Christophe Bonnaud
2010-Feb-08 09:18 UTC
[Puppet Users] error on puppet 25.4 with passenger 2.2.2
Hi all, I''ve just installed a puppet version 25.4 (I was using before version 24.5 without any trouble) when I test the installation using webrick, it''s working fine. A client can connect to the master and do whatever it have to do. When I switch to passenger, I have the following message: err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: wn1002.sdfarm.kr(134.75.123.102) access to / catalog/wn1002.sdfarm.kr [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run so I have obviously an authorization problem, but i cannot find the solution to this problem... I had a look on google but this kind of problems seems to happen usually with certificates problems which should not be the case here since every thing is working fine without passenger... Does anyone have a suggestion? Thanks, Bonnaud Christophe. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Aaron Schaefer
2010-Feb-08 21:20 UTC
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 8, 3:18 am, Christophe Bonnaud <takyo...@hotmail.com> wrote:> so I have obviously an authorization problem, but i cannot find the > solution to this problem... > > Does anyone have a suggestion?I''ve seen the same thing with my setup...the solution for me was to put the "RequestHeader" lines found on the Puppet Passenger wiki page (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my Apache virtual host config: RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e ...not sure why that section isn''t included in the provided template (./ext/rack/files/apache2.conf) from the puppet sources (I''m using v0.25.4), but adding them fixed things up for me. Note that I also don''t have an auth.conf file, and even if I add one and take these lines out, I''m back to getting the "err: Could not retrieve catalog from remote server: Error 403 on SERVER:" message. Hope that helps! -- Aaron "ElasticDog" Schaefer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christophe Bonnaud
2010-Feb-09 00:20 UTC
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 9, 6:20 am, Aaron Schaefer <aaronschae...@gmail.com> wrote:> On Feb 8, 3:18 am, Christophe Bonnaud <takyo...@hotmail.com> wrote: > > > so I have obviously an authorization problem, but i cannot find the > > solution to this problem... > > > Does anyone have a suggestion? > > I''ve seen the same thing with my setup...the solution for me was to > put the "RequestHeader" lines found on the Puppet Passenger wiki page > (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my > Apache virtual host config: > > RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > ...not sure why that section isn''t included in the provided template > (./ext/rack/files/apache2.conf) from the puppet sources (I''m using > v0.25.4), but adding them fixed things up for me. Note that I also > don''t have an auth.conf file, and even if I add one and take these > lines out, I''m back to getting the "err: Could not retrieve catalog > from remote server: Error 403 on SERVER:" message. Hope that helps!Indeed this was the solution... thanks so much for your help!! I''m agree it''s strange that those lines are not in the provided template... Anyone know why?> > -- > Aaron "ElasticDog" Schaefer-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Eric Sorenson
2010-Feb-09 00:50 UTC
Re: [Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote:>> I''ve seen the same thing with my setup...the solution for me was to >> put the "RequestHeader" lines found on the Puppet Passenger wiki page >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my >> Apache virtual host config: >> >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e >> >> ...not sure why that section isn''t included in the provided template >> (./ext/rack/files/apache2.conf) from the puppet sources (I''m using >> v0.25.4), but adding them fixed things up for me. Note that I also >> don''t have an auth.conf file, and even if I add one and take these >> lines out, I''m back to getting the "err: Could not retrieve catalog >> from remote server: Error 403 on SERVER:" message. Hope that helps! > > Indeed this was the solution... thanks so much for your help!! > I''m agree it''s strange that those lines are not in the provided > template... > Anyone know why?The documented suggestion -- though I agree it''s not on the wiki page; once we resolve this question here I''d be happy to update UsingPassenger this as I''ve just gone through it myself -- is to go at it from the other direction. Instead of changing apache to match puppet''s defaults, you tell puppet the names of the apache variables: (from ext/rack/README) Required puppet.conf settings: [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY Then the required httpd.conf line is just SSLOptions +StdEnvVars which *is* in the config file in the distribution. I''m not enough of an expert to know whether one is preferable to the other, though. -=Eric -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christophe Bonnaud
2010-Feb-09 07:54 UTC
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 9, 9:50 am, Eric Sorenson <ahp...@gmail.com> wrote:> On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote: > > > > > > >> I''ve seen the same thing with my setup...the solution for me was to > >> put the "RequestHeader" lines found on the Puppet Passenger wiki page > >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my > >> Apache virtual host config: > > >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > >> ...not sure why that section isn''t included in the provided template > >> (./ext/rack/files/apache2.conf) from the puppet sources (I''m using > >> v0.25.4), but adding them fixed things up for me. Note that I also > >> don''t have an auth.conf file, and even if I add one and take these > >> lines out, I''m back to getting the "err: Could not retrieve catalog > >> from remote server: Error 403 on SERVER:" message. Hope that helps! > > > Indeed this was the solution... thanks so much for your help!! > > I''m agree it''s strange that those lines are not in the provided > > template... > > Anyone know why? > > The documented suggestion -- though I agree it''s not on the wiki page; once we resolve this question here I''d be happy to update UsingPassenger this as I''ve just gone through it myself -- is to go at it from the other direction. Instead of changing apache to match puppet''s defaults, you tell puppet the names of the apache variables: > > (from ext/rack/README) > Required puppet.conf settings: > [puppetmasterd] > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > > Then the required httpd.conf line is just > SSLOptions +StdEnvVars > > which *is* in the config file in the distribution. > > I''m not enough of an expert to know whether one is preferable to the other, though. > > -=Erichum yes indeed it works fine in that way too. I though I already tried that because I saw that in the documentation but I may have done something else wrong at this moment... Thanks Eric! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Isaac Christoffersen
2010-Feb-09 18:39 UTC
Re: [Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
Aha! Fixes my problem too. I knew if I procrastinated enough someone would find an answer. :-) On Tue, Feb 9, 2010 at 2:54 AM, Christophe Bonnaud <takyon77@hotmail.com> wrote:> On Feb 9, 9:50 am, Eric Sorenson <ahp...@gmail.com> wrote: >> On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote: >> >> >> >> >> >> >> I''ve seen the same thing with my setup...the solution for me was to >> >> put the "RequestHeader" lines found on the Puppet Passenger wiki page >> >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my >> >> Apache virtual host config: >> >> >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e >> >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e >> >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e >> >> >> ...not sure why that section isn''t included in the provided template >> >> (./ext/rack/files/apache2.conf) from the puppet sources (I''m using >> >> v0.25.4), but adding them fixed things up for me. Note that I also >> >> don''t have an auth.conf file, and even if I add one and take these >> >> lines out, I''m back to getting the "err: Could not retrieve catalog >> >> from remote server: Error 403 on SERVER:" message. Hope that helps! >> >> > Indeed this was the solution... thanks so much for your help!! >> > I''m agree it''s strange that those lines are not in the provided >> > template... >> > Anyone know why? >> >> The documented suggestion -- though I agree it''s not on the wiki page; once we resolve this question here I''d be happy to update UsingPassenger this as I''ve just gone through it myself -- is to go at it from the other direction. Instead of changing apache to match puppet''s defaults, you tell puppet the names of the apache variables: >> >> (from ext/rack/README) >> Required puppet.conf settings: >> [puppetmasterd] >> ssl_client_header = SSL_CLIENT_S_DN >> ssl_client_verify_header = SSL_CLIENT_VERIFY >> >> Then the required httpd.conf line is just >> SSLOptions +StdEnvVars >> >> which *is* in the config file in the distribution. >> >> I''m not enough of an expert to know whether one is preferable to the other, though. >> >> -=Eric > > > hum yes indeed it works fine in that way too. I though I already tried > that because I saw that in the documentation but I may have done > something else wrong at this moment... > Thanks Eric! > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.