Hi
I hope someone can help me here. I am having problem setting up latest
puppet with passenger. I have set up puppet master on two servers one with
ca authority and one with serving classes. It works fine as far as the
Cerificate signing goes i.e i can see the certificate request comes to CA
server and once i sign it it tries to fetch the catalogue from another
puppet server but i get the following error running $puppet agent -t on
client.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
undefined method `[]' for nil:NilClass on node
I have tried all the wiki pages and everything but had no luck. Can someone
please help me. Following are the config files.
[root@puppet1 ~]# less /etc/httpd/conf.d/puppet.conf
LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.45/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.45
PassengerRuby /usr/bin/ruby
</IfModule>
Listen 8140
<VirtualHost *:8140>
SSLEngine On
SSLProxyEngine On
ProxyPassMatch ^/([^/]+/certificate.*)$
http://puppetca.ashs.internal:8140/$1
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/puppet1.ashs.internal.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/puppet1.ashs.internal.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# SSLCARevocationCheck chain
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it
to none
# which effectively disables CRL checking. If you are using Apache 2.4+
you must
# specify 'SSLCARevocationCheck chain' to actually use the CRL.
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
# Apply the right behavior depending on Apache version.
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
and here is the puppet.conf
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = $vardir/run
ssldir = $vardir/ssl
ca = false
ca_server = mysql0.ashs.internal
ca_name = mysql0.ashs.internal
pluginsync = true
modulepath = /var/lib/puppet
node_terminus = exec
external_nodes = /usr/local/bin/node_classifier
reports = foreman, log
[agent]
classfile = $vardir/classes.txt
One interesting thing i have noticed is that removing
/etc/puppet/puppet.conf or making changes to that file has no effect. it
gives same error message.
Thanks in advance.
Brijesh
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/75e932d9-171c-4dd1-9b0f-26c50a55fd30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.