Your message dated Thu, 30 Jan 2020 20:36:55 +0000 with message-id <[email protected]> and subject line Bug#919231: fixed in systemd 241-7~deb10u3 has caused the Debian Bug report #919231, regarding CacheDirectory/StateDirectory does not change owner/group to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 919231: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919231 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: salt-master Version: 2018.3.3+dfsg1-2 Severity: important Dear Maintainer, Upgrading salt-master from its Stretch version to Buster (whole system was upgraded) breaks the Salt master. Symptoms: E: Sub-process /usr/bin/dpkg returned an error code (1) [...] Job for salt-master.service failed because the control process exited with error code. See "systemctl status salt-master.service" and "journalctl -xe" for details. invoke-rc.d: initscript salt-master, action "restart" failed. ● salt-master.service - The Salt Master Server Loaded: loaded (/lib/systemd/system/salt-master.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2019-01-13 22:43:04 CET; 6ms ago Docs: man:salt-master(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html Process: 14194 ExecStart=/usr/bin/salt-master (code=exited, status=1/FAILURE) Main PID: 14194 (code=exited, status=1/FAILURE) jan 13 22:43:04 icarus salt-master[14194]: File "/usr/lib/python3/dist- packages/salt/daemons/masterapi.py", line 237, in access_keys jan 13 22:43:04 icarus salt-master[14194]: key = mk_key(opts, user) jan 13 22:43:04 icarus salt-master[14194]: File "/usr/lib/python3/dist- packages/salt/daemons/masterapi.py", line 206, in mk_key jan 13 22:43:04 icarus salt-master[14194]: with salt.utils.files.fopen(keyfile, 'w+') as fp_: jan 13 22:43:04 icarus salt-master[14194]: File "/usr/lib/python3/dist- packages/salt/utils/files.py", line 387, in fopen jan 13 22:43:04 icarus salt-master[14194]: f_handle = open(*args, **kwargs) # pylint: disable=resource-leakage jan 13 22:43:04 icarus salt-master[14194]: PermissionError: [Errno 13] Permission denied: '/var/cache/salt/master/.salt_key' jan 13 22:43:04 icarus systemd[1]: salt-master.service: Main process exited, code=exited, status=1/FAILURE jan 13 22:43:04 icarus systemd[1]: salt-master.service: Failed with result 'exit-code'. jan 13 22:43:04 icarus systemd[1]: Failed to start The Salt Master Server. It turns out renaming /var/cache/salt works around this - a new /var/cache/salt directory gets created and the .salt_key gets generated (does not exist on a Stretch installation). There is a .root_key though. After overwriting the contents of the new /var/cache/salt/ directory with what was in the old one (and keeping the .salt_key), the Salt service starts, but still seems unable to access (existing) directories: jan 13 22:48:37 icarus salt-master[16017]: Traceback (most recent call last): jan 13 22:48:37 icarus salt-master[16017]: File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap jan 13 22:48:37 icarus salt-master[16017]: self.run() jan 13 22:48:37 icarus salt-master[16017]: File "/usr/lib/python3/dist- packages/salt/utils/process.py", line 750, in _run jan 13 22:48:37 icarus salt-master[16017]: return self._original_run() jan 13 22:48:37 icarus salt-master[16017]: File "/usr/lib/python3/dist- packages/salt/master.py", line 234, in run jan 13 22:48:37 icarus salt-master[16017]: salt.utils.verify.check_max_open_files(self.opts) jan 13 22:48:37 icarus salt-master[16017]: File "/usr/lib/python3/dist- packages/salt/utils/verify.py", line 429, in check_max_open_files jan 13 22:48:37 icarus salt-master[16017]: accepted_count = len(os.listdir(accepted_keys_dir)) jan 13 22:48:37 icarus salt-master[16017]: PermissionError: [Errno 13] Permission denied: '/var/lib/salt/pki/master/minions' This directory is 700, but when I chmod it to 755 (which I suppose is bad practice, I presume it's 700 for a valid reason), restart the Salt service, the permissions are reset to 700: $ ls -lh /var/lib/salt/pki/master/|grep minions drwx------ 2 755 root 4,0K dec 29 16:21 minions Let me know if you need more information. This was a clean upgrade from Stretch (no bits and pieces). Thank you Stijn Segers -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (450, 'testing'), (50, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages salt-master depends on: ii adduser 3.118 ii lsb-base 10.2018112800 ii python3 3.7.1-3 ii python3-crypto 2.6.1-9+b1 ii python3-systemd 234-2+b1 ii python3-zmq 17.1.2-1 ii salt-common 2018.3.3+dfsg1-2 Versions of packages salt-master recommends: ii python3-pygit2 0.27.3-1 salt-master suggests no packages. -- Configuration Files: /etc/salt/master changed [not included] -- no debconf information
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 241-7~deb10u3 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <[email protected]> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 29 Jan 2020 19:07:53 +0100 Source: systemd Architecture: source Version: 241-7~deb10u3 Distribution: buster Urgency: medium Maintainer: Debian systemd Maintainers <[email protected]> Changed-By: Michael Biebl <[email protected]> Closes: 919231 945018 Changes: systemd (241-7~deb10u3) buster; urgency=medium . * core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX. Since kernel 5.2 (but also stable kernels like 4.19.53) the kernel thankfully returns proper errors when we write a value out of range to the sysctl. Which however breaks writing ULONG_MAX to request the maximum value. Hence let's write the new maximum value instead, LONG_MAX. (Closes: #945018) * core: change ownership/mode of the execution directories also for static users. This ensures that execution directories like CacheDirectory and StateDirectory are properly chowned to the user specified in User= before launching the service. (Closes: #919231) Checksums-Sha1: 65f60abf75f7f3207f7401cdec963ea4c9fc2002 4946 systemd_241-7~deb10u3.dsc 7131f74d8cf428804d9bfff198488dec902e5d56 169396 systemd_241-7~deb10u3.debian.tar.xz 0a8b5b02bfe19ba73af0d9d5123604be520922fe 9802 systemd_241-7~deb10u3_source.buildinfo Checksums-Sha256: 04ef215da8e05800c587601eacb011f9596dd7138ac85b43f33efdbf6b799a31 4946 systemd_241-7~deb10u3.dsc 54d4d0624c776ab2a375f303ed64bfe25ddc8cb47b5bfe6c2a400ba842420363 169396 systemd_241-7~deb10u3.debian.tar.xz 9aaffb7cce359bef724bc7c93a623357232262545d769691c1c47680d55ce56c 9802 systemd_241-7~deb10u3_source.buildinfo Files: 83a8f46e8ef9751366fce54107cdc3a8 4946 admin optional systemd_241-7~deb10u3.dsc 2809cf024acc9fdfd434d23a9f4732ee 169396 admin optional systemd_241-7~deb10u3.debian.tar.xz ceca07b86d87a07b709da814d6bace88 9802 admin optional systemd_241-7~deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl4yMs8ACgkQauHfDWCP ItyNXBAAmH82NntK8rLcCv+/MffQIBQPg/Jmqe5n79/UR3Kw2PYYLMne0KH842ZC jdEWSUYFNGezWm64e8q51+Vw249lBImR8uWoWCCOGSpMrqimYV0r3PlKMdx7L/hO ORLePuosn12hNmeKnQ7tKzxAhyYCH5atE9DWZGQ9u0fTMhW8DnZGpv+zMVJQNGi0 6009oDgzkCVKA3a1tfjqCiRcCcxWIA5FPokXyPp5knXLk1T+pfr7m5PS992YiQjK 9MgJar0q+eZAuULjQx/u5wgSfQ2y+Fpyn/cgJ2AlvJ3Qn09Iie4X9UMHUocm2FRe 6mkcqX3PGzfsxpXmiUmWSEOXwKRGe7S3idDxFERTTqgffw9/A4ov5bfIvE57u+NO e3aRUR97WQJjyJqPi4UBPhCKUiZCvyeuPWAY2xpnecE90RUW0zsYH3F3OEfHGEKu 6fiUUXjF2vDSd+XfHBw8h1Q03b4GTCZpSUnMWIJmpcPZKSZ6EWgIiidSmpXTBr0K UFASb+C12VbMsXMJzj65eSEUmuihvbLEEdRGjEzsKTyUiuIfgiPgAqOn7K1JelHd BDofPpDCasDQpjzLrc9vFXnwMHpL2YlhGe3JKr6bCaM4uOgDHyPpuiHpp0qW/rr6 mYvgypPG4kcjaoNTbRsMt3sNOd8ujKk6W7Y8wxBNMSaoT+jHH3A= =IAqn -----END PGP SIGNATURE-----
--- End Message ---
