) = -1 ENOENT (No such file or directory)
      stat("/bin/useradd", 0x7ffd573a3f70)    = -1 ENOENT (No such file or directory)
      stat("/usr/sbin/useradd", {st_mode=S_IFREG|0750, st_size=114064, ...}) = 0
      stat("/usr/sbin/useradd", {st_mode=S_IFREG|0750, st_size=114064, ...}) = 0
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                adam.winberg@smhi.se Adam Winberg
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support