Matt schrieb: > For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the > passenger apache module, then removed all traces of puppet includes > certs. > > Installed puppet 0.25 rpms, set up the config.ru and all worked. >
And the /etc/httpd/conf.d/puppet.conf ? Have you edited that file after the installation of 0.25 ? > 2009/9/10 philipp Hanselmann <philipp.hanselm...@gmail.com>: > >> philipp Hanselmann schrieb: >> >>> I have similar issues with passenger 2.2.5. >>> >>> Now I am trying to downgrade passenger to 2.2.2 >>> gem install passenger -v 2.2.2 >>> >>> This will install 2.2.2, but the passenger 2.2.5 remains installed? >>> >>> Than I noticed that the install process, still use 2.2.5! >>> passenger-install-apache2-module >>> >>> >>> So how can I remove passenger 2.2.5 ? >>> >>> >>> >> Ok. I found it by myself .. >> gem uninstall passenger -v 2.2.5 >> >> >> >> >>> Pete Emerson schrieb: >>> >>>> Done. The issue is now posted here, and I added --trace to my >>>> puppetmasterd arguments to provide more info. >>>> >>>> http://projects.reductivelabs.com/issues/2620 >>>> >>>> Pete >>>> >>>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <l...@madstop.com> wrote: >>>> >>>> >>>>> Can you file this as a bug, and add all of this logging data to it? >>>>> >>>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>>> >>>>> >>>>> >>>>>> I'm seeing this as well, and have some info that may be useful. For me >>>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>>> the puppetmasterd daemon directly. >>>>>> >>>>>> I started with exactly the auth.conf from here: >>>>>> >>>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>>> >>>>>> >>>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>>> when the client connects: >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing 'method' find >>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>> info: access[/certificate_revocation_list/ca]: allowing 'method' find >>>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>>> info: access[/report]: allowing 'method' save >>>>>> info: access[/report]: allowing * access >>>>>> info: access[/file]: allowing * access >>>>>> info: access[/certificate/ca]: adding authentication no >>>>>> info: access[/certificate/ca]: allowing 'method' find >>>>>> info: access[/certificate/ca]: allowing * access >>>>>> info: access[/certificate/]: adding authentication no >>>>>> info: access[/certificate/]: allowing 'method' find >>>>>> info: access[/certificate/]: allowing * access >>>>>> info: access[/certificate_request]: adding authentication no >>>>>> info: access[/certificate_request]: allowing 'method' find >>>>>> info: access[/certificate_request]: allowing 'method' save >>>>>> info: access[/certificate_request]: allowing * access >>>>>> info: access[/]: adding authentication any >>>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>>> 01.admin.demo.nym1 >>>>>> warning: Denying access: Forbidden request: >>>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>> >>>>>> Lines 51 through 54 of the auth.conf: >>>>>> >>>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>>> path ~ ^/catalog/([^/]+)$ >>>>>> method find >>>>>> allow $1 >>>>>> >>>>>> When I change 'allow $1' to 'allow *', the client is able to connect >>>>>> and it successfully ran my manifest. >>>>>> >>>>>> If I change my allow line to 'allow fakesstringhere', I see this: >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>>> >>>>>> When I change it back to 'allow $1': >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>> >>>>>> It seems like the regex capture of (^[/]+) isn't being stored in $1, >>>>>> and $1 is being used literally instead of substituting in the value >>>>>> from the regex? >>>>>> >>>>>> In case versions are interesting, I'm using CentOS 5 with the rpms >>>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>>> >>>>>> puppet-0.25.0-0.4.el5.noarch >>>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>>> rubygems-1.3.1-1.el5.noarch >>>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>>> >>>>>> ruby gem info (although passenger is out of the mix): >>>>>> fastthread (1.0.7) >>>>>> passenger (2.2.2) >>>>>> rack (1.0.0) >>>>>> rake (0.8.7) >>>>>> >>>>>> Pete >>>>>> >>>>>> >>>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>>> <ja...@nothingbeatsaduck.com> wrote: >>>>>> >>>>>> >>>>>>> I am seeing this problem as well. >>>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>>> >>>>>>> >>>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>>> >>>>>>> >>>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>>> >>>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> hmm passenger 2.2.5 is released? hmm I'll have to test it out. >>>>>>>>> -L >>>>>>>>> -- >>>>>>>>> Larry Ludwig >>>>>>>>> Reductive Labs >>>>>>>>> >>>>>>>>> >>>>> -- >>>>> It is well to remember that the entire universe, with one trifling >>>>> exception, is composed of others. --John Andrew Holmes >>>>> --------------------------------------------------------------------- >>>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>>> >>>>> >>>>> >>>>> >>>> >>> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
