elementai
2009-Apr-09 12:02 UTC
[Puppet Users] UsingMongrelNginx : Denying unauthenticated client
Good day to you. I''ve closely followed http://reductivelabs.com/trac/puppet/wiki/UsingMongrelNginx Everything is fine until i try puppetd --test on any node, which works when i use default Webrick. It fails and says : # puppetd --test --server puppet.corbina.net info: Loading fact sshkeys info: Retrieving plugins err: Could not call fileserver.list: #<RuntimeError: HTTP-Error: 502 Bad Gateway> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: HTTP-Error: 502 Bad Gateway full log here : http://pastebin.com/f744fd3b9 On puppetmaster side http://pastebin.com/m3e443d1c : notice: Denying unauthenticated client localhost(127.0.0.1) access to fileserver.list /usr/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/processor.rb:42:in `process'' /usr/lib64/ruby/site_ruby/1.8/puppet/network/http_server/mongrel.rb: 111:in `process'' ...<skip> Thu Apr 09 15:57:25 +0400 2009: Read error: #<XMLRPC::FaultException: Host localhost(127.0.0.1) not authoriz ed to call fileserver.list> /usr/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/processor.rb:42:in `process'' All requests come from 127.0.0.1 , also adding 127.0.0.1 to namespaceauth.conf does not help. puppetmaster runs on Gentoo nginx ( v0.6.32 ) config is here : http://pastebin.com/f53962d52 /etc/puppet/puppet.conf ( v0.24.8 ) : http://pastebin.com/f7853ed1d gem list : actionmailer (2.0.2) actionpack (2.0.2) activerecord (2.0.2) activeresource (2.0.2) activesupport (2.3.2, 2.0.2) cgi_multipart_eof_fix (2.5.0) daemons (1.0.10) fastthread (1.0.1) gem_plugin (0.2.3) hobo (0.7.5) hobofields (0.7.5) hobosupport (0.8.5) mislav-will_paginate (2.3.8) mongrel (1.1.5) mongrel_cluster (1.0.5) rails (2.0.2) rake (0.8.3) ruby-augeas (0.2.0) will_paginate (2.2.2) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Brice Figureau
2009-Apr-09 19:07 UTC
[Puppet Users] Re: UsingMongrelNginx : Denying unauthenticated client
On 9/04/09 14:02, elementai wrote:> Good day to you. > > I''ve closely followed http://reductivelabs.com/trac/puppet/wiki/UsingMongrelNginx > > Everything is fine until i try puppetd --test on any node, which works > when i use default Webrick. > It fails and says : > > # puppetd --test --server > puppet.corbina.net > info: Loading fact > sshkeys > info: Retrieving > plugins > err: Could not call fileserver.list: #<RuntimeError: HTTP-Error: 502 > Bad Gateway> > err: /File[/var/lib/puppet/lib]: Failed to generate additional > resources during transaction: HTTP-Error: 502 > Bad > Gateway > > full log here : http://pastebin.com/f744fd3b9 > > On puppetmaster side http://pastebin.com/m3e443d1c : > > notice: Denying unauthenticated client localhost(127.0.0.1) access to > fileserver.list > /usr/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/processor.rb:42:in > `process'' > /usr/lib64/ruby/site_ruby/1.8/puppet/network/http_server/mongrel.rb: > 111:in `process'' > ...<skip> > Thu Apr 09 15:57:25 +0400 2009: Read error: #<XMLRPC::FaultException: > Host localhost(127.0.0.1) not authoriz > ed to call fileserver.list> > /usr/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/processor.rb:42:in > `process'' > > All requests come from 127.0.0.1 , also adding 127.0.0.1 to > namespaceauth.conf does not help. > > puppetmaster runs on Gentoo > nginx ( v0.6.32 ) config is here : http://pastebin.com/f53962d52 > /etc/puppet/puppet.conf ( v0.24.8 ) : http://pastebin.com/f7853ed1dDo you have this puppetmasterd option set: ssl_client_header = HTTP_X_SSL_SUBJECT It is mandatory for mongrel. -- Brice Figureau Days of Wonder http://www.daysofwonder.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
elementai
2009-Apr-10 06:38 UTC
[Puppet Users] Re: UsingMongrelNginx : Denying unauthenticated client
> Do you have this puppetmasterd option set: > ssl_client_header = HTTP_X_SSL_SUBJECT > > It is mandatory for mongrel.Big thanks, it did the trick. Now i see that I could easily figure that myself if i read full documentation carefully, although important data is a bit spread among two pages. Will it help anybody if write thorough gentoo howto ?> -- > Brice Figureau > Days of Wonderhttp://www.daysofwonder.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---