Page MenuHomePhabricator
Create Task
Maniphest T379501

Improve documentation how to set up a project puppetserver
Closed, DeclinedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

What happens?:

The puppet runs in step 5 fails

physikerwelt@puppetmaster:/srv$ sudo -i run-puppet-agent
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppetmaster.5238620953c040e7a9effbe47d4e0932.eqiad1.wikimedia.cloud
Info: Applying configuration version '(29ef8ab526) Dzahn - gerrit: set gerrit site dir Hiera value for new machine gerrit2003'
Error: Cannot create /srv/puppet/server; parent directory /srv/puppet does not exist
Error: /Stage[main]/Puppetserver/File[/srv/puppet/server]/ensure: change from 'absent' to 'directory' failed: Cannot create /srv/puppet/server; parent directory /srv/puppet does not exist
Notice: /Stage[main]/Puppetserver/File[/srv/puppet/server/ssl]: Dependency File[/srv/puppet/server] has failures: true
Warning: /Stage[main]/Puppetserver/File[/srv/puppet/server/ssl]: Skipping because of failed dependencies
Notice: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: fatal: detected dubious ownership in repository at '/srv/git/operations/puppet'
Notice: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: To add an exception for this directory, call:
Notice: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: 
Notice: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: 	git config --global --add safe.directory /srv/git/operations/puppet
Notice: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: ERROR: Unable to obtain the current branch
Error: '/usr/local/bin/puppetserver-deploy-code' returned 1 instead of one of [0]
Error: /Stage[main]/Profile::Puppetserver::Git/Exec[puppetserver-deploy-code]/returns: change from 'notrun' to ['0'] failed: '/usr/local/bin/puppetserver-deploy-code' returned 1 instead of one of [0] (corrective)
Notice: /Stage[main]/Puppetserver/Service[puppetserver]: Dependency Exec[puppetserver-deploy-code] has failures: true
Warning: /Stage[main]/Puppetserver/Service[puppetserver]: Skipping because of failed dependencies
Notice: Applied catalog in 8.60 seconds

What should have happened instead?:
The run should succeed.

Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia):

Other information (browser name/version, screenshots, etc.):

I tried with and without the option creation of a second disk.

Related Objects

Event Timeline

Physikerwelt created this task.Nov 10 2024, 6:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 10 2024, 6:19 PM

The Cloud-Services project tag is not intended to have any tasks. Please check the list on https://phabricator.wikimedia.org/project/profile/832/ and replace it with a more specific project tag to this task. Thanks!

Stashbot added a comment.Nov 10 2024, 6:23 PM

Mentioned in SAL (#wikimedia-cloud) [2024-11-10T18:22:58Z] <physikerwelt> start setting up puppet Project_puppetserver attempt 2 -> T379501

Physikerwelt edited projects, added Cloud-VPS; removed Cloud-Services.Nov 10 2024, 6:25 PM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptNov 10 2024, 6:25 PM
fnegri triaged this task as Medium priority.Nov 11 2024, 11:08 AM
fnegri subscribed.

This is caused by a recent change in Git, it was discussed in several other phab tasks, e.g. T325280: cloud puppetmasters fail to run git-sync-upstream.

Maybe the problem is not in the docs, but in how user permissions are being set on a new server. Thanks for reporting it, it needs more investigation.

bd808 subscribed.Nov 12 2024, 8:59 PM
In T379501#10309076, @fnegri wrote:

This is caused by a recent change in Git, it was discussed in several other phab tasks, e.g. T325280: cloud puppetmasters fail to run git-sync-upstream.

I don't think this failure is a git permissions issue.

This part of the error log looks to me like the ops/puppet.git code is missing a dependency somewhere:

Error: Cannot create /srv/puppet/server; parent directory /srv/puppet does not exist
Error: /Stage[main]/Puppetserver/File[/srv/puppet/server]/ensure: change from 'absent' to 'directory' failed: Cannot create /srv/puppet/server; parent directory /srv/puppet does not exist

Specifically:

modules/puppetserver/manifests/init.pp
if $ssldir_on_srv {
    ensure_resource(                                                                    
        'file',
        '/srv/puppet/server',                                                           
        {
            'ensure' => 'directory',                                                        
            'owner'  => 'puppet',                                                           
            'group'  => 'puppet',
            'mode'   => '0751',                                                         
        },
    )
    ensure_resource(
        'file',                                                                         
        '/etc/puppet/puppetserver/ca',
        {
            'ensure' => link,                                                               
            'target' => '/srv/puppet/server/ssl/ca'
        },                                                                          
    )
} elsif $separate_ssldir {

There is nothing in the ::puppetserver manifest that creates the /srv/puppet parent directory. git grep /srv/puppet is not finding anything that looks like a file resource creating that parent directory that we could add a dependency on either. I guess my next question is how does /srv/puppet get created when things are working as hoped?

Physikerwelt added a comment.Nov 13 2024, 8:09 AM

yes, at the first try (without the volume mounted at /srv) I created the puppet folder manually, but it didn't solve the problem. And I ran into permission issues, regardless of what I changed.

Physikerwelt mentioned this in T377655: Request creation of wikiqlever VPS project.Jan 11 2025, 8:49 AM
Physikerwelt closed this task as Declined.Dec 18 2025, 1:28 PM

We now have a method to install the qlever server only once, so no puppet needed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits