Hi,
I did a Puppetmaster installation using Nginx + Puppet and almost everything
is working. Almost :(
When a new client is going to connect to the puppet server, it generates its
certificate and do a request on the web server (PUT). But it appears that
the certificate is being stored on the wrong directory.
In WEBrick, the certificate requests are stored on
/var/lib/puppet/ssl/ca/requests, which "puppetca -l" lists nicely and I can
sign it. But with Passenger, the certificate is being stored on
/var/lib/puppet/ssl/certificate_requests, which I know is used to store the
local host certificate request, not the remote ones.
I did manage to get around this specifying the option
requestdir=/var/lib/puppet/ssl/ca/requests (defaults
to /var/lib/puppet/ssl/certificate_requests) on config.ru or
/etc/puppet/puppet.conf but I think this is a strange behavior. Also, with
this problem, auto-sign don't work (not critical for me).
Some information on my environment:
CentOS 5.5
puppet-0.25.5
facter-1.5.8
ruby-enterprise-1.8.7
ruby-enterprise-rubygem-passenger-3.0.0
ruby-enterprise-rubygem-rack-1.2.1
I traced both requests in WEBrick and Passenger and the client always
requests the same paths:
---8<---
"GET /production/certificate/qamericana1.ir7.com.br HTTP/1.1" 404 49 "-" "-"
"-"
"GET /production/certificate_request/qamericana1.ir7.com.br HTTP/1.1" 404 57
"-" "-" "-"
"PUT /production/certificate_request/qamericana1.ir7.com.br HTTP/1.1" 200 4
"-" "-" "-"
"GET /production/certificate/qamericana1.ir7.com.br HTTP/1.1" 404 49 "-" "-"
"-"
---8<---
And config.ru:
---8<---
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
$:.unshift('/usr/lib/ruby/site_ruby/1.8/')
$0 = "master"
# if you want debugging:
#ARGV << "--debug"
ARGV << "--confdir=/etc/puppet"
ARGV << "--requestdir=/var/lib/puppet/ssl/ca/requests"
ARGV << "--rack"
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run
---8<---
Thanks,
--
[]'s
Hugo
www.devin.com.br
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
