Revocation isn’t something I’ve used before… I assume you’re talking about SSL
Certificate revocation? I have commented out the “SSLCARevocationFile” below,
but still receive the same error. I’ll bring up another test box to see if
that works better… Thanks,
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/etc/puppet/ssl/certs/spainfradev.spa.sgstestcom.com.pem
SSLCertificateKeyFile
/etc/puppet/ssl/private_keys/spainfradev.spa.sgstestcom.com.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try
disabling
# CRL checking by commenting the next line, but this is not recommended.
#SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
--Chris
=====================================================================
Christopher Marlow Phone: 518-580-0555
Systems Administrator Fax: 518-580-2320
SGS Testcom, Inc. Cell: 518-275-1003
2911 State Route 9, Suite 3 Email: christopher.mar...@sgs.com
Ballston Spa, NY 12020
=====================================================================
From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On
Behalf Of Ohad Levy
Sent: Thursday, May 14, 2009 10:24 AM
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Re: Conversion to passenger
Maybe related maybe not... but if you have revocation enabled in apache, you
cant use puppetd to connect to the same machine(anyone knows why btw?).
according to your logs, it seems that revocation is enabled.
cheers,
Ohad
On Thu, May 14, 2009 at 9:45 PM, Marlow, Christopher (Ballston Spa)
<christopher.mar...@sgs.com> wrote:
I’ve been running Puppet using the default puppetmaster server for a few months
now, and as the sphere of influence is expanding throughout our network, I
thought I’d try my hand at upgrading the server to use Passenger instead. I
went through all the instructions, and didn’t get any error messages back until
I actually tried to run puppetd. Here’s what I’m receiving:
From puppetd:
[r...@localhost puppet]# puppetd --no-daemonize --debug --onetime
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/public_keys/spainfradev.spa.sgstestcom.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/etc/puppet/ssl/private_keys/spainfradev.spa.sgstestcom.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/certs/spainfradev.spa.sgstestcom.com.pem]:
Autorequiring File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
debug: Finishing transaction 23952668847120 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for spainfradev.spa.sgstestcom.com
debug: Finishing transaction 23952668411000 with 0 changes
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for spainfradev.spa.sgstestcom.com
debug: Using cached certificate_revocation_list for ca
err: Could not retrieve catalog from remote server: Server returned 500:
Internal Server Error
err: Cached catalog for spainfradev.spa.sgstestcom.com failed: wrong number of
arguments (0 for 1)
err: Could not retrieve catalog; skipping run
From apache error_log:
[Thu May 14 09:34:50 2009] [info] Initial (No.1) HTTPS request received for
child 1 (server spainfradev.spa.sgstestcom.com:8140)
[Thu May 14 09:34:51 2009] [error] [client 10.108.111.89] Premature end of
script headers: spainfradev.spa.sgstestcom.com
[ pid=24991 file=ext/apache2/Hooks.cpp:547 time=2009-05-14 09:34:51.764 ]:
Backend process 25348 did not return a valid HTTP response. It returned no
data.
[Thu May 14 09:34:51 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write:
SSL negotiation finished successfully
[Thu May 14 09:34:51 2009] [info] [client 10.108.111.89] Connection closed to
child 1 with standard shutdown (server spainfradev.spa.sgstestcom.com:8140)
*** Exception NoMethodError in PhusionPassenger::Rack::ApplicationSpawner
(undefined method `start_with?' for
"/production/catalog/spainfradev.spa.sgstestcom.com":String) (process 25348):
from /usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack.rb:40:in
`call'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/rack/request_handler.rb:81:in
`process_request'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/abstract_request_handler.rb:203:in
`main_loop'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/rack/application_spawner.rb:110:in
`run'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/rack/application_spawner.rb:67:in
`spawn_application'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/utils.rb:181:in
`safe_fork'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/rack/application_spawner.rb:60:in
`spawn_application'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/rack/application_spawner.rb:45:in
`spawn_application'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/spawn_manager.rb:158:in
`spawn_application'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/spawn_manager.rb:282:in
`handle_spawn_application'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/abstract_server.rb:337:in
`__send__'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/abstract_server.rb:337:in
`main_loop'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/lib/phusion_passenger/abstract_server.rb:187:in
`start_synchronously'
from
/usr/lib64/ruby/gems/1.8/gems/passenger-2.2.2/bin/passenger-spawn-server:61
If I shut down the httpd server and fire up puppetmasterd, it works fine. I’m
just replicating from this box to itself as a test, but it seems to have a
problem with some sort of ruby call? (I am not too familiar with ruby, so I
could be wrong there)
Some particulars:
ruby-libs-1.8.5-5.el5_2.6
ruby-1.8.5-5.el5_2.6
ruby-devel-1.8.5-5.el5_2.6
ruby-irb-1.8.5-5.el5_2.6
ruby-devel-1.8.5-5.el5_2.6
ruby-rdoc-1.8.5-5.el5_2.6
ruby-libs-1.8.5-5.el5_2.6
[r...@localhost puppet]# puppetd --version
0.25.0beta1
[r...@localhost puppet]# gem --version
1.3.3
Running CentOS 5.3 x86_64
Thanks in advance,
--Chris
=====================================================================
Christopher Marlow Phone: 518-580-0555
Systems Administrator Fax: 518-580-2320
SGS Testcom, Inc. Cell: 518-275-1003
2911 State Route 9, Suite 3 Email: christopher.mar...@sgs.com
Ballston Spa, NY 12020
=====================================================================
Information in this email and any attachments is confidential and
intended solely for the use of the individual(s) to whom it is addressed
or otherwise directed. Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the Company.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The Company accepts no liability for any damage
caused by any virus transmitted by this email.
All SGS services are rendered in accordance with the applicable SGS
conditions of service available on request and accessible at
http://www.sgs.com/terms_and_conditions.htm
Information in this email and any attachments is confidential and
intended solely for the use of the individual(s) to whom it is addressed
or otherwise directed. Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the Company.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The Company accepts no liability for any damage
caused by any virus transmitted by this email.
All SGS services are rendered in accordance with the applicable SGS
conditions of service available on request and accessible at
http://www.sgs.com/terms_and_conditions.htm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
