Search code examples
puppetrc

Squelch puppet state chown

I'm hoping to use puppet to manage my rc files (i.e. sharing configuration files between work and home). I keep my rc files in a subversion respository. Some machines, I have sudo privileges on, some I don't. And none of the machines are on the same network.

I have a simple puppet file:

class bashResources ( $home, $svn ) {
    file { "$home/.bash" :
        ensure => 'directory',
    }

    file { "$home/.bash/bashrc.d" :
        ensure => 'directory',
    }

    file { "$home/.bash/bashrc.d/bashrc" :
        ensure => present,
        target => "$home/$svn/rc/bashrc",
    }
}

node 'ubuntuwgu290' {
    class { 'bashResources':
        home => '/home/dshaw',
        svn => 'mysvn',
    }
}

I have a simple config file that I'm using to squelch some errors:

[main]
report=false

When I run puppet, I get an annoying error about not being able to execute chown:

dshaw@ubuntuwgu290:~/mysvn/rc$ puppet apply rc.pp --config ./puppet.conf
Notice: Compiled catalog for ubuntuwgu290.maplesoft.com in environment production in 0.12 seconds
Error: Failed to apply catalog: Operation not permitted @ rb_file_chown - /home/dshaw/.puppet/var/state/state.yaml20170316-894-rzkggd
Error: Could not save last run local report: Operation not permitted @ rb_file_chown - /home/dshaw/.puppet/var/state/last_run_summary.yaml20170316-894-l9embs

I have attempted to squelch the error by adding reports=none to my config file, but it has not been effective.

How can I squelch these errors? Alternatively, is there a more lightwieght tool for managing rc files?

Thanks, Derek

Solution

  • The error is related to Puppet trying to manage its own metadata in /home/dshaw/.puppet, not any of the files enrolled in Puppet's catalog for management. This is not normally a problem, even when you run Puppet as an ordinary user. In fact, supporting this sort of thing is one of the reasons why per-user Puppet metadata exists.

    The files that Puppet is trying to chown do not already belong to you (else Puppet would not be trying to chown them), but they should belong to you, where "you" means the puppet process's (e)UID and (e)GID. You might be able to solve the problem by just removing Puppet's state directory, and letting it rebuild it on the next run. Alternatively, you might be able to perform or arrange for a manual chown such as Puppet is trying to perform.

    On the other hand, it's unclear how this situation arose in the first place, and some of the mechanisms I can imagine would render those suggestions ineffective.