Re: [Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2

Mon, 08 Feb 2010 16:50:22 -0800 

On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote:

>> I've seen the same thing with my setup...the solution for me was to
>> put the "RequestHeader" lines found on the Puppet Passenger wiki page
>> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my
>> Apache virtual host config:
>> 
>>         RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
>>         RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
>>         RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>> 
>> ...not sure why that section isn't included in the provided template
>> (./ext/rack/files/apache2.conf) from the puppet sources (I'm using
>> v0.25.4), but adding them fixed things up for me. Note that I also
>> don't have an auth.conf file, and even if I add one and take these
>> lines out, I'm back to getting the "err: Could not retrieve catalog
>> from remote server: Error 403 on SERVER:" message. Hope that helps!
> 
> Indeed this was the solution... thanks so much for your help!!
> I'm agree it's strange that those lines are not in the provided
> template...
> Anyone know why?


The documented suggestion -- though I agree it's not on the wiki page; once we 
resolve this question here I'd be happy to update UsingPassenger this as I've 
just gone through it myself -- is to go at it from the other direction. Instead 
of changing apache to match puppet's defaults, you tell puppet the names of the 
apache variables:

(from ext/rack/README)
Required puppet.conf settings:
  [puppetmasterd]
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY


Then the required httpd.conf line is just
  SSLOptions +StdEnvVars

which *is* in the config file in the distribution.  

I'm not enough of an expert to know whether one is preferable to the other, 
though.  


-=Eric

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to