Safest bet is to downgrade passenger to 2.2.2, at least that is what I
have done, and your config is similar to mine
For above 2.2.2 the config from the puppet source tree
(ext/rack/files/apache2.conf) should be the right one, but that never
worked for me. As a general ideea from what I understood in the 2.2.3
version they changed how environment variables work (RequestHeader set
lines) and in 2.2.5 they tried making them backward compatible but
puppet+passenger>2.2.2 never worked for me as I said. I'm gonna give it
another shot when puppet 0.25.2 is out.
Also don't forget to check the apache logs, and make the puppet master
more verbose in it's logs. (see the config.ru file)
Silviu
windowsrefund wrote:
> Server OS: Opensolaris 2009.06
> Client OS: Same machine
> Puppet: 0.25.1,REV=2009.11.16
> ruby: 1.8.7,REV=2009.10.26_rev=p174
> apache: 2.2
>
> The following gems are installed:
> actionmailer (2.3.5)
> actionpack (2.3.5)
> activerecord (2.3.5)
> activeresource (2.3.5)
> activesupport (2.3.5)
> cgi_multipart_eof_fix (2.5.0)
> daemons (1.0.10)
> fastthread (1.0.7)
> gem_plugin (0.2.3)
> mongrel (1.1.5)
> passenger (2.2.8)
> rack (1.0.1)
> rails (2.3.5)
> rake (0.8.7)
>
> Running puppetd --test results in this error:
>
> err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE
> HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>405 Method Not Allowed</title>
> </head><body>
> <h1>Method Not Allowed</h1>
> <p>The requested method PUT is not allowed for the URL /production/
> certificate_request/puppet.example.com.</p>
> </body></html>
>
> And here is the apache vhost config:
>
> PassengerHighPerformance on
> PassengerMaxPoolSize 12
> PassengerPoolIdleTime 1500
> # PassengerMaxRequests 1000
> PassengerStatThrottleRate 120
> RackAutoDetect Off
> RailsAutoDetect Off
>
> Listen 8140
>
> <VirtualHost *:8140>
> SSLEngine on
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> SSLCertificateFile /var/puppet/ssl/certs/puppet.pem
> SSLCertificateKeyFile /var/puppet/ssl/private_keys/puppet.pem
> SSLCertificateChainFile /var/puppet/ssl/ca/ca_crt.pem
> SSLCACertificateFile /var/puppet/ssl/ca/ca_crt.pem
> # If Apache complains about invalid signatures on the CRL, you
> can try disabling
> # CRL checking by commenting the next line, but this is not
> recommended.
> SSLCARevocationFile /var/puppet/ssl/ca/ca_crl.pem
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLOptions +StdEnvVars
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
> DocumentRoot /var/apache2/2.2/apps/rack/public/
> RackBaseURI /
> <Directory /var/apache2/2.2/apps/rack/>
> Options None
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> ErrorLog /var/log/passenger_error.log
> CustomLog /var/log/passenger_access.log combined
> CustomLog /var/log/passenger_ssl_request.log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
