I''m currently upgrading our puppetmaster to 0.25, at first just using the standard webrick install to get the modules working. Both my new 0.25 clients and existing 0.24 clients had no problem connecting. I''ve now changed the puppetmaster over to run under passenger, my 0.24 clients are still connecting, but my 0.25 clients are now getting: err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Do I need to clean all the ssl''s of the 0.25 clients? Thanks, Matt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Noticed I was running passenger 2.2.3 (which did work for 0.24) so I upgraded to 2.2.5. After restarting one of my 0.25 nodes started working, but the other one still gets: warning: peer certificate won''t be verified in this SSL session /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'': Error 403 on SERVER: Forbidden (Net::HTTPError) from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' In the master logs I get a strange error Sep 8 16:20:52 s_local@sl01 puppetmasterd[3581]: Denying access: Forbidden request: sl03.temp.local(192.168.1.110) access to /certificate/ca [find] authenticated at line 0 Sep 8 16:20:52 s_local@sl01 puppetmasterd[3581]: Forbidden request: sl03.temp.local(192.168.1.110) access to /certificate/ca [find] authenticated at line 0 What''s strange is that the DNS name it''s quoting is not the DNS for that IP. 2009/9/8 Matt <mattmoran76@gmail.com>:> I''m currently upgrading our puppetmaster to 0.25, at first just using > the standard webrick install to get the modules working. > Both my new 0.25 clients and existing 0.24 clients had no problem connecting. > > I''ve now changed the puppetmaster over to run under passenger, my 0.24 > clients are still connecting, but my 0.25 clients are now getting: > > err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Do I need to clean all the ssl''s of the 0.25 clients? > > Thanks, > > Matt >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I''m going to start a fresh with the puppetmaster install :-) 2009/9/8 Matt <mattmoran76@gmail.com>:> Noticed I was running passenger 2.2.3 (which did work for 0.24) so I > upgraded to 2.2.5. > > After restarting one of my 0.25 nodes started working, but the other > one still gets: > > warning: peer certificate won''t be verified in this SSL session > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in > `deserialize'': Error 403 on SERVER: Forbidden (Net::HTTPError) > from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' > > In the master logs I get a strange error > Sep 8 16:20:52 s_local@sl01 puppetmasterd[3581]: Denying access: > Forbidden request: sl03.temp.local(192.168.1.110) access to > /certificate/ca [find] authenticated at line 0 > Sep 8 16:20:52 s_local@sl01 puppetmasterd[3581]: Forbidden request: > sl03.temp.local(192.168.1.110) access to /certificate/ca [find] > authenticated at line 0 > > What''s strange is that the DNS name it''s quoting is not the DNS for that IP. > > 2009/9/8 Matt <mattmoran76@gmail.com>: >> I''m currently upgrading our puppetmaster to 0.25, at first just using >> the standard webrick install to get the modules working. >> Both my new 0.25 clients and existing 0.24 clients had no problem connecting. >> >> I''ve now changed the puppetmaster over to run under passenger, my 0.24 >> clients are still connecting, but my 0.25 clients are now getting: >> >> err: Could not retrieve catalog from remote server: Error 403 on >> SERVER: Forbidden >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> Do I need to clean all the ssl''s of the 0.25 clients? >> >> Thanks, >> >> Matt >> >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
AFAIK this is the result of a known bug in Passenger 2.2.3 and newer. ext/rack/README states:> *** Important note about Passenger versions: > 2.2.2 is known to work. > 2.2.3-2.2.4 are known to *NOT* work. > 2.2.5 (when it is released) is expected to work properly again.You should probably downgrade to 2.2.2, and if that works you might try upgrading to 2.2.5 and see if that works. If it does (or not), please report back :) Christian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
hmm passenger 2.2.5 is released? hmm I''ll have to test it out. -L -- Larry Ludwig Reductive Labs --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Reverting back to the passenger 2.2.2 gem worked for me. 2009/9/8 Larry Ludwig <larry@reductivelabs.com>:> > hmm passenger 2.2.5 is released? hmm I''ll have to test it out. > > -L > > -- > Larry Ludwig > Reductive Labs > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I am seeing this problem as well. Reverting from 2.2.5 to 2.2.2 did not help. On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote:> Reverting back to the passenger 2.2.2 gem worked for me. > > 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: > > > > > hmm passenger 2.2.5 is released? hmm I''ll have to test it out. > > > -L > > > -- > > Larry Ludwig > > Reductive Labs--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I''m seeing this as well, and have some info that may be useful. For me the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or the puppetmasterd daemon directly. I started with exactly the auth.conf from here: http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf When I run the puppetmasterd in --no-daemon --debug mode, I see this when the client connects: info: access[^/catalog/([^/]+)$]: allowing ''method'' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing ''method'' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing ''method'' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing ''method'' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing ''method'' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing ''method'' find info: access[/certificate_request]: allowing ''method'' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: access[^/catalog/([^/]+)$]: defaulting to no access for 01.admin.demo.nym1 warning: Denying access: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 Lines 51 through 54 of the auth.conf: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 When I change ''allow $1'' to ''allow *'', the client is able to connect and it successfully ran my manifest. If I change my allow line to ''allow fakesstringhere'', I see this: info: access[^/catalog/([^/]+)$]: allowing fakestringhere access When I change it back to ''allow $1'': info: access[^/catalog/([^/]+)$]: allowing $1 access It seems like the regex capture of (^[/]+) isn''t being stored in $1, and $1 is being used literally instead of substituting in the value from the regex? In case versions are interesting, I''m using CentOS 5 with the rpms found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ puppet-0.25.0-0.4.el5.noarch puppet-server-0.25.0-0.4.el5.noarch ruby-1.8.5-5.el5_3.7.x86_64 ruby-augeas-0.3.0-1.el5.x86_64 ruby-devel-1.8.5-5.el5_3.7.x86_64 rubygems-1.3.1-1.el5.noarch ruby-irb-1.8.5-5.el5_3.7.x86_64 ruby-libs-1.8.5-5.el5_3.7.x86_64 ruby-rdoc-1.8.5-5.el5_3.7.x86_64 ruby-shadow-1.4.1-7.el5.x86_64 ruby gem info (although passenger is out of the mix): fastthread (1.0.7) passenger (2.2.2) rack (1.0.0) rake (0.8.7) Pete On Wed, Sep 9, 2009 at 11:30 AM, jrojas <jason@nothingbeatsaduck.com> wrote:> > I am seeing this problem as well. > Reverting from 2.2.5 to 2.2.2 did not help. > > > On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >> Reverting back to the passenger 2.2.2 gem worked for me. >> >> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >> >> >> >> > hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >> >> > -L >> >> > -- >> > Larry Ludwig >> > Reductive Labs > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Can you file this as a bug, and add all of this logging data to it? On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote:> > I''m seeing this as well, and have some info that may be useful. For me > the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or > the puppetmasterd daemon directly. > > I started with exactly the auth.conf from here: > > http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf > > When I run the puppetmasterd in --no-daemon --debug mode, I see this > when the client connects: > > info: access[^/catalog/([^/]+)$]: allowing ''method'' find > info: access[^/catalog/([^/]+)$]: allowing $1 access > info: access[/certificate_revocation_list/ca]: allowing ''method'' find > info: access[/certificate_revocation_list/ca]: allowing * access > info: access[/report]: allowing ''method'' save > info: access[/report]: allowing * access > info: access[/file]: allowing * access > info: access[/certificate/ca]: adding authentication no > info: access[/certificate/ca]: allowing ''method'' find > info: access[/certificate/ca]: allowing * access > info: access[/certificate/]: adding authentication no > info: access[/certificate/]: allowing ''method'' find > info: access[/certificate/]: allowing * access > info: access[/certificate_request]: adding authentication no > info: access[/certificate_request]: allowing ''method'' find > info: access[/certificate_request]: allowing ''method'' save > info: access[/certificate_request]: allowing * access > info: access[/]: adding authentication any > info: access[^/catalog/([^/]+)$]: defaulting to no access for > 01.admin.demo.nym1 > warning: Denying access: Forbidden request: > 01.admin.demo.nym1(my.ip.address.here) access to > /catalog/01.admin.demo.nym1 [find] authenticated at line 52 > err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access > to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 > > Lines 51 through 54 of the auth.conf: > > # allow nodes to retrieve their own catalog (ie their configuration) > path ~ ^/catalog/([^/]+)$ > method find > allow $1 > > When I change ''allow $1'' to ''allow *'', the client is able to connect > and it successfully ran my manifest. > > If I change my allow line to ''allow fakesstringhere'', I see this: > > info: access[^/catalog/([^/]+)$]: allowing fakestringhere access > > When I change it back to ''allow $1'': > > info: access[^/catalog/([^/]+)$]: allowing $1 access > > It seems like the regex capture of (^[/]+) isn''t being stored in $1, > and $1 is being used literally instead of substituting in the value > from the regex? > > In case versions are interesting, I''m using CentOS 5 with the rpms > found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ > > puppet-0.25.0-0.4.el5.noarch > puppet-server-0.25.0-0.4.el5.noarch > ruby-1.8.5-5.el5_3.7.x86_64 > ruby-augeas-0.3.0-1.el5.x86_64 > ruby-devel-1.8.5-5.el5_3.7.x86_64 > rubygems-1.3.1-1.el5.noarch > ruby-irb-1.8.5-5.el5_3.7.x86_64 > ruby-libs-1.8.5-5.el5_3.7.x86_64 > ruby-rdoc-1.8.5-5.el5_3.7.x86_64 > ruby-shadow-1.4.1-7.el5.x86_64 > > ruby gem info (although passenger is out of the mix): > fastthread (1.0.7) > passenger (2.2.2) > rack (1.0.0) > rake (0.8.7) > > Pete > > > On Wed, Sep 9, 2009 at 11:30 AM, jrojas > <jason@nothingbeatsaduck.com> wrote: >> >> I am seeing this problem as well. >> Reverting from 2.2.5 to 2.2.2 did not help. >> >> >> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>> Reverting back to the passenger 2.2.2 gem worked for me. >>> >>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>> >>> >>> >>>> hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >>> >>>> -L >>> >>>> -- >>>> Larry Ludwig >>>> Reductive Labs >>> >> > > >-- It is well to remember that the entire universe, with one trifling exception, is composed of others. --John Andrew Holmes --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Done. The issue is now posted here, and I added --trace to my puppetmasterd arguments to provide more info. http://projects.reductivelabs.com/issues/2620 Pete On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <luke@madstop.com> wrote:> > Can you file this as a bug, and add all of this logging data to it? > > On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: > >> >> I''m seeing this as well, and have some info that may be useful. For me >> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >> the puppetmasterd daemon directly. >> >> I started with exactly the auth.conf from here: >> >> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >> >> When I run the puppetmasterd in --no-daemon --debug mode, I see this >> when the client connects: >> >> info: access[^/catalog/([^/]+)$]: allowing ''method'' find >> info: access[^/catalog/([^/]+)$]: allowing $1 access >> info: access[/certificate_revocation_list/ca]: allowing ''method'' find >> info: access[/certificate_revocation_list/ca]: allowing * access >> info: access[/report]: allowing ''method'' save >> info: access[/report]: allowing * access >> info: access[/file]: allowing * access >> info: access[/certificate/ca]: adding authentication no >> info: access[/certificate/ca]: allowing ''method'' find >> info: access[/certificate/ca]: allowing * access >> info: access[/certificate/]: adding authentication no >> info: access[/certificate/]: allowing ''method'' find >> info: access[/certificate/]: allowing * access >> info: access[/certificate_request]: adding authentication no >> info: access[/certificate_request]: allowing ''method'' find >> info: access[/certificate_request]: allowing ''method'' save >> info: access[/certificate_request]: allowing * access >> info: access[/]: adding authentication any >> info: access[^/catalog/([^/]+)$]: defaulting to no access for >> 01.admin.demo.nym1 >> warning: Denying access: Forbidden request: >> 01.admin.demo.nym1(my.ip.address.here) access to >> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >> >> Lines 51 through 54 of the auth.conf: >> >> # allow nodes to retrieve their own catalog (ie their configuration) >> path ~ ^/catalog/([^/]+)$ >> method find >> allow $1 >> >> When I change ''allow $1'' to ''allow *'', the client is able to connect >> and it successfully ran my manifest. >> >> If I change my allow line to ''allow fakesstringhere'', I see this: >> >> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >> >> When I change it back to ''allow $1'': >> >> info: access[^/catalog/([^/]+)$]: allowing $1 access >> >> It seems like the regex capture of (^[/]+) isn''t being stored in $1, >> and $1 is being used literally instead of substituting in the value >> from the regex? >> >> In case versions are interesting, I''m using CentOS 5 with the rpms >> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >> >> puppet-0.25.0-0.4.el5.noarch >> puppet-server-0.25.0-0.4.el5.noarch >> ruby-1.8.5-5.el5_3.7.x86_64 >> ruby-augeas-0.3.0-1.el5.x86_64 >> ruby-devel-1.8.5-5.el5_3.7.x86_64 >> rubygems-1.3.1-1.el5.noarch >> ruby-irb-1.8.5-5.el5_3.7.x86_64 >> ruby-libs-1.8.5-5.el5_3.7.x86_64 >> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >> ruby-shadow-1.4.1-7.el5.x86_64 >> >> ruby gem info (although passenger is out of the mix): >> fastthread (1.0.7) >> passenger (2.2.2) >> rack (1.0.0) >> rake (0.8.7) >> >> Pete >> >> >> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >> <jason@nothingbeatsaduck.com> wrote: >>> >>> I am seeing this problem as well. >>> Reverting from 2.2.5 to 2.2.2 did not help. >>> >>> >>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>> >>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>> >>>> >>>> >>>>> hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >>>> >>>>> -L >>>> >>>>> -- >>>>> Larry Ludwig >>>>> Reductive Labs >>>> >>> >> >> > > > > -- > It is well to remember that the entire universe, with one trifling > exception, is composed of others. --John Andrew Holmes > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I have similar issues with passenger 2.2.5.
Now I am trying to downgrade passenger to 2.2.2
gem install passenger -v 2.2.2
This will install 2.2.2, but the passenger 2.2.5 remains installed?
Than I noticed that the install process, still use 2.2.5!
passenger-install-apache2-module
So how can I remove passenger 2.2.5 ?
Pete Emerson schrieb:> Done. The issue is now posted here, and I added --trace to my
> puppetmasterd arguments to provide more info.
>
> http://projects.reductivelabs.com/issues/2620
>
> Pete
>
> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <luke@madstop.com> wrote:
>
>> Can you file this as a bug, and add all of this logging data to it?
>>
>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote:
>>
>>
>>> I''m seeing this as well, and have some info that may be
useful. For me
>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2,
or
>>> the puppetmasterd daemon directly.
>>>
>>> I started with exactly the auth.conf from here:
>>>
>>>
http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf
>>>
>>> When I run the puppetmasterd in --no-daemon --debug mode, I see
this
>>> when the client connects:
>>>
>>> info: access[^/catalog/([^/]+)$]: allowing
''method'' find
>>> info: access[^/catalog/([^/]+)$]: allowing $1 access
>>> info: access[/certificate_revocation_list/ca]: allowing
''method'' find
>>> info: access[/certificate_revocation_list/ca]: allowing * access
>>> info: access[/report]: allowing ''method'' save
>>> info: access[/report]: allowing * access
>>> info: access[/file]: allowing * access
>>> info: access[/certificate/ca]: adding authentication no
>>> info: access[/certificate/ca]: allowing ''method''
find
>>> info: access[/certificate/ca]: allowing * access
>>> info: access[/certificate/]: adding authentication no
>>> info: access[/certificate/]: allowing ''method''
find
>>> info: access[/certificate/]: allowing * access
>>> info: access[/certificate_request]: adding authentication no
>>> info: access[/certificate_request]: allowing
''method'' find
>>> info: access[/certificate_request]: allowing
''method'' save
>>> info: access[/certificate_request]: allowing * access
>>> info: access[/]: adding authentication any
>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for
>>> 01.admin.demo.nym1
>>> warning: Denying access: Forbidden request:
>>> 01.admin.demo.nym1(my.ip.address.here) access to
>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52
>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here)
access
>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52
>>>
>>> Lines 51 through 54 of the auth.conf:
>>>
>>> # allow nodes to retrieve their own catalog (ie their
configuration)
>>> path ~ ^/catalog/([^/]+)$
>>> method find
>>> allow $1
>>>
>>> When I change ''allow $1'' to ''allow
*'', the client is able to connect
>>> and it successfully ran my manifest.
>>>
>>> If I change my allow line to ''allow
fakesstringhere'', I see this:
>>>
>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access
>>>
>>> When I change it back to ''allow $1'':
>>>
>>> info: access[^/catalog/([^/]+)$]: allowing $1 access
>>>
>>> It seems like the regex capture of (^[/]+) isn''t being
stored in $1,
>>> and $1 is being used literally instead of substituting in the value
>>> from the regex?
>>>
>>> In case versions are interesting, I''m using CentOS 5 with
the rpms
>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/
>>>
>>> puppet-0.25.0-0.4.el5.noarch
>>> puppet-server-0.25.0-0.4.el5.noarch
>>> ruby-1.8.5-5.el5_3.7.x86_64
>>> ruby-augeas-0.3.0-1.el5.x86_64
>>> ruby-devel-1.8.5-5.el5_3.7.x86_64
>>> rubygems-1.3.1-1.el5.noarch
>>> ruby-irb-1.8.5-5.el5_3.7.x86_64
>>> ruby-libs-1.8.5-5.el5_3.7.x86_64
>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64
>>> ruby-shadow-1.4.1-7.el5.x86_64
>>>
>>> ruby gem info (although passenger is out of the mix):
>>> fastthread (1.0.7)
>>> passenger (2.2.2)
>>> rack (1.0.0)
>>> rake (0.8.7)
>>>
>>> Pete
>>>
>>>
>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas
>>> <jason@nothingbeatsaduck.com> wrote:
>>>
>>>> I am seeing this problem as well.
>>>> Reverting from 2.2.5 to 2.2.2 did not help.
>>>>
>>>>
>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote:
>>>>
>>>>> Reverting back to the passenger 2.2.2 gem worked for me.
>>>>>
>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> hmm passenger 2.2.5 is released? hmm I''ll
have to test it out.
>>>>>>
>>>>>> -L
>>>>>>
>>>>>> --
>>>>>> Larry Ludwig
>>>>>> Reductive Labs
>>>>>>
>> --
>> It is well to remember that the entire universe, with one trifling
>> exception, is composed of others. --John Andrew Holmes
>> ---------------------------------------------------------------------
>> Luke Kanies | http://reductivelabs.com | http://madstop.com
>>
>>
>>
>
> >
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the passenger apache module, then removed all traces of puppet includes certs. Installed puppet 0.25 rpms, set up the config.ru and all worked. 2009/9/10 philipp Hanselmann <philipp.hanselmann@gmail.com>:> > philipp Hanselmann schrieb: >> I have similar issues with passenger 2.2.5. >> >> Now I am trying to downgrade passenger to 2.2.2 >> gem install passenger -v 2.2.2 >> >> This will install 2.2.2, but the passenger 2.2.5 remains installed? >> >> Than I noticed that the install process, still use 2.2.5! >> passenger-install-apache2-module >> >> >> So how can I remove passenger 2.2.5 ? >> >> > Ok. I found it by myself .. > gem uninstall passenger -v 2.2.5 > > > >> >> >> Pete Emerson schrieb: >>> Done. The issue is now posted here, and I added --trace to my >>> puppetmasterd arguments to provide more info. >>> >>> http://projects.reductivelabs.com/issues/2620 >>> >>> Pete >>> >>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <luke@madstop.com> wrote: >>> >>>> Can you file this as a bug, and add all of this logging data to it? >>>> >>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>> >>>> >>>>> I''m seeing this as well, and have some info that may be useful. For me >>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>> the puppetmasterd daemon directly. >>>>> >>>>> I started with exactly the auth.conf from here: >>>>> >>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>> >>>>> >>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>> when the client connects: >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing ''method'' find >>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>> info: access[/certificate_revocation_list/ca]: allowing ''method'' find >>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>> info: access[/report]: allowing ''method'' save >>>>> info: access[/report]: allowing * access >>>>> info: access[/file]: allowing * access >>>>> info: access[/certificate/ca]: adding authentication no >>>>> info: access[/certificate/ca]: allowing ''method'' find >>>>> info: access[/certificate/ca]: allowing * access >>>>> info: access[/certificate/]: adding authentication no >>>>> info: access[/certificate/]: allowing ''method'' find >>>>> info: access[/certificate/]: allowing * access >>>>> info: access[/certificate_request]: adding authentication no >>>>> info: access[/certificate_request]: allowing ''method'' find >>>>> info: access[/certificate_request]: allowing ''method'' save >>>>> info: access[/certificate_request]: allowing * access >>>>> info: access[/]: adding authentication any >>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>> 01.admin.demo.nym1 >>>>> warning: Denying access: Forbidden request: >>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>> >>>>> Lines 51 through 54 of the auth.conf: >>>>> >>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>> path ~ ^/catalog/([^/]+)$ >>>>> method find >>>>> allow $1 >>>>> >>>>> When I change ''allow $1'' to ''allow *'', the client is able to connect >>>>> and it successfully ran my manifest. >>>>> >>>>> If I change my allow line to ''allow fakesstringhere'', I see this: >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>> >>>>> When I change it back to ''allow $1'': >>>>> >>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>> >>>>> It seems like the regex capture of (^[/]+) isn''t being stored in $1, >>>>> and $1 is being used literally instead of substituting in the value >>>>> from the regex? >>>>> >>>>> In case versions are interesting, I''m using CentOS 5 with the rpms >>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>> >>>>> puppet-0.25.0-0.4.el5.noarch >>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>> rubygems-1.3.1-1.el5.noarch >>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>> >>>>> ruby gem info (although passenger is out of the mix): >>>>> fastthread (1.0.7) >>>>> passenger (2.2.2) >>>>> rack (1.0.0) >>>>> rake (0.8.7) >>>>> >>>>> Pete >>>>> >>>>> >>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>> <jason@nothingbeatsaduck.com> wrote: >>>>> >>>>>> I am seeing this problem as well. >>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>> >>>>>> >>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>> >>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>> >>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >>>>>>>> -L >>>>>>>> -- >>>>>>>> Larry Ludwig >>>>>>>> Reductive Labs >>>>>>>> >>>> -- >>>> It is well to remember that the entire universe, with one trifling >>>> exception, is composed of others. --John Andrew Holmes >>>> --------------------------------------------------------------------- >>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>> >>>> >>>> >>> >>> >> >>> >>> >> >> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Matt schrieb:> For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the > passenger apache module, then removed all traces of puppet includes > certs. > > Installed puppet 0.25 rpms, set up the config.ru and all worked. >And the /etc/httpd/conf.d/puppet.conf ? Have you edited that file after the installation of 0.25 ?> 2009/9/10 philipp Hanselmann <philipp.hanselmann@gmail.com>: > >> philipp Hanselmann schrieb: >> >>> I have similar issues with passenger 2.2.5. >>> >>> Now I am trying to downgrade passenger to 2.2.2 >>> gem install passenger -v 2.2.2 >>> >>> This will install 2.2.2, but the passenger 2.2.5 remains installed? >>> >>> Than I noticed that the install process, still use 2.2.5! >>> passenger-install-apache2-module >>> >>> >>> So how can I remove passenger 2.2.5 ? >>> >>> >>> >> Ok. I found it by myself .. >> gem uninstall passenger -v 2.2.5 >> >> >> >> >>> Pete Emerson schrieb: >>> >>>> Done. The issue is now posted here, and I added --trace to my >>>> puppetmasterd arguments to provide more info. >>>> >>>> http://projects.reductivelabs.com/issues/2620 >>>> >>>> Pete >>>> >>>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <luke@madstop.com> wrote: >>>> >>>> >>>>> Can you file this as a bug, and add all of this logging data to it? >>>>> >>>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>>> >>>>> >>>>> >>>>>> I''m seeing this as well, and have some info that may be useful. For me >>>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>>> the puppetmasterd daemon directly. >>>>>> >>>>>> I started with exactly the auth.conf from here: >>>>>> >>>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>>> >>>>>> >>>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>>> when the client connects: >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing ''method'' find >>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>> info: access[/certificate_revocation_list/ca]: allowing ''method'' find >>>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>>> info: access[/report]: allowing ''method'' save >>>>>> info: access[/report]: allowing * access >>>>>> info: access[/file]: allowing * access >>>>>> info: access[/certificate/ca]: adding authentication no >>>>>> info: access[/certificate/ca]: allowing ''method'' find >>>>>> info: access[/certificate/ca]: allowing * access >>>>>> info: access[/certificate/]: adding authentication no >>>>>> info: access[/certificate/]: allowing ''method'' find >>>>>> info: access[/certificate/]: allowing * access >>>>>> info: access[/certificate_request]: adding authentication no >>>>>> info: access[/certificate_request]: allowing ''method'' find >>>>>> info: access[/certificate_request]: allowing ''method'' save >>>>>> info: access[/certificate_request]: allowing * access >>>>>> info: access[/]: adding authentication any >>>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>>> 01.admin.demo.nym1 >>>>>> warning: Denying access: Forbidden request: >>>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>> >>>>>> Lines 51 through 54 of the auth.conf: >>>>>> >>>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>>> path ~ ^/catalog/([^/]+)$ >>>>>> method find >>>>>> allow $1 >>>>>> >>>>>> When I change ''allow $1'' to ''allow *'', the client is able to connect >>>>>> and it successfully ran my manifest. >>>>>> >>>>>> If I change my allow line to ''allow fakesstringhere'', I see this: >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>>> >>>>>> When I change it back to ''allow $1'': >>>>>> >>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>> >>>>>> It seems like the regex capture of (^[/]+) isn''t being stored in $1, >>>>>> and $1 is being used literally instead of substituting in the value >>>>>> from the regex? >>>>>> >>>>>> In case versions are interesting, I''m using CentOS 5 with the rpms >>>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>>> >>>>>> puppet-0.25.0-0.4.el5.noarch >>>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>>> rubygems-1.3.1-1.el5.noarch >>>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>>> >>>>>> ruby gem info (although passenger is out of the mix): >>>>>> fastthread (1.0.7) >>>>>> passenger (2.2.2) >>>>>> rack (1.0.0) >>>>>> rake (0.8.7) >>>>>> >>>>>> Pete >>>>>> >>>>>> >>>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>>> <jason@nothingbeatsaduck.com> wrote: >>>>>> >>>>>> >>>>>>> I am seeing this problem as well. >>>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>>> >>>>>>> >>>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>>> >>>>>>> >>>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>>> >>>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >>>>>>>>> -L >>>>>>>>> -- >>>>>>>>> Larry Ludwig >>>>>>>>> Reductive Labs >>>>>>>>> >>>>>>>>> >>>>> -- >>>>> It is well to remember that the entire universe, with one trifling >>>>> exception, is composed of others. --John Andrew Holmes >>>>> --------------------------------------------------------------------- >>>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>>> >>>>> >>>>> >>>>> >>>> >>> >> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 9, 8:30 pm, jrojas <ja...@nothingbeatsaduck.com> wrote:> I am seeing this problem as well. > Reverting from 2.2.5 to 2.2.2 did not help.I''ve now done some tests with 2.2.5 and did not find any obvious problems - so, if you are seeing a problem with 2.2.5, please try to reproduce it with webrick. If it persists, it''s not a Passenger related bug. In any case please file bugs, but see #2516, #2517 and #2620 first. Thanks, Christian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 12, 11:51 pm, Christian Hofstaedtler <ch+...@zeha.at> wrote:> On Sep 9, 8:30 pm, jrojas <ja...@nothingbeatsaduck.com> wrote: > > > I am seeing this problem as well. > > Reverting from 2.2.5 to 2.2.2 did not help. > > I''ve now done some tests with 2.2.5 and did not find any obvious > problems - so, if you are seeing a problem with 2.2.5, please try to > reproduce it with webrick. If it persists, it''s not a Passenger > related bug. In any case please file bugs, but see #2516, #2517 and > #2620 first.Those bug numbers were wrong. Please check those: "Bug #2617: Problem with certs upgrading puppetmaster to 0.25.0" "Bug #2619: Fresh 0.25.0 client cannot ''authenticate'' to 0.25.0 puppetmaster." "Bug #2620: Regex problem in puppetmaster auth.conf"> > Thanks, > Christian--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I used the example one from 0.25 - changed the hostname for the cert, and the path for the DocumentRoot/Directory. 2009/9/11 philipp Hanselmann <philipp.hanselmann@gmail.com>:> > Matt schrieb: >> For info - I removed passenger 2.2.5, installed 2.2.2 - rebuilt the >> passenger apache module, then removed all traces of puppet includes >> certs. >> >> Installed puppet 0.25 rpms, set up the config.ru and all worked. >> > > And the /etc/httpd/conf.d/puppet.conf ? > Have you edited that file after the installation of 0.25 ? >> 2009/9/10 philipp Hanselmann <philipp.hanselmann@gmail.com>: >> >>> philipp Hanselmann schrieb: >>> >>>> I have similar issues with passenger 2.2.5. >>>> >>>> Now I am trying to downgrade passenger to 2.2.2 >>>> gem install passenger -v 2.2.2 >>>> >>>> This will install 2.2.2, but the passenger 2.2.5 remains installed? >>>> >>>> Than I noticed that the install process, still use 2.2.5! >>>> passenger-install-apache2-module >>>> >>>> >>>> So how can I remove passenger 2.2.5 ? >>>> >>>> >>>> >>> Ok. I found it by myself .. >>> gem uninstall passenger -v 2.2.5 >>> >>> >>> >>> >>>> Pete Emerson schrieb: >>>> >>>>> Done. The issue is now posted here, and I added --trace to my >>>>> puppetmasterd arguments to provide more info. >>>>> >>>>> http://projects.reductivelabs.com/issues/2620 >>>>> >>>>> Pete >>>>> >>>>> On Wed, Sep 9, 2009 at 4:29 PM, Luke Kanies <luke@madstop.com> wrote: >>>>> >>>>> >>>>>> Can you file this as a bug, and add all of this logging data to it? >>>>>> >>>>>> On Sep 9, 2009, at 3:58 PM, Pete Emerson wrote: >>>>>> >>>>>> >>>>>> >>>>>>> I''m seeing this as well, and have some info that may be useful. For me >>>>>>> the problem happens whether I use passenger-2.2.5, passenger-2.2.2, or >>>>>>> the puppetmasterd daemon directly. >>>>>>> >>>>>>> I started with exactly the auth.conf from here: >>>>>>> >>>>>>> http://github.com/reductivelabs/puppet/blob/c2e26b9bb28ebcb8e07822015f99bd6a971b51c8/conf/auth.conf >>>>>>> >>>>>>> >>>>>>> When I run the puppetmasterd in --no-daemon --debug mode, I see this >>>>>>> when the client connects: >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing ''method'' find >>>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>>> info: access[/certificate_revocation_list/ca]: allowing ''method'' find >>>>>>> info: access[/certificate_revocation_list/ca]: allowing * access >>>>>>> info: access[/report]: allowing ''method'' save >>>>>>> info: access[/report]: allowing * access >>>>>>> info: access[/file]: allowing * access >>>>>>> info: access[/certificate/ca]: adding authentication no >>>>>>> info: access[/certificate/ca]: allowing ''method'' find >>>>>>> info: access[/certificate/ca]: allowing * access >>>>>>> info: access[/certificate/]: adding authentication no >>>>>>> info: access[/certificate/]: allowing ''method'' find >>>>>>> info: access[/certificate/]: allowing * access >>>>>>> info: access[/certificate_request]: adding authentication no >>>>>>> info: access[/certificate_request]: allowing ''method'' find >>>>>>> info: access[/certificate_request]: allowing ''method'' save >>>>>>> info: access[/certificate_request]: allowing * access >>>>>>> info: access[/]: adding authentication any >>>>>>> info: access[^/catalog/([^/]+)$]: defaulting to no access for >>>>>>> 01.admin.demo.nym1 >>>>>>> warning: Denying access: Forbidden request: >>>>>>> 01.admin.demo.nym1(my.ip.address.here) access to >>>>>>> /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>>> err: Forbidden request: 01.admin.demo.nym1(my.ip.address.here) access >>>>>>> to /catalog/01.admin.demo.nym1 [find] authenticated at line 52 >>>>>>> >>>>>>> Lines 51 through 54 of the auth.conf: >>>>>>> >>>>>>> # allow nodes to retrieve their own catalog (ie their configuration) >>>>>>> path ~ ^/catalog/([^/]+)$ >>>>>>> method find >>>>>>> allow $1 >>>>>>> >>>>>>> When I change ''allow $1'' to ''allow *'', the client is able to connect >>>>>>> and it successfully ran my manifest. >>>>>>> >>>>>>> If I change my allow line to ''allow fakesstringhere'', I see this: >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing fakestringhere access >>>>>>> >>>>>>> When I change it back to ''allow $1'': >>>>>>> >>>>>>> info: access[^/catalog/([^/]+)$]: allowing $1 access >>>>>>> >>>>>>> It seems like the regex capture of (^[/]+) isn''t being stored in $1, >>>>>>> and $1 is being used literally instead of substituting in the value >>>>>>> from the regex? >>>>>>> >>>>>>> In case versions are interesting, I''m using CentOS 5 with the rpms >>>>>>> found at http://tmz.fedorapeople.org/repo/puppet/epel/5/x86_64/ >>>>>>> >>>>>>> puppet-0.25.0-0.4.el5.noarch >>>>>>> puppet-server-0.25.0-0.4.el5.noarch >>>>>>> ruby-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-augeas-0.3.0-1.el5.x86_64 >>>>>>> ruby-devel-1.8.5-5.el5_3.7.x86_64 >>>>>>> rubygems-1.3.1-1.el5.noarch >>>>>>> ruby-irb-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-libs-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-rdoc-1.8.5-5.el5_3.7.x86_64 >>>>>>> ruby-shadow-1.4.1-7.el5.x86_64 >>>>>>> >>>>>>> ruby gem info (although passenger is out of the mix): >>>>>>> fastthread (1.0.7) >>>>>>> passenger (2.2.2) >>>>>>> rack (1.0.0) >>>>>>> rake (0.8.7) >>>>>>> >>>>>>> Pete >>>>>>> >>>>>>> >>>>>>> On Wed, Sep 9, 2009 at 11:30 AM, jrojas >>>>>>> <jason@nothingbeatsaduck.com> wrote: >>>>>>> >>>>>>> >>>>>>>> I am seeing this problem as well. >>>>>>>> Reverting from 2.2.5 to 2.2.2 did not help. >>>>>>>> >>>>>>>> >>>>>>>> On Sep 9, 9:12 am, Matt <mattmora...@gmail.com> wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Reverting back to the passenger 2.2.2 gem worked for me. >>>>>>>>> >>>>>>>>> 2009/9/8 Larry Ludwig <la...@reductivelabs.com>: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> hmm passenger 2.2.5 is released? hmm I''ll have to test it out. >>>>>>>>>> -L >>>>>>>>>> -- >>>>>>>>>> Larry Ludwig >>>>>>>>>> Reductive Labs >>>>>>>>>> >>>>>>>>>> >>>>>> -- >>>>>> It is well to remember that the entire universe, with one trifling >>>>>> exception, is composed of others. --John Andrew Holmes >>>>>> --------------------------------------------------------------------- >>>>>> Luke Kanies | http://reductivelabs.com | http://madstop.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >> > >> >> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---