Where did you find the log? I opened a similar thread three days
ago... with no results yet.
like you I didn't found it in /var/log/puppet/.
On 14 Aug., 01:46, Yushu <yao.yu...@gmail.com> wrote:
> Just to add: in the puppet masterlog it shows below. What causes the
> "Could not resolve 192.168.2.3: no name for 192.168.2.3" ?
>
> I'm running inside Eucalyptus, where the domainname is strange.
>
> Also, with exactly the same configuration/certs, if I run
> puppetmasterd directly, it works fine.
>
> Thanks a lot!
>
> -Yushu
>
> Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET /
> production/certificate_revocation_list/ca
> Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve
> 192.168.2.3: no name for 192.168.2.3
> Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to
> no access for 192.168.2.3
> Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden
> request: 192.168.2.3(192.168.2.3) access to /
> certificate_revocation_list/ca [find] at line 93
> Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request:
> 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca
> [find] at line 93
>
> On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote:
>
> > Hi Experts,
>
> > I'm trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and
> > it refuse to work with an error:
>
> > *err: Could not retrieve catalog from remote server: Error 403 on SERVER:
> > Forbidden request: 192.168.2.3(192.168.2.3) access to
> > /certificate_revocation_list/ca [find] at line 93*
>
> > I googled around and found this problem was discussed some time ago, but
> > there was no clear fix.
>
> > Any help is appreciated.
>
> > A side question is where are the logs of puppetmaster stored? They are not
> > in /var/log/messages nor $logdir/*
>
> > Thanks a lot.
>
> > -Yushu
>
> > *dpkg -l|grep apache*
>
> > ii apache2 2.2.14-5ubuntu8 Apache HTTP
> > Server metapackage
> > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP
> > Server - high speed threaded mod
> > ii apache2-utils 2.2.14-5ubuntu8 utility
> > programs for webservers
> > ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP
> > Server common binary files
> > ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP
> > Server common files
> > ii libapache2-mod-passenger 2.2.7debian-1 Rails and
> > Rack support for Apache2
> > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI
> > adapter module for Apache
>
> > *dpkg -l|grep ruby*
> > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas
> > bindings for the Ruby language
> > ii libopenssl-ruby 4.2 OpenSSL
> > interface for Ruby
> > ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL
> > interface for Ruby 1.8
> > ii librack-ruby 1.1.0-3 A modular
> > Ruby webserver interface
> > ii librack-ruby1.8 1.1.0-3 A modular
> > Ruby webserver interface (Ruby 1.8
> > ii libreadline-ruby1.8 1.8.7.249-2 Readline
> > interface for Ruby 1.8
> > ii libruby 4.2 Libraries
> > necessary to run Ruby 1.8.x
> > ii libruby1.8 1.8.7.249-2 Libraries
> > necessary to run Ruby 1.8
> > ii libshadow-ruby1.8 1.4.1-8build1 Interface
> > of shadow password for Ruby 1.8
> > ii libxmlrpc-ruby 4.2
> > transitional dummy package
> > ii rdoc 4.2 Generate
> > documentation from ruby source file
> > ii ruby 4.2 An
> > interpreter of object-oriented scripting
> > ii ruby1.8 1.8.7.249-2 Interpreter
> > of object-oriented scripting lan
> > ii rubygems 1.3.5-1ubuntu2 package
> > management framework for Ruby librar
> > ii rubygems1.8 1.3.5-1ubuntu2 package
> > management framework for Ruby librar
>
> > *cat ../puppetrack/puppetmasterd/config.ru *
> > # a config.ru, for use with every rack-compatible webserver.
> > # SSL needs to be handled outside this, though.
>
> > # if puppet is not in your RUBYLIB:
> > # $:.unshift('/opt/puppet/lib')
>
> > $0 = "puppetmasterd"
> > require 'puppet'
>
> > # if you want debugging:
> > ARGV << "--debug"
>
> > ARGV << "--rack"
> > require 'puppet/application/puppetmasterd'
> > # we're usually running inside a Rack::Builder.new {} block,
> > # therefore we need to call run *here*.
> > run Puppet::Application[:puppetmasterd].run
>
> > *cat /etc/puppet/puppet.conf*
> > [main]
> > pluginsync = true
>
> > [puppetmasterd]
> > confdir=/opt/cloudcrv/puppet
> > vardir=/opt/cloudcrv/varpuppet
> > ssldir = $vardir/ssl
> > user = cloudcrv
>
> > # The Puppet log directory.
> > # The default value is '$vardir/log'.
> > logdir = $vardir/log
>
> > # Where Puppet PID files are kept.
> > # The default value is '$vardir/run'.
> > rundir = $vardir/run
>
> > # Where SSL certificates are kept.
> > # The default value is '$confdir/ssl'.
> > ssldir = $vardir/ssl
>
> > rails_loglevel = debug
>
> > *cat /etc/apache2/sites-available/puppetmaster *
>
> > # you probably want to tune these settings
> > PassengerHighPerformance on
> > PassengerMaxPoolSize 12
> > PassengerPoolIdleTime 1500
> > # PassengerMaxRequests 1000
> > PassengerStatThrottleRate 120
> > RackAutoDetect Off
> > RailsAutoDetect Off
>
> > Listen 8140
>
> > <VirtualHost *:8140>
> > ServerName 192.168.2.4
> > SSLEngine on
> > SSLProtocol -ALL +SSLv3 +TLSv1
> > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> > SSLCertificateFile
> > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem
> > SSLCertificateKeyFile
> > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem
> > SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
> > SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
> > # If Apache complains about invalid signatures on the CRL, you can
> > try disabling
> > # CRL checking by commenting the next line, but this is not
> > recommended.
> > #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem
> > SSLVerifyClient optional
> > SSLVerifyDepth 1
> > SSLOptions +StdEnvVars
>
> > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public
> > RackBaseURI /
> > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public >
> > Options None
> > AllowOverride None
> > Order allow,deny
> > allow from all
> > </Directory>
> > </VirtualHost>
>
> > *Client Error Message:*
> > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace
> > debug: Puppet::Type::User::ProviderLdap: true value when expecting false
> > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not
> > exist
> > debug: Puppet::Type::User::ProviderPw: file pw does not exist
> > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
> > not exist
> > debug: Failed to load library 'ldap' for feature 'ldap'
> > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring
> > File[/etc/puppet/ssl/private_keys]
> > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring
> > File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
> > File[/var/lib/puppet/state]
> > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
> > File[/etc/puppet/ssl/certs]
> > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
> > File[/etc/puppet/ssl/certs]
> > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
> > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring
> > File[/var/lib/puppet]
> > debug: Finishing transaction 70037710483600 with 0 changes
> > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
> > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
> > File[/etc/puppet/ssl/certs]
> > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
> > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
> > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
>
> ...
>
> Erfahren Sie mehr »
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
