Hi Experts,
I'm trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and
it refuse to work with an error:
*err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: 192.168.2.3(192.168.2.3) access to
/certificate_revocation_list/ca [find] at line 93*
I googled around and found this problem was discussed some time ago, but
there was no clear fix.
Any help is appreciated.
A side question is where are the logs of puppetmaster stored? They are not
in /var/log/messages nor $logdir/*
Thanks a lot.
-Yushu
*dpkg -l|grep apache*
ii apache2 2.2.14-5ubuntu8 Apache HTTP
Server metapackage
ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP
Server - high speed threaded mod
ii apache2-utils 2.2.14-5ubuntu8 utility
programs for webservers
ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP
Server common binary files
ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP
Server common files
ii libapache2-mod-passenger 2.2.7debian-1 Rails and
Rack support for Apache2
ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI
adapter module for Apache
*dpkg -l|grep ruby*
ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas
bindings for the Ruby language
ii libopenssl-ruby 4.2 OpenSSL
interface for Ruby
ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL
interface for Ruby 1.8
ii librack-ruby 1.1.0-3 A modular
Ruby webserver interface
ii librack-ruby1.8 1.1.0-3 A modular
Ruby webserver interface (Ruby 1.8
ii libreadline-ruby1.8 1.8.7.249-2 Readline
interface for Ruby 1.8
ii libruby 4.2 Libraries
necessary to run Ruby 1.8.x
ii libruby1.8 1.8.7.249-2 Libraries
necessary to run Ruby 1.8
ii libshadow-ruby1.8 1.4.1-8build1 Interface
of shadow password for Ruby 1.8
ii libxmlrpc-ruby 4.2
transitional dummy package
ii rdoc 4.2 Generate
documentation from ruby source file
ii ruby 4.2 An
interpreter of object-oriented scripting
ii ruby1.8 1.8.7.249-2 Interpreter
of object-oriented scripting lan
ii rubygems 1.3.5-1ubuntu2 package
management framework for Ruby librar
ii rubygems1.8 1.3.5-1ubuntu2 package
management framework for Ruby librar
*cat ../puppetrack/puppetmasterd/config.ru *
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.unshift('/opt/puppet/lib')
$0 = "puppetmasterd"
require 'puppet'
# if you want debugging:
ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run
*cat /etc/puppet/puppet.conf*
[main]
pluginsync = true
[puppetmasterd]
confdir=/opt/cloudcrv/puppet
vardir=/opt/cloudcrv/varpuppet
ssldir = $vardir/ssl
user = cloudcrv
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = $vardir/log
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = $vardir/run
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
rails_loglevel = debug
*cat /etc/apache2/sites-available/puppetmaster *
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
ServerName 192.168.2.4
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem
SSLCertificateKeyFile
/opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem
SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not
recommended.
#SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public
RackBaseURI /
<Directory /opt/cloudcrv/puppetrack/puppetmasterd/public >
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
*Client Error Message:*
-bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not
exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring
File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring
File[/var/lib/puppet]
debug: Finishing transaction 70037710483600 with 0 changes
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70037709988180 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for 192.168.2.3
debug: Finishing transaction 70037709743040 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for 192.168.2.3
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in
`http_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in
`retrieve_new_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in
`retrieve_new_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in `retrieve_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetd:160
err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: 192.168.2.3(192.168.2.3) access to
/certificate_revocation_list/ca [find] at line 93
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
