For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the passenger apache module, then removed all traces of puppet includes certs.
Installed puppet 0.25 rpms, set up the config.ru and all worked. 2009/9/10 philipp Hanselmann <philipp.hanselm...@gmail.com>: > > philipp Hanselmann schrieb: >> I have similar issues with passenger 2.2.5. >> >> Now I am trying to downgrade passenger to 2.2.2 >> gem install passenger -v 2.2.2 >> >> This will install 2.2.2, but the passenger 2.2.5 remains installed? >> >> Than I noticed that the install process, still use 2.2.5! >> passenger-install-apache2-module >> >> >> So how can I remove passenger 2.2.5 ? >> >> > Ok. I found it by myself .. > gem uninstall passenger -v 2.2.5 > > > >> >> >> Pete Emerson schrieb: >>> Done. The issue is now posted here, and I added --trace to my >>> puppetmasterd arguments to provide more info. >>> >>> http://projects.reductivelabs.com/issues/2620 >>> >>> Pete >>> >>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <l...@madstop.com> wrote: >>> >>>> Can you file this as a bug, and add all of this logging data to it? >>>> >>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>> >>>> >>>>> I'm seeing this as well, and have some info that may be useful. For me >>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>> the puppetmasterd daemon directly. >>>>> >>>>> I started with exactly the auth.conf from here: >>>>> >>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>> >>>>> >>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>> when the client connects: >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing 'method' find >>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>> info: access[/certificate_revocation_list/ca]: allowing 'method' find >>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>> info: access[/report]: allowing 'method' save >>>>> info: access[/report]: allowing * access >>>>> info: access[/file]: allowing * access >>>>> info: access[/certificate/ca]: adding authentication no >>>>> info: access[/certificate/ca]: allowing 'method' find >>>>> info: access[/certificate/ca]: allowing * access >>>>> info: access[/certificate/]: adding authentication no >>>>> info: access[/certificate/]: allowing 'method' find >>>>> info: access[/certificate/]: allowing * access >>>>> info: access[/certificate_request]: adding authentication no >>>>> info: access[/certificate_request]: allowing 'method' find >>>>> info: access[/certificate_request]: allowing 'method' save >>>>> info: access[/certificate_request]: allowing * access >>>>> info: access[/]: adding authentication any >>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>> 01.admin.demo.nym1 >>>>> warning: Denying access: Forbidden request: >>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>> >>>>> Lines 51 through 54 of the auth.conf: >>>>> >>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>> path ~ ^/catalog/([^/]+)$ >>>>> method find >>>>> allow $1 >>>>> >>>>> When I change 'allow $1' to 'allow *', the client is able to connect >>>>> and it successfully ran my manifest. >>>>> >>>>> If I change my allow line to 'allow fakesstringhere', I see this: >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>> >>>>> When I change it back to 'allow $1': >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>> >>>>> It seems like the regex capture of (^[/]+) isn't being stored in $1, >>>>> and $1 is being used literally instead of substituting in the value >>>>> from the regex? >>>>> >>>>> In case versions are interesting, I'm using CentOS 5 with the rpms >>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>> >>>>> puppet-0.25.0-0.4.el5.noarch >>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>> rubygems-1.3.1-1.el5.noarch >>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>> >>>>> ruby gem info (although passenger is out of the mix): >>>>> fastthread (1.0.7) >>>>> passenger (2.2.2) >>>>> rack (1.0.0) >>>>> rake (0.8.7) >>>>> >>>>> Pete >>>>> >>>>> >>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>> <ja...@nothingbeatsaduck.com> wrote: >>>>> >>>>>> I am seeing this problem as well. >>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>> >>>>>> >>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>> >>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>> >>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> hmm passenger 2.2.5 is released? hmm I'll have to test it out. >>>>>>>> -L >>>>>>>> -- >>>>>>>> Larry Ludwig >>>>>>>> Reductive Labs >>>>>>>> >>>> -- >>>> It is well to remember that the entire universe, with one trifling >>>> exception, is composed of others. --John Andrew Holmes >>>> --------------------------------------------------------------------- >>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>> >>>> >>>> >>> >>> >> >>> >>> >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
