search

puppetlabs / bolt

Bolt is an open source orchestration tool that automates the manual work it takes to maintain your infrastructure on an as-needed basis or as part of a greater orchestration workflow. It can be installed on your local workstation and connects directly to remote nodes with SSH or WinRM, so you are not required to install any agent software.
https://puppet.com/docs/bolt/latest/bolt.html
Apache License 2.0
499 stars 225 forks source link

Permission denied errors #2508

Closed blackknight36 closed 3 years ago

blackknight36 commented 3 years ago

Describe the Bug

When running bolt as a non-root user warning messages are shown on the console as follows.

10:36 $ bolt task show
Command /usr/sbin/dmidecode --type 1,2,3 resulted with the following stderr message: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
/dev/mem: Permission denied
Command /usr/bin/ipmitool lan print resulted with the following stderr message: Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

Environment

lucywyman commented 3 years ago

Interesting! This is particularly interesting that it's happening for bolt task show, which shouldn't be executing much code. I'm not seeing anywhere that we call dmidecode in Bolt or Puppet, but when we load tasks it looks like we do load and evaluate custom datatypes and facts. I tentatively suspect there's a datatype or fact in one of the modules being loaded that's trying to call dmidecode and erroring, but it could be something else. It looks like vmware-tools is a popular module that calls dmidecode, but it could be something else.

Would you mind posting your Puppetfile contents or a list of modules that are on your modulepath?

beechtom commented 3 years ago

This might be a Facter bug that is surfaced when using Facter to compute the controller's OS: https://github.com/puppetlabs/bolt/blob/main/lib/bolt/analytics.rb#L213

blackknight36 commented 3 years ago

I checked our modules and the only one that uses dmidecode is puppetlabs-postgresql. Here is what I could find using grep.

https://gist.github.com/blackknight36/d3873779e27bed465bfe34d6545f16b1

lucywyman commented 3 years ago

Ah, the gist is very telling! I'm not sure how or why, but it seems like that module is using facter 2.5.5....I'm still not quite sure how that would impact loading for bolt task show, but I'd try to just remove puppetlabs-postgresql/.bundle/ altogether (it shouldn't be needed, or if it is I just checked and the latest of that module pulls in Facter 4.0.47 which is latest) and see if that solves it.

blackknight36 commented 3 years ago

Ah, the gist is very telling! I'm not sure how or why, but it seems like that module is using facter 2.5.5....I'm still not quite sure how that would impact loading for bolt task show, but I'd try to just remove puppetlabs-postgresql/.bundle/ altogether (it shouldn't be needed, or if it is I just checked and the latest of that module pulls in Facter 4.0.47 which is latest) and see if that solves it.

Sorry, the gist is a bit misleading since it comes from a copy of the postgresql module which is not used by bolt. Here are the modules shown by the bolt puppetfile command.

Packaged Modules
  aggregate                       (built-in)
  puppetlabs/augeas_core          1.1.1
  puppetlabs/aws_inventory        0.5.2
  puppetlabs/azure_inventory      0.4.1
  canary                          (built-in)
  puppetlabs/cron_core            1.0.5
  puppetlabs/facts                1.2.0
  puppetlabs/gcloud_inventory     0.1.3
  puppetlabs/host_core            1.0.3
  puppetlabs/http_request         0.2.1
  puppetlabs/mount_core           1.0.4
  puppetlabs/package              1.3.0
  puppetlabs/pkcs7                0.1.1
  puppetlabs/puppet_agent         4.2.0
  puppetlabs/puppet_conf          0.6.0
  puppetdb_fact                   (built-in)
  puppetlabs/python_task_helper   0.4.3
  puppetlabs/reboot               3.0.0
  puppetlabs/ruby_plugin_helper   0.1.0
  puppetlabs/ruby_task_helper     0.5.1
  puppetlabs/scheduled_task       2.2.1
  puppetlabs/secure_env_vars      0.1.0
  puppetlabs/selinux_core         1.0.4
  puppetlabs/service              1.3.0
  puppetlabs/sshkeys_core         2.2.0
  puppetlabs/stdlib               6.5.0
  puppetlabs/terraform            0.5.0
  puppetlabs/vault                0.3.0
  puppetlabs/yaml                 0.2.0
  puppetlabs/yumrepo_core         1.0.7
  puppetlabs/zfs_core             1.2.0
  puppetlabs/zone_core            1.0.3
lucywyman commented 3 years ago

Hi, sorry for the long silence, I was reviewing our open issues and noticed this had fallen through the cracks. I'm assuming it's still an issue for you? It seems like maybe you have an old version of Facter or the puppet agent on your system that's superseding Bolt...can you post the output of facter --version and puppet --version?

blackknight36 commented 3 years ago

It appears that this is no longer an issue. Running the same command does not produce any errors. Here is the version info from my system.

19:29 $ puppet --version 6.21.1

19:29 $ facter --version 3.14.16 (commit d3b0a04d6722084993ab2dd3ee4180718ad71942)

19:29 $ bolt --version 3.7.0