Homebrew install fails on some systems, may be related to master password/managed account about puppet-homebrew HOT 17 CLOSED

Seems to be related to the account which runs puppet from that old boxen fork. Which user is that? Which permissions does it have? Is it root?

from puppet-homebrew.

The account flow is:

1. zbentley (member of staff; the only real user account on the box besides a hidden corporate admin account that sets the master password) runs a ruby script.
2. Ruby script runs sudo -p "prompt string" puppet apply .... It's shelling out and running sudo, not doing setuid itself.
3. This module runs su zbentley -c [homebrew install].

Oddly, if I do sudo su zbentley, or if I sudo su - into a root shell and then su zbentley, it works. If I try to simulate what the script is doing, but without Puppet, it also works:

zbentley~> sudo ruby -e 'system("/usr/bin/su zbentley -c /bin/bash -c echo foo > /Users/zbentley/testfile")'

That creates the expected file.

from puppet-homebrew.

I can no longer reproduce this issue on my Mac; I disabled and re-enabled account management, so perhaps something changed?

It seems like a good idea regardless to handle the su: Sorry situation when switching users. Perhaps something like "if output contains 'su: Sorry' and a test su - $user /bin/true prints any output at all, print a custom error message indicating a permissions issue"? That may just add meaningless complexity, though.

Either way, I am comfortable closing this unless others are experiencing the same issue. I'll leave it up to the maintainers to close or not.

from puppet-homebrew.

Happy to see the issue is resolved for you!

I'm inclined to agree: we should probably look into handling that case, or at least look more closely into the relevant logic. I'll keep this open as low-priority and take a look in the future.

from puppet-homebrew.

I am having the same exact issue. It only happens on 5-10 machines of about 25 (ElCap and Sierra).

If I go to a machine which is affected and execute the command /usr/bin/su myuser -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"' manually it succeeds. However if I run it as root (like my puppet agent service does), ie. sudo /usr/bin/su xamarinqa -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"' than I receive this error.

Any ideas what I can dig into?

from puppet-homebrew.

A full log of the run while running puppet agent -t --verbose --debug --trace would be really helpful.

from puppet-homebrew.

I has to filter it unfortunately, but these are the only lines from this module.

�[0;32mInfo: Applying configuration version '1487970525'�[0m
�[0;36mDebug: Exec[install-homebrew](provider=posix): Executing '/usr/bin/su ruggles -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"''�[0m
�[0;36mDebug: Executing: '/usr/bin/su ruggles -c '/bin/bash -o pipefail -c "/usr/bin/curl -skSfL https://github.com/homebrew/brew/tarball/master | /usr/bin/tar xz -m --strip 1"''�[0m
�[mNotice: /Stage[main]/Homebrew::Install/Exec[install-homebrew]/returns: bin/brew: Can't create 'bin/brew'�[0m
�[mNotice: /Stage[main]/Homebrew::Install/Exec[install-homebrew]/returns: tar: Error exit delayed from previous errors.�[0m
�[mNotice: /Stage[main]/Homebrew::Install/File[/usr/local/bin/brew]: Dependency Exec[install-homebrew] has failures: true�[0m
�[0;36mDebug: /Stage[main]/Homebrew::Install/File[/usr/local/bin/brew]: Resource is being skipped, unscheduling all events�[0m
�[0;36mDebug: Class[Homebrew::Install]: Resource is being skipped, unscheduling all events�[0m
�
�[0;36mDebug: Stage[main]: Resource is being skipped, unscheduling all events�[0m
�[0;36mDebug: Finishing transaction 70109957580780�[0m
�[0;36mDebug: Storing state�[0m
�[0;36mDebug: Stored state in 0.03 seconds�[0m
�[mNotice: Applied catalog in 2.77 seconds�[0m
�[0;36mDebug: Dynamically-bound server lookup failed, falling back to report_server setting�[0m
�[0;36mDebug: Dynamically-bound port lookup failed; falling back to report_port setting�[0m
�[0;36mDebug: Using cached connection for https://ruggles-foreman.ruggles.local:8140�[0m
�[0;36mDebug: Caching connection for https://ruggles-foreman.ruggles.local:8140�[0m
�[0;36mDebug: Closing connection for https://ruggles-foreman.ruggles.local:8140�[0m

Doesn't really seem helpful?

from puppet-homebrew.

Hey @kdubau could you just verify that myuser is xamarinqa in your first comment? Also could you clarify which user you were running each command as?

Looks like the first relevant error in that log is

Homebrew::Install/Exec[install-homebrew]/returns: bin/brew: Can't create 'bin/brew'

That looks like a permissions issue to me. Could you paste the output of

ls -l /usr | grep local
ls -l /usr/local | grep brew

Hopefully all of the above information will help us figure out what's going on here.

from puppet-homebrew.

@TheKevJames Hey, yes my user is xamarinqa.

Output requested:

ruggles-capitan-4:local xamarinqa$ ls -l /usr | grep local
drwxrwxr-x    18 xamarinqa  staff    612 Feb 27 10:03 local
ruggles-capitan-4:local xamarinqa$ ls -l /usr/local | grep brew
drwxrwxr-x    2 xamarinqa  admin    68 Feb 24 13:00 Homebrew

Thanks!

from puppet-homebrew.

I added this to my manifest and it resolved my issue.

    File<|title == '/usr/local'|> {
        ensure  => directory,
        owner   => $user,
        group   => 'admin',
        recurse => true,
    }

from puppet-homebrew.

Hmm, are you by chance using version 1.5.0 of this package? This looks similar to a bug we fixed in 1.6.0.

If so, could you update to 1.6.0 and check whether the issue persists?

from puppet-homebrew.

This should already be fixed as @TheKevJames mentioned. If you are using latest could you let me know if you had homebrew installed before using this module?

We already change permissions on /usr/local but we don't do it recursively because there may be other tools there which may require root:wheel permissions.
https://github.com/TheKevJames/puppet-homebrew/blob/master/manifests/install.pp#L3-L23

from puppet-homebrew.

I'm on latest yes. For some reason in my environment I needed to set myuser:admin on /usr/local - setting only the group like this module does was not enough in my case.

from puppet-homebrew.

Hmm, we might be able to set the user on https://github.com/TheKevJames/puppet-homebrew/blob/master/manifests/install.pp#L19-L23 explicitly. I wonder if this could cause any negative side-effects? Note I specifically mean adding $homebrew::user to this block and not changing anything about how it recurses.

I'm leaning towards "probably not", since my understanding is /usr/local is supposed to by owned by myuser:mygroup anyway... thoughts?

from puppet-homebrew.

I think that was the primary reason why homebrew moved from /usr/local to /usr/local/Homebrew because was messing with the permissions form other tools like postgresql or similar which require very specific permissions, user and groups.
By making the directory 775 and with an admin or similar group should avoid any of these issues. I tried on fresh machines and had 0 problems with this.
@kdubau would be possible to try on a VM or similar just in case you had that folder already messed up for another reason?

from puppet-homebrew.

I can say with a decent amount of confidence that yes the folder was already messed up for another reasons. When developing I was using a clean VM and had no problems.

from puppet-homebrew.

Cool, sounds like this is resolved to me then. Feel free to open up a new issue if you encounter any further issues.

from puppet-homebrew.