Ah, cool. That kind of information is good to know. I have to redo all this
anyway (this is our dev build) so under the hood info is great. Thanks
again!
On Wed, Aug 18, 2010 at 6:28 PM, Patrick Mohr <kc7...@gmail.com> wrote:
>
> On Aug 17, 2010, at 9:51 PM, Sven Schott wrote:
>
> The config file said those were only used with mongrel so I didn't
> uncomment them. However, after fiddling for while I found that I had missed
> the exact same thing on the apache virtual hosts config. The following lines
> were missing:
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> which *are* in the instructions on the puppet wiki but not on the
> instructions I had. Once I added that to the virtual hosts config,
> everything went peachy. Thanks for the reply anyways. I appreciate it.
>
>
> That's half true. Basically, apache and puppet use different header names
> for the same thing be default, so you can either tell apache to name them
> differently, or tell puppet to look for different header.
>
> On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr <kc7...@gmail.com> wrote:
>
>> I think you might have missed this bit:
>>
>> *Setup your puppet.conf*
>>
>> *Make sure you have the following set in your puppetmaster’s puppet.conf:
>> *
>>
>> *[puppetmasterd]*
>>
>> *ssl_client_header = SSL_CLIENT_S_DN*
>>
>> *ssl_client_verify_header = SSL_CLIENT_VERIFY*
>>
>>
>> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott <sven.sch...@gmail.com>wrote:
>>
>>> Hi everyone
>>>
>>> I'm having a problem with a clean install of puppet (2.6.0) on a Mac
>>> server (Mac OS 10.5.8). I set up puppet initially with MySQL and the
>>> puppetmaster standalone (Webrick) and that works fine. Clients can connect
>>> and there are no problems. But when I configured it to use Apache and
>>> Passenger, the client responds that the request is forbidden.
>>>
>>> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
>>> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/
>>> XXX.XXX.XXX [find] at line 97
>>>
>>> So after going through the mailing lists and google I've found that the
>>> auth.conf file is the problem. I have stock standard auth.conf which looks
>>> like this:
>>>
>>> http://pastie.org/1098939
>>>
>>> And yes, adding auth no to the first four methods does make it work, but
>>> I know that's not the problem (or the solution). Am I missing something? Is
>>> it a bug or PEBKAC?
>>>
>>> Some of the relevant puppet.conf entries
>>>
>>> vardir = /var/lib/puppet
>>> confdir = /etc/puppet
>>> puppetdlog = '$logdir/puppetd.log'
>>> logdir = '$vardir/log'
>>> rest_authconfig = '$confdir/auth.conf'
>>> masterlog = '$logdir/puppetmaster.log'
>>>
>>> The Gem versions I am using:
>>>
>>> facter (1.5.7)
>>> mongrel (1.1.5)
>>> passenger (2.2.15)
>>> puppet (2.6.0)
>>> rack (1.2.1, 1.1.0)
>>> ruby-mysql (2.9.3)
>>>
>>> The backtrace on the server is:
>>>
>>> http://pastie.org/1098964
>>>
>>> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>>>
>>> Virtualhost entry in apache looks like this:
>>>
>>> http://pastie.org/1098973
>>>
>>> and the config.ru file looks like this:
>>>
>>> http://pastie.org/1098974
>>>
>>> The client and server certs are fine (standalone works fine) and there
>>> are no connectivity problems between the client and server.
>>>
>>> Anyone seen this or have any ideas? Any help would be greatly
>>> appreciated.
>>>
>>> Regards
>>>
>>> Sven Schott
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
