Hey;
I'm running a couple of very small puppet ver 3.3 instance primarily for
learning. Seems I have a way to go. I updated a file that's supposed to
be distributed in the modules then ran the puppet agent manually. It
didn't get sent to the remote host until I stopped httpd and started the
master from the command line:
puppet master --verbose --no-daemonize
Once that's done, and a "puppet agent --verbose --onetime --server=${srv}"
works fine. Missing files get restored, updated files get distributed.
There are no error messages in the syslog, httpd error log or http access
log. "service httpd configtest" comes back clean. I copied the info from
the passenger.conf file from the pro puppet book (nice book, btw).
Obviously the modules are right or they wouldn't get distributed when
operating under webrick.
The passenger.conf file is included below. I appreciate any
hints/tips/suggestions that anyone could provide.
Doug O'Leary
# cat passenger.conf
LoadModule passenger_module modules/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/share/rubygems/gems/passenger-3.0.21
PassengerRuby /usr/bin/ruby
PassengerHighPerformance on
PassengerUseGlobalQueue on
PassengerMaxPoolSize 6
PassengerMaxRequests 4000
PassengerPoolIdleTime 1800
</IfModule>
### Puppet config
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/pm.olearycomputers.com.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/pm.olearycomputers.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
## Disable following if apachecomplains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
### Optional to allow CSR request; required if certs get distributed
### to clients during provisioning
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
### Client headers record authentication info for downsteam workers
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
<Directory /etc/puppet/rack/puppetmaster/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
