<!DOCTYPE html>

<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="content-type"/>
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
</head>
<body style="font-family: Lato, Calibri, Tahoma, sans-serif; max-width: 32em">
<p style="text-align: justify; text-justify: auto">Package: puppetserver<br/>
Version: 7.9.5-2<br/>
Severity: normal</p>
<p style="text-align: justify; text-justify: auto">I found puppetserver failing to boot, because the <code>ExecStartPost</code> line fails:</p>
<div class="codehilite" style="background: #f8f8f8"><pre style="line-height: 125%"><span></span><code>[Service]
ExecStartPost=sh -c "while ! head -c1 ${RUNTIME_DIRECTORY}/restart | grep -q '^1'; do kill -0 $MAINPID && sleep 1 || exit 1; done"
</code></pre></div>
<p style="text-align: justify; text-justify: auto">Adding a little debugging output, I find <code>$MAINPID</code> pointing to the wrong<br/>
process, and the <code>kill</code> failing:</p>
<div class="codehilite" style="background: #f8f8f8"><pre style="line-height: 125%"><span></span><code>sh[653]: + ps -fp 652
sh[653]: UID          PID    PPID  C STIME TTY          TIME CMD
sh[653]: root         652       1  0 10:34 ?        00:00:00 (java)
sh[653]: + kill -0 652 Apr 17 10:18:27
sh[653]: sh: 1: kill: Operation not permitted
</code></pre></div>
<p style="text-align: justify; text-justify: auto">It’s unclear to me why <code>$MAINPID</code> points at the root-owned <code>java</code> process, or<br/>
why that process is even started as root, given that <code>User=puppet</code> is<br/>
specified.</p>
<p style="text-align: justify; text-justify: auto">This only happens during boot, and not 100% of the time. When the service is<br/>
restarted later, it works fine.</p>
<p style="text-align: justify; text-justify: auto">– System Information:<br/>
Debian Release: trixie/sid<br/>
  APT prefers unstable<br/>
  APT policy: (500, ‘unstable’), (1, ‘experimental’)<br/>
Architecture: amd64 (x86_64)</p>
<p style="text-align: justify; text-justify: auto">Kernel: Linux 6.6.13-amd64 (SMP w/8 CPU threads; PREEMPT)<br/>
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en<br/>
Shell: /bin/sh linked to /usr/bin/dash<br/>
Init: systemd (via /run/systemd/system)<br/>
LSM: AppArmor: enabled</p>
<p style="text-align: justify; text-justify: auto">Versions of packages puppetserver depends on:<br/>
ii  default-jre-headless                         2:1.17-75<br/>
pn  jruby                                        <none><br/>
pn  libclj-time-clojure                          <none><br/>
pn  libclojure-java                              <none><br/>
pn  libcomidi-clojure                            <none><br/>
pn  libcommons-exec-java                         <none><br/>
ii  libcommons-io-java                           2.16.0-1<br/>
pn  libcommons-lang-java                         <none><br/>
pn  libdropwizard-metrics-java                   <none><br/>
pn  libdujour-version-check-clojure              <none><br/>
pn  libjruby-utils-clojure                       <none><br/>
pn  libkitchensink-clojure                       <none><br/>
pn  libliberator-clojure                         <none><br/>
pn  libprismatic-schema-clojure                  <none><br/>
pn  libpuppetlabs-http-client-clojure            <none><br/>
pn  libpuppetlabs-i18n-clojure                   <none><br/>
pn  libpuppetlabs-ring-middleware-clojure        <none><br/>
pn  libraynes-fs-clojure                         <none><br/>
pn  librbac-client-clojure                       <none><br/>
pn  libsemver-clojure                            <none><br/>
pn  libshell-utils-clojure                       <none><br/>
pn  libslingshot-clojure                         <none><br/>
pn  libssl-utils-clojure                         <none><br/>
pn  libtrapperkeeper-authorization-clojure       <none><br/>
pn  libtrapperkeeper-clojure                     <none><br/>
pn  libtrapperkeeper-comidi-metrics-clojure      <none><br/>
pn  libtrapperkeeper-filesystem-watcher-clojure  <none><br/>
pn  libtrapperkeeper-metrics-clojure             <none><br/>
pn  libtrapperkeeper-scheduler-clojure           <none><br/>
pn  libtrapperkeeper-status-clojure              <none><br/>
pn  libtrapperkeeper-webserver-jetty9-clojure    <none><br/>
pn  libyaml-snake-java                           <none><br/>
ii  procps                                       2:4.0.4-4<br/>
pn  puppet-agent                                 <none><br/>
ii  ruby                                         1:3.1+nmu1<br/>
ii  ruby-concurrent                              1.2.3-2<br/>
pn  ruby-deep-merge                              <none><br/>
pn  ruby-fast-gettext                            <none><br/>
pn  ruby-gettext                                 <none><br/>
pn  ruby-hocon                                   <none><br/>
ii  ruby-locale                                  2.1.3-1<br/>
pn  ruby-puppet-resource-api                     <none><br/>
pn  ruby-puppetserver-ca-cli                     <none><br/>
pn  ruby-semantic-puppet                         <none><br/>
pn  ruby-text                                    <none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></none></p>
<p style="text-align: justify; text-justify: auto">Versions of packages puppetserver recommends:<br/>
pn  puppet-module-puppetlabs-mailalias-core  <none></none></p>
<p style="text-align: justify; text-justify: auto">puppetserver suggests no packages.</p>
<div id="signature" style="font-family: Lato, Calibri, Tahoma, sans-serif; max-width: 32em"><span class="sig_separator" style="display: none">-- </span>
<dl>
<dt>.’‘`.   martin f. krafft <a href="mailto:madduck@d.o">madduck@d.o</a></dt>
<dd>:’  :  proud Debian developer<br/>
<code>.</code>‘<code>http://people.debian.org/~madduck</code>-  Debian - when you have better things to do than fixing systems</dd>
</dl>
</div>
</body>
</html>