Hi Den, jeff,
Sorry for my late reply.
Yes, I do have puppetmaster-vost.conf and I've separated the passenger
config file. So, this is what I have:
> # */etc/httpd/conf.d/puppetmaster.conf *
>
> Listen 8086
>
> <VirtualHost sdas.dnsdynamic.com:8086>
> SSLEngine on
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> SSLCertificateFile
> /var/lib/puppet/ssl/certs/sdas.dnsdynamic.com.pem
> SSLCertificateKeyFile
> /var/lib/puppet/ssl/private_keys/sdas.dnsdynamic.com.pem
> SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
> SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
>
> # If Apache complains about invalid signatures on the CRL, you can try
> disabling
> # CRL checking by commenting the next line, but this is not
> recommended.
> SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLOptions +StdEnvVars
>
> DocumentRoot /etc/puppet/rack/public
> RackBaseURI /
> <Directory "/etc/puppet/rack/public">
> Options None
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> LogLevel warn
> ErrorLog /var/log/httpd/puppetm_error.log
> CustomLog /var/log/httpd/puppetm_access.log combined
>
> </VirtualHost>
*# /etc/httpd/conf.d/passenger.conf *
>
LoadModule passenger_module modules/mod_passenger.so
>
> <IfModule mod_passenger.c>
> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
> PassengerRuby /usr/bin/ruby
> #PassengerTempDir /var/run/rubygem-passenger
>
> PassengerHighPerformance on
> PassengerUseGlobalQueue on
> PassengerMaxPoolSize 15
> PassengerPoolIdleTime 150
> PassengerMaxRequests 10000
> PassengerStatThrottleRate 120
> RackAutoDetect on
> RailsAutoDetect on
> </IfModule>
>
The only difference, what I can see, with Jeff is that I'm running Puppet
on port 8086. This port is also allowed in the iptables. Any thing else
should I check?
Cheers,
San
On Monday, June 11, 2012 6:26:44 PM UTC+1, Jeff McCune wrote:
>
> On Mon, Jun 11, 2012 at 4:15 AM, Denmat <tu2bg...@gmail.com> wrote:
> > Hi,
> >
> > Do you actually have an apache vhost configured for the puppet master?
>
> Yeah, could you paste the apache configuration that's setting up the
> virtual host (vhost) and opening the socket on port 8140?
>
> Something like this (This is the Puppet Enterprise vhost configuration).
>
> Listen 8140
> <VirtualHost *:8140>
> SSLEngine on
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
> SSLCertificateFile
> /etc/puppetlabs/puppet/ssl/certs/lab-puppet.dc1.puppetlabs.net.pem
> SSLCertificateKeyFile
> /etc/puppetlabs/puppet/ssl/private_keys/lab-puppet.dc1.puppetlabs.net.pem
> SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
> SSLCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
>
> SSLCARevocationFile /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
>
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLOptions +StdEnvVars
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> RackAutoDetect On
> DocumentRoot /var/opt/lib/pe-puppetmaster/public/
> <Directory /var/opt/lib/pe-puppetmaster/>
> Options None
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
> </VirtualHost>
>
> > The doco here is pretty clear on what is needed:
> > http://docs.puppetlabs.com/guides/passenger.html
> >
> > Have a look at the file here for an example of what the vhost should
> look
> > like:
> >
> https://github.com/puppetlabs/puppet/blob/master/ext/rack/files/apache2.conf
> >
> > Also, for emphasis, you need to make sure your config.ru is owned by
> puppet
> > (trips a few people up).
> >
> > Cheers,
> > Den
> >
> >
> > On 11/06/2012, at 18:50, Sans <r.santanu....@gmail.com> wrote:
> >
> > Dear all,
> >
> > I'm still trying to understand how this Apache/Passenger thing works.
> >
> > Running Puppet v2.7.14 on CEntOs 6 and also using Apache/Passenger
> instead
> > of WEBrick. I was told that puppetmaster service is not required to be
> > running (hence: chkconfig off puppetmaster) running when using httpd and
> > passenger but in my case, if I don't start puppetmasterd manually, none
> of
> > the agents can connect to the master. I can start httpd just fine and
> > passenger seems to start okay as well. This is my apache configuration
> file:
> >
> >> # /etc/httpd/conf.d/passenger.conf
> >> LoadModule passenger_module modules/mod_passenger.so
> >>
> >> <IfModule mod_passenger.c>
> >> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
> >> PassengerRuby /usr/bin/ruby
> >> #PassengerTempDir /var/run/rubygem-passenger
> >>
> >> PassengerHighPerformance on
> >> PassengerUseGlobalQueue on
> >> PassengerMaxPoolSize 15
> >> PassengerPoolIdleTime 150
> >> PassengerMaxRequests 10000
> >> PassengerStatThrottleRate 120
> >> RackAutoDetect Off
> >> RailsAutoDetect Off
> >> </IfModule>
> >
> >
> >
> > Upon restart, I see these in the httpd_error log:
> >
> >> [Sat Jun 09 04:06:47 2012] [notice] caught SIGTERM, shutting down
> >> [Sat Jun 09 09:06:51 2012] [notice] suEXEC mechanism enabled (wrapper:
> >> /usr/sbin/suexec)
> >> [Sat Jun 09 09:06:51 2012] [notice] Digest: generating secret for
> digest
> >> authentication ...
> >> [Sat Jun 09 09:06:51 2012] [notice] Digest: done
> >> [Sat Jun 09 09:06:51 2012] [notice] Apache/2.2.15 (Unix) DAV/2
> >> Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured
> --
> >> resuming normal operations
> >
> >
> >
> > And passenger-status prints these info on the screen:
> >
> >> ----------- General information -----------
> >> max = 15
> >> count = 0
> >> active = 0
> >> inactive = 0
> >> Waiting on global queue: 0
> >>
> >> ----------- Application groups -----------
> >
> >
> >
> > But still, as I said, none of my agents can actually talk to the master
> > until I start *puppetmasterd* manually. Does anyone know what am I still
> > missing? Or, is this the way it supposed too be? Cheers!!
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Puppet Users" group.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msg/puppet-users/-/bFZpBN-6YugJ.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/MUFktcpt00YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
