[Pkg-puppet-devel] Bug#1069162: Problem starting at boot, MAINPID to kill is a root-owned java process
martin f krafft
madduck at debian.org
Wed Apr 17 09:40:48 BST 2024
Package: puppetserver
Version: 7.9.5-2
Severity: normal
I found puppetserver failing to boot, because the `ExecStartPost`
line fails:
```
[Service]
ExecStartPost=sh -c "while ! head -c1 ${RUNTIME_DIRECTORY}/restart | grep -q '^1'; do kill -0 $MAINPID && sleep 1 || exit 1; done"
```
Adding a little debugging output, I find `$MAINPID` pointing to the wrong
process, and the `kill` failing:
```
sh[653]: + ps -fp 652
sh[653]: UID PID PPID C STIME TTY TIME CMD
sh[653]: root 652 1 0 10:34 ? 00:00:00 (java)
sh[653]: + kill -0 652 Apr 17 10:18:27
sh[653]: sh: 1: kill: Operation not permitted
```
It's unclear to me why `$MAINPID` points at the root-owned `java` process, or
why that process is even started as root, given that `User=puppet` is
specified.
This only happens during boot, and not 100% of the time. When the service is
restarted later, it works fine.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages puppetserver depends on:
ii default-jre-headless 2:1.17-75
pn jruby <none>
pn libclj-time-clojure <none>
pn libclojure-java <none>
pn libcomidi-clojure <none>
pn libcommons-exec-java <none>
ii libcommons-io-java 2.16.0-1
pn libcommons-lang-java <none>
pn libdropwizard-metrics-java <none>
pn libdujour-version-check-clojure <none>
pn libjruby-utils-clojure <none>
pn libkitchensink-clojure <none>
pn libliberator-clojure <none>
pn libprismatic-schema-clojure <none>
pn libpuppetlabs-http-client-clojure <none>
pn libpuppetlabs-i18n-clojure <none>
pn libpuppetlabs-ring-middleware-clojure <none>
pn libraynes-fs-clojure <none>
pn librbac-client-clojure <none>
pn libsemver-clojure <none>
pn libshell-utils-clojure <none>
pn libslingshot-clojure <none>
pn libssl-utils-clojure <none>
pn libtrapperkeeper-authorization-clojure <none>
pn libtrapperkeeper-clojure <none>
pn libtrapperkeeper-comidi-metrics-clojure <none>
pn libtrapperkeeper-filesystem-watcher-clojure <none>
pn libtrapperkeeper-metrics-clojure <none>
pn libtrapperkeeper-scheduler-clojure <none>
pn libtrapperkeeper-status-clojure <none>
pn libtrapperkeeper-webserver-jetty9-clojure <none>
pn libyaml-snake-java <none>
ii procps 2:4.0.4-4
pn puppet-agent <none>
ii ruby 1:3.1+nmu1
ii ruby-concurrent 1.2.3-2
pn ruby-deep-merge <none>
pn ruby-fast-gettext <none>
pn ruby-gettext <none>
pn ruby-hocon <none>
ii ruby-locale 2.1.3-1
pn ruby-puppet-resource-api <none>
pn ruby-puppetserver-ca-cli <none>
pn ruby-semantic-puppet <none>
pn ruby-text <none>
Versions of packages puppetserver recommends:
pn puppet-module-puppetlabs-mailalias-core <none>
puppetserver suggests no packages.
--
.''`. martin f. krafft <madduck at d.o>
: :' : proud Debian developer
`. `'` http://people.debian.org/~madduck
`- Debian - when you have better things to do than fixing systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-puppet-devel/attachments/20240417/9d6f9fd5/attachment.htm>
More information about the Pkg-puppet-devel
mailing list