I used the example one from 0.25 - changed the hostname for the cert, and the path for the DocumentRoot/Directory.
2009/9/11 philipp Hanselmann <philipp.hanselm...@gmail.com>: > > Matt schrieb: >> For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the >> passenger apache module, then removed all traces of puppet includes >> certs. >> >> Installed puppet 0.25 rpms, set up the config.ru and all worked. >> > > And the /etc/httpd/conf.d/puppet.conf ? > Have you edited that file after the installation of 0.25 ? >> 2009/9/10 philipp Hanselmann <philipp.hanselm...@gmail.com>: >> >>> philipp Hanselmann schrieb: >>> >>>> I have similar issues with passenger 2.2.5. >>>> >>>> Now I am trying to downgrade passenger to 2.2.2 >>>> gem install passenger -v 2.2.2 >>>> >>>> This will install 2.2.2, but the passenger 2.2.5 remains installed? >>>> >>>> Than I noticed that the install process, still use 2.2.5! >>>> passenger-install-apache2-module >>>> >>>> >>>> So how can I remove passenger 2.2.5 ? >>>> >>>> >>>> >>> Ok. I found it by myself .. >>> gem uninstall passenger -v 2.2.5 >>> >>> >>> >>> >>>> Pete Emerson schrieb: >>>> >>>>> Done. The issue is now posted here, and I added --trace to my >>>>> puppetmasterd arguments to provide more info. >>>>> >>>>> http://projects.reductivelabs.com/issues/2620 >>>>> >>>>> Pete >>>>> >>>>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <l...@madstop.com> wrote: >>>>> >>>>> >>>>>> Can you file this as a bug, and add all of this logging data to it? >>>>>> >>>>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>>>> >>>>>> >>>>>> >>>>>>> I'm seeing this as well, and have some info that may be useful. For me >>>>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>>>> the puppetmasterd daemon directly. >>>>>>> >>>>>>> I started with exactly the auth.conf from here: >>>>>>> >>>>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>>>> >>>>>>> >>>>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>>>> when the client connects: >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing 'method' find >>>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>>> info: access[/certificate_revocation_list/ca]: allowing 'method' find >>>>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>>>> info: access[/report]: allowing 'method' save >>>>>>> info: access[/report]: allowing * access >>>>>>> info: access[/file]: allowing * access >>>>>>> info: access[/certificate/ca]: adding authentication no >>>>>>> info: access[/certificate/ca]: allowing 'method' find >>>>>>> info: access[/certificate/ca]: allowing * access >>>>>>> info: access[/certificate/]: adding authentication no >>>>>>> info: access[/certificate/]: allowing 'method' find >>>>>>> info: access[/certificate/]: allowing * access >>>>>>> info: access[/certificate_request]: adding authentication no >>>>>>> info: access[/certificate_request]: allowing 'method' find >>>>>>> info: access[/certificate_request]: allowing 'method' save >>>>>>> info: access[/certificate_request]: allowing * access >>>>>>> info: access[/]: adding authentication any >>>>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>>>> 01.admin.demo.nym1 >>>>>>> warning: Denying access: Forbidden request: >>>>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>>> >>>>>>> Lines 51 through 54 of the auth.conf: >>>>>>> >>>>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>>>> path ~ ^/catalog/([^/]+)$ >>>>>>> method find >>>>>>> allow $1 >>>>>>> >>>>>>> When I change 'allow $1' to 'allow *', the client is able to connect >>>>>>> and it successfully ran my manifest. >>>>>>> >>>>>>> If I change my allow line to 'allow fakesstringhere', I see this: >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>>>> >>>>>>> When I change it back to 'allow $1': >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>>> >>>>>>> It seems like the regex capture of (^[/]+) isn't being stored in $1, >>>>>>> and $1 is being used literally instead of substituting in the value >>>>>>> from the regex? >>>>>>> >>>>>>> In case versions are interesting, I'm using CentOS 5 with the rpms >>>>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>>>> >>>>>>> puppet-0.25.0-0.4.el5.noarch >>>>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>>>> rubygems-1.3.1-1.el5.noarch >>>>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>>>> >>>>>>> ruby gem info (although passenger is out of the mix): >>>>>>> fastthread (1.0.7) >>>>>>> passenger (2.2.2) >>>>>>> rack (1.0.0) >>>>>>> rake (0.8.7) >>>>>>> >>>>>>> Pete >>>>>>> >>>>>>> >>>>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>>>> <ja...@nothingbeatsaduck.com> wrote: >>>>>>> >>>>>>> >>>>>>>> I am seeing this problem as well. >>>>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>>>> >>>>>>>> >>>>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>>>> >>>>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> hmm passenger 2.2.5 is released? hmm I'll have to test it out. >>>>>>>>>> -L >>>>>>>>>> -- >>>>>>>>>> Larry Ludwig >>>>>>>>>> Reductive Labs >>>>>>>>>> >>>>>>>>>> >>>>>> -- >>>>>> It is well to remember that the entire universe, with one trifling >>>>>> exception, is composed of others. --John Andrew Holmes >>>>>> --------------------------------------------------------------------- >>>>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >> > >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
