[Pkg-puppet-devel] Bug#507512: Bug#507512: puppet: Puppet 0.24.5 leaks FDs into managed daemons

Micah Anderson micah at riseup.net
Wed Dec 3 21:30:41 UTC 2008


* Nick Phillips <nwp at nz.lemon-computing.com> [2008-12-02 15:56-0500]:
> On 3/12/2008, at 6:19 AM, Micah Anderson wrote:
>
>> Hi Nick,
>>
>> * Nick Phillips <nwp at debian.org> [2008-12-01 18:08-0500]:
>>> Puppet 0.24.5 leaks FDs (e.g. sockets used for communication
>>> with the puppetmaster!) when starting/restarting services. Try
>>> running `lsof -i | grep 8140` on a machine managing services with
>>> puppet.
>>
>> Can you give me some more information about this? I'm not so clear on
>> what the problem is, and when I do the lsof you suggest on a machine
>> using puppet, I'm not getting anything returned.
>>
>> Sorry I'm just missing it :)
>
> The FDs of sockets that puppet has used to connect to the puppetmaster  
> get left open when puppet forks to exec e.g. the init script to start a 
> service. So you get a lot of sockets left lying around in CLOSE_WAIT  
> state, associated with daemons that puppet has started. Example `lsof -i 
> | grep 8140` output attached.
>

Thanks for sending more info on Nick... I see now that I wasn't seeing
this because I ran the lsof when puppet was not currently running,
rather just waiting for its next run.

However, I still dont quite get what the issue is. Is it that as a
non-root user you can see what system the puppet daemon is talking to,
and normally these FDs wouldn't be visible via lsof unless you are root?

Thom dug out the git commit here:
http://github.com/jamtur01/puppet/commit/923fd89#diff-1 ; the original
on list description was that exec types leaked the FDs

> It seems to me that start-stop-daemon, and possibly the daemons  
> themselves, should perhaps be closing unexpected FDs as well, but puppet 
> shouldn't be leaving these open in the first place (and as I mentioned, 
> there is a fix for this in 0.24.6).

Can you detail why these shouldn't be left open, and what problems this
causes?

thanks,
micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20081203/d86453d2/attachment.pgp 


More information about the Pkg-puppet-devel mailing list