On Mon, Jun 11, 2012 at 4:15 AM, Denmat <tu2bg...@gmail.com> wrote:
> Hi,
>
> Do you actually have an apache vhost configured for the puppet master?
Yeah, could you paste the apache configuration that's setting up the
virtual host (vhost) and opening the socket on port 8140?
Something like this (This is the Puppet Enterprise vhost configuration).
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/etc/puppetlabs/puppet/ssl/certs/lab-puppet.dc1.puppetlabs.net.pem
SSLCertificateKeyFile
/etc/puppetlabs/puppet/ssl/private_keys/lab-puppet.dc1.puppetlabs.net.pem
SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSLCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSLCARevocationFile /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /var/opt/lib/pe-puppetmaster/public/
<Directory /var/opt/lib/pe-puppetmaster/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
> The doco here is pretty clear on what is needed:
> http://docs.puppetlabs.com/guides/passenger.html
>
> Have a look at the file here for an example of what the vhost should look
> like:
> https://github.com/puppetlabs/puppet/blob/master/ext/rack/files/apache2.conf
>
> Also, for emphasis, you need to make sure your config.ru is owned by puppet
> (trips a few people up).
>
> Cheers,
> Den
>
>
> On 11/06/2012, at 18:50, Sans <r.santanu....@gmail.com> wrote:
>
> Dear all,
>
> I'm still trying to understand how this Apache/Passenger thing works.
>
> Running Puppet v2.7.14 on CEntOs 6 and also using Apache/Passenger instead
> of WEBrick. I was told that puppetmaster service is not required to be
> running (hence: chkconfig off puppetmaster) running when using httpd and
> passenger but in my case, if I don't start puppetmasterd manually, none of
> the agents can connect to the master. I can start httpd just fine and
> passenger seems to start okay as well. This is my apache configuration file:
>
>> # /etc/httpd/conf.d/passenger.conf
>> LoadModule passenger_module modules/mod_passenger.so
>>
>> <IfModule mod_passenger.c>
>> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
>> PassengerRuby /usr/bin/ruby
>> #PassengerTempDir /var/run/rubygem-passenger
>>
>> PassengerHighPerformance on
>> PassengerUseGlobalQueue on
>> PassengerMaxPoolSize 15
>> PassengerPoolIdleTime 150
>> PassengerMaxRequests 10000
>> PassengerStatThrottleRate 120
>> RackAutoDetect Off
>> RailsAutoDetect Off
>> </IfModule>
>
>
>
> Upon restart, I see these in the httpd_error log:
>
>> [Sat Jun 09 04:06:47 2012] [notice] caught SIGTERM, shutting down
>> [Sat Jun 09 09:06:51 2012] [notice] suEXEC mechanism enabled (wrapper:
>> /usr/sbin/suexec)
>> [Sat Jun 09 09:06:51 2012] [notice] Digest: generating secret for digest
>> authentication ...
>> [Sat Jun 09 09:06:51 2012] [notice] Digest: done
>> [Sat Jun 09 09:06:51 2012] [notice] Apache/2.2.15 (Unix) DAV/2
>> Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured --
>> resuming normal operations
>
>
>
> And passenger-status prints these info on the screen:
>
>> ----------- General information -----------
>> max = 15
>> count = 0
>> active = 0
>> inactive = 0
>> Waiting on global queue: 0
>>
>> ----------- Application groups -----------
>
>
>
> But still, as I said, none of my agents can actually talk to the master
> until I start *puppetmasterd* manually. Does anyone know what am I still
> missing? Or, is this the way it supposed too be? Cheers!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/bFZpBN-6YugJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
