Yushu Yao
2010-Aug-13 22:18 UTC
[Puppet Users] Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Hi Experts,
I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit
and
it refuse to work with an error:
*err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: 192.168.2.3(192.168.2.3) access to
/certificate_revocation_list/ca [find] at line 93*
I googled around and found this problem was discussed some time ago, but
there was no clear fix.
Any help is appreciated.
A side question is where are the logs of puppetmaster stored? They are not
in /var/log/messages nor $logdir/*
Thanks a lot.
-Yushu
*dpkg -l|grep apache*
ii apache2 2.2.14-5ubuntu8 Apache HTTP
Server metapackage
ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP
Server - high speed threaded mod
ii apache2-utils 2.2.14-5ubuntu8 utility
programs for webservers
ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP
Server common binary files
ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP
Server common files
ii libapache2-mod-passenger 2.2.7debian-1 Rails and
Rack support for Apache2
ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI
adapter module for Apache
*dpkg -l|grep ruby*
ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas
bindings for the Ruby language
ii libopenssl-ruby 4.2 OpenSSL
interface for Ruby
ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL
interface for Ruby 1.8
ii librack-ruby 1.1.0-3 A modular
Ruby webserver interface
ii librack-ruby1.8 1.1.0-3 A modular
Ruby webserver interface (Ruby 1.8
ii libreadline-ruby1.8 1.8.7.249-2 Readline
interface for Ruby 1.8
ii libruby 4.2 Libraries
necessary to run Ruby 1.8.x
ii libruby1.8 1.8.7.249-2 Libraries
necessary to run Ruby 1.8
ii libshadow-ruby1.8 1.4.1-8build1 Interface
of shadow password for Ruby 1.8
ii libxmlrpc-ruby 4.2
transitional dummy package
ii rdoc 4.2 Generate
documentation from ruby source file
ii ruby 4.2 An
interpreter of object-oriented scripting
ii ruby1.8 1.8.7.249-2 Interpreter
of object-oriented scripting lan
ii rubygems 1.3.5-1ubuntu2 package
management framework for Ruby librar
ii rubygems1.8 1.3.5-1ubuntu2 package
management framework for Ruby librar
*cat ../puppetrack/puppetmasterd/config.ru *
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.unshift(''/opt/puppet/lib'')
$0 = "puppetmasterd"
require ''puppet''
# if you want debugging:
ARGV << "--debug"
ARGV << "--rack"
require ''puppet/application/puppetmasterd''
# we''re usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run
*cat /etc/puppet/puppet.conf*
[main]
pluginsync = true
[puppetmasterd]
confdir=/opt/cloudcrv/puppet
vardir=/opt/cloudcrv/varpuppet
ssldir = $vardir/ssl
user = cloudcrv
# The Puppet log directory.
# The default value is ''$vardir/log''.
logdir = $vardir/log
# Where Puppet PID files are kept.
# The default value is ''$vardir/run''.
rundir = $vardir/run
# Where SSL certificates are kept.
# The default value is ''$confdir/ssl''.
ssldir = $vardir/ssl
rails_loglevel = debug
*cat /etc/apache2/sites-available/puppetmaster *
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
ServerName 192.168.2.4
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem
SSLCertificateKeyFile
/opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem
SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not
recommended.
#SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public
RackBaseURI /
<Directory /opt/cloudcrv/puppetrack/puppetmasterd/public >
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
*Client Error Message:*
-bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not
exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Failed to load library ''ldap'' for feature
''ldap''
debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring
File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring
File[/var/lib/puppet]
debug: Finishing transaction 70037710483600 with 0 changes
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70037709988180 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for 192.168.2.3
debug: Finishing transaction 70037709743040 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for 192.168.2.3
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in
`deserialize''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in
`find''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find''
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store''
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in
`cert_setup''
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in
`http_instance''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in
`find''
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in
`retrieve_new_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark''
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure''
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime''
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in
`retrieve_new_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in
`retrieve_catalog''
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run''
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client''
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in
`onetime''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail''
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
/usr/sbin/puppetd:160
err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: 192.168.2.3(192.168.2.3) access to
/certificate_revocation_list/ca [find] at line 93
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Yushu
2010-Aug-13 23:46 UTC
[Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Just to add: in the puppet masterlog it shows below. What causes the "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? I''m running inside Eucalyptus, where the domainname is strange. Also, with exactly the same configuration/certs, if I run puppetmasterd directly, it works fine. Thanks a lot! -Yushu Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / production/certificate_revocation_list/ca Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve 192.168.2.3: no name for 192.168.2.3 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to no access for 192.168.2.3 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden request: 192.168.2.3(192.168.2.3) access to / certificate_revocation_list/ca [find] at line 93 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca [find] at line 93 On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote:> Hi Experts, > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and > it refuse to work with an error: > > *err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93* > > I googled around and found this problem was discussed some time ago, but > there was no clear fix. > > Any help is appreciated. > > A side question is where are the logs of puppetmaster stored? They are not > in /var/log/messages nor $logdir/* > > Thanks a lot. > > -Yushu > > *dpkg -l|grep apache* > > ii apache2 2.2.14-5ubuntu8 Apache HTTP > Server metapackage > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP > Server - high speed threaded mod > ii apache2-utils 2.2.14-5ubuntu8 utility > programs for webservers > ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP > Server common binary files > ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP > Server common files > ii libapache2-mod-passenger 2.2.7debian-1 Rails and > Rack support for Apache2 > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI > adapter module for Apache > > *dpkg -l|grep ruby* > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > bindings for the Ruby language > ii libopenssl-ruby 4.2 OpenSSL > interface for Ruby > ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL > interface for Ruby 1.8 > ii librack-ruby 1.1.0-3 A modular > Ruby webserver interface > ii librack-ruby1.8 1.1.0-3 A modular > Ruby webserver interface (Ruby 1.8 > ii libreadline-ruby1.8 1.8.7.249-2 Readline > interface for Ruby 1.8 > ii libruby 4.2 Libraries > necessary to run Ruby 1.8.x > ii libruby1.8 1.8.7.249-2 Libraries > necessary to run Ruby 1.8 > ii libshadow-ruby1.8 1.4.1-8build1 Interface > of shadow password for Ruby 1.8 > ii libxmlrpc-ruby 4.2 > transitional dummy package > ii rdoc 4.2 Generate > documentation from ruby source file > ii ruby 4.2 An > interpreter of object-oriented scripting > ii ruby1.8 1.8.7.249-2 Interpreter > of object-oriented scripting lan > ii rubygems 1.3.5-1ubuntu2 package > management framework for Ruby librar > ii rubygems1.8 1.3.5-1ubuntu2 package > management framework for Ruby librar > > *cat ../puppetrack/puppetmasterd/config.ru * > # a config.ru, for use with every rack-compatible webserver. > # SSL needs to be handled outside this, though. > > # if puppet is not in your RUBYLIB: > # $:.unshift(''/opt/puppet/lib'') > > $0 = "puppetmasterd" > require ''puppet'' > > # if you want debugging: > ARGV << "--debug" > > ARGV << "--rack" > require ''puppet/application/puppetmasterd'' > # we''re usually running inside a Rack::Builder.new {} block, > # therefore we need to call run *here*. > run Puppet::Application[:puppetmasterd].run > > *cat /etc/puppet/puppet.conf* > [main] > pluginsync = true > > [puppetmasterd] > confdir=/opt/cloudcrv/puppet > vardir=/opt/cloudcrv/varpuppet > ssldir = $vardir/ssl > user = cloudcrv > > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = $vardir/log > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = $vardir/run > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > rails_loglevel = debug > > *cat /etc/apache2/sites-available/puppetmaster * > > # you probably want to tune these settings > PassengerHighPerformance on > PassengerMaxPoolSize 12 > PassengerPoolIdleTime 1500 > # PassengerMaxRequests 1000 > PassengerStatThrottleRate 120 > RackAutoDetect Off > RailsAutoDetect Off > > Listen 8140 > > <VirtualHost *:8140> > ServerName 192.168.2.4 > SSLEngine on > SSLProtocol -ALL +SSLv3 +TLSv1 > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > SSLCertificateFile > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > SSLCertificateKeyFile > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > # If Apache complains about invalid signatures on the CRL, you can > try disabling > # CRL checking by commenting the next line, but this is not > recommended. > #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > RackBaseURI / > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > Options None > AllowOverride None > Order allow,deny > allow from all > </Directory> > </VirtualHost> > > *Client Error Message:* > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > debug: Puppet::Type::User::ProviderLdap: true value when expecting false > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > exist > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does > not exist > debug: Failed to load library ''ldap'' for feature ''ldap'' > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > File[/var/lib/puppet] > debug: Finishing transaction 70037710483600 with 0 changes > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/private_keys] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: Finishing transaction 70037709988180 with 0 changes > debug: Using cached certificate for ca > debug: Using cached certificate for 192.168.2.3 > debug: Finishing transaction 70037709743040 with 0 changes > debug: Using cached certificate for ca > debug: Using cached certificate for 192.168.2.3 > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in > `http_instance'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in > `retrieve_new_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark'' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in > `retrieve_new_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in `retrieve_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' > /usr/sbin/puppetd:160 > err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93 > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christian
2010-Aug-14 15:55 UTC
[Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Where did you find the log? I opened a similar thread three days ago... with no results yet. like you I didn''t found it in /var/log/puppet/. On 14 Aug., 01:46, Yushu <yao.yu...@gmail.com> wrote:> Just to add: in the puppet masterlog it shows below. What causes the > "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? > > I''m running inside Eucalyptus, where the domainname is strange. > > Also, with exactly the same configuration/certs, if I run > puppetmasterd directly, it works fine. > > Thanks a lot! > > -Yushu > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / > production/certificate_revocation_list/ca > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve > 192.168.2.3: no name for 192.168.2.3 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to > no access for 192.168.2.3 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden > request: 192.168.2.3(192.168.2.3) access to / > certificate_revocation_list/ca [find] at line 93 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: > 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca > [find] at line 93 > > On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote: > > > Hi Experts, > > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and > > it refuse to work with an error: > > > *err: Could not retrieve catalog from remote server: Error 403 on SERVER: > > Forbidden request: 192.168.2.3(192.168.2.3) access to > > /certificate_revocation_list/ca [find] at line 93* > > > I googled around and found this problem was discussed some time ago, but > > there was no clear fix. > > > Any help is appreciated. > > > A side question is where are the logs of puppetmaster stored? They are not > > in /var/log/messages nor $logdir/* > > > Thanks a lot. > > > -Yushu > > > *dpkg -l|grep apache* > > > ii apache2 2.2.14-5ubuntu8 Apache HTTP > > Server metapackage > > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP > > Server - high speed threaded mod > > ii apache2-utils 2.2.14-5ubuntu8 utility > > programs for webservers > > ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP > > Server common binary files > > ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP > > Server common files > > ii libapache2-mod-passenger 2.2.7debian-1 Rails and > > Rack support for Apache2 > > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI > > adapter module for Apache > > > *dpkg -l|grep ruby* > > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > > bindings for the Ruby language > > ii libopenssl-ruby 4.2 OpenSSL > > interface for Ruby > > ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL > > interface for Ruby 1.8 > > ii librack-ruby 1.1.0-3 A modular > > Ruby webserver interface > > ii librack-ruby1.8 1.1.0-3 A modular > > Ruby webserver interface (Ruby 1.8 > > ii libreadline-ruby1.8 1.8.7.249-2 Readline > > interface for Ruby 1.8 > > ii libruby 4.2 Libraries > > necessary to run Ruby 1.8.x > > ii libruby1.8 1.8.7.249-2 Libraries > > necessary to run Ruby 1.8 > > ii libshadow-ruby1.8 1.4.1-8build1 Interface > > of shadow password for Ruby 1.8 > > ii libxmlrpc-ruby 4.2 > > transitional dummy package > > ii rdoc 4.2 Generate > > documentation from ruby source file > > ii ruby 4.2 An > > interpreter of object-oriented scripting > > ii ruby1.8 1.8.7.249-2 Interpreter > > of object-oriented scripting lan > > ii rubygems 1.3.5-1ubuntu2 package > > management framework for Ruby librar > > ii rubygems1.8 1.3.5-1ubuntu2 package > > management framework for Ruby librar > > > *cat ../puppetrack/puppetmasterd/config.ru * > > # a config.ru, for use with every rack-compatible webserver. > > # SSL needs to be handled outside this, though. > > > # if puppet is not in your RUBYLIB: > > # $:.unshift(''/opt/puppet/lib'') > > > $0 = "puppetmasterd" > > require ''puppet'' > > > # if you want debugging: > > ARGV << "--debug" > > > ARGV << "--rack" > > require ''puppet/application/puppetmasterd'' > > # we''re usually running inside a Rack::Builder.new {} block, > > # therefore we need to call run *here*. > > run Puppet::Application[:puppetmasterd].run > > > *cat /etc/puppet/puppet.conf* > > [main] > > pluginsync = true > > > [puppetmasterd] > > confdir=/opt/cloudcrv/puppet > > vardir=/opt/cloudcrv/varpuppet > > ssldir = $vardir/ssl > > user = cloudcrv > > > # The Puppet log directory. > > # The default value is ''$vardir/log''. > > logdir = $vardir/log > > > # Where Puppet PID files are kept. > > # The default value is ''$vardir/run''. > > rundir = $vardir/run > > > # Where SSL certificates are kept. > > # The default value is ''$confdir/ssl''. > > ssldir = $vardir/ssl > > > rails_loglevel = debug > > > *cat /etc/apache2/sites-available/puppetmaster * > > > # you probably want to tune these settings > > PassengerHighPerformance on > > PassengerMaxPoolSize 12 > > PassengerPoolIdleTime 1500 > > # PassengerMaxRequests 1000 > > PassengerStatThrottleRate 120 > > RackAutoDetect Off > > RailsAutoDetect Off > > > Listen 8140 > > > <VirtualHost *:8140> > > ServerName 192.168.2.4 > > SSLEngine on > > SSLProtocol -ALL +SSLv3 +TLSv1 > > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > > SSLCertificateFile > > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > > SSLCertificateKeyFile > > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > > SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > # If Apache complains about invalid signatures on the CRL, you can > > try disabling > > # CRL checking by commenting the next line, but this is not > > recommended. > > #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > > SSLVerifyClient optional > > SSLVerifyDepth 1 > > SSLOptions +StdEnvVars > > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > > RackBaseURI / > > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > > Options None > > AllowOverride None > > Order allow,deny > > allow from all > > </Directory> > > </VirtualHost> > > > *Client Error Message:* > > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > > debug: Puppet::Type::User::ProviderLdap: true value when expecting false > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > > exist > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does > > not exist > > debug: Failed to load library ''ldap'' for feature ''ldap'' > > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/private_keys] > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > > File[/var/lib/puppet/state] > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > > File[/var/lib/puppet] > > debug: Finishing transaction 70037710483600 with 0 changes > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > ... > > Erfahren Sie mehr »-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Yushu Yao
2010-Aug-14 17:39 UTC
Re: [Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
in ubuntu it is in /var/log/rsyslog On Sat, Aug 14, 2010 at 8:55 AM, Christian < berwangerchristian@googlemail.com> wrote:> Where did you find the log? I opened a similar thread three days > ago... with no results yet. > > like you I didn''t found it in /var/log/puppet/. > > > > On 14 Aug., 01:46, Yushu <yao.yu...@gmail.com> wrote: > > Just to add: in the puppet masterlog it shows below. What causes the > > "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? > > > > I''m running inside Eucalyptus, where the domainname is strange. > > > > Also, with exactly the same configuration/certs, if I run > > puppetmasterd directly, it works fine. > > > > Thanks a lot! > > > > -Yushu > > > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / > > production/certificate_revocation_list/ca > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve > > 192.168.2.3: no name for 192.168.2.3 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to > > no access for 192.168.2.3 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden > > request: 192.168.2.3(192.168.2.3) access to / > > certificate_revocation_list/ca [find] at line 93 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: > > 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca > > [find] at line 93 > > > > On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote: > > > > > Hi Experts, > > > > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit > and > > > it refuse to work with an error: > > > > > *err: Could not retrieve catalog from remote server: Error 403 on > SERVER: > > > Forbidden request: 192.168.2.3(192.168.2.3) access to > > > /certificate_revocation_list/ca [find] at line 93* > > > > > I googled around and found this problem was discussed some time ago, > but > > > there was no clear fix. > > > > > Any help is appreciated. > > > > > A side question is where are the logs of puppetmaster stored? They are > not > > > in /var/log/messages nor $logdir/* > > > > > Thanks a lot. > > > > > -Yushu > > > > > *dpkg -l|grep apache* > > > > > ii apache2 2.2.14-5ubuntu8 Apache > HTTP > > > Server metapackage > > > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache > HTTP > > > Server - high speed threaded mod > > > ii apache2-utils 2.2.14-5ubuntu8 > utility > > > programs for webservers > > > ii apache2.2-bin 2.2.14-5ubuntu8 Apache > HTTP > > > Server common binary files > > > ii apache2.2-common 2.2.14-5ubuntu8 Apache > HTTP > > > Server common files > > > ii libapache2-mod-passenger 2.2.7debian-1 Rails > and > > > Rack support for Apache2 > > > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python > WSGI > > > adapter module for Apache > > > > > *dpkg -l|grep ruby* > > > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > > > bindings for the Ruby language > > > ii libopenssl-ruby 4.2 > OpenSSL > > > interface for Ruby > > > ii libopenssl-ruby1.8 1.8.7.249-2 > OpenSSL > > > interface for Ruby 1.8 > > > ii librack-ruby 1.1.0-3 A > modular > > > Ruby webserver interface > > > ii librack-ruby1.8 1.1.0-3 A > modular > > > Ruby webserver interface (Ruby 1.8 > > > ii libreadline-ruby1.8 1.8.7.249-2 > Readline > > > interface for Ruby 1.8 > > > ii libruby 4.2 > Libraries > > > necessary to run Ruby 1.8.x > > > ii libruby1.8 1.8.7.249-2 > Libraries > > > necessary to run Ruby 1.8 > > > ii libshadow-ruby1.8 1.4.1-8build1 > Interface > > > of shadow password for Ruby 1.8 > > > ii libxmlrpc-ruby 4.2 > > > transitional dummy package > > > ii rdoc 4.2 > Generate > > > documentation from ruby source file > > > ii ruby 4.2 An > > > interpreter of object-oriented scripting > > > ii ruby1.8 1.8.7.249-2 > Interpreter > > > of object-oriented scripting lan > > > ii rubygems 1.3.5-1ubuntu2 > package > > > management framework for Ruby librar > > > ii rubygems1.8 1.3.5-1ubuntu2 > package > > > management framework for Ruby librar > > > > > *cat ../puppetrack/puppetmasterd/config.ru * > > > # a config.ru, for use with every rack-compatible webserver. > > > # SSL needs to be handled outside this, though. > > > > > # if puppet is not in your RUBYLIB: > > > # $:.unshift(''/opt/puppet/lib'') > > > > > $0 = "puppetmasterd" > > > require ''puppet'' > > > > > # if you want debugging: > > > ARGV << "--debug" > > > > > ARGV << "--rack" > > > require ''puppet/application/puppetmasterd'' > > > # we''re usually running inside a Rack::Builder.new {} block, > > > # therefore we need to call run *here*. > > > run Puppet::Application[:puppetmasterd].run > > > > > *cat /etc/puppet/puppet.conf* > > > [main] > > > pluginsync = true > > > > > [puppetmasterd] > > > confdir=/opt/cloudcrv/puppet > > > vardir=/opt/cloudcrv/varpuppet > > > ssldir = $vardir/ssl > > > user = cloudcrv > > > > > # The Puppet log directory. > > > # The default value is ''$vardir/log''. > > > logdir = $vardir/log > > > > > # Where Puppet PID files are kept. > > > # The default value is ''$vardir/run''. > > > rundir = $vardir/run > > > > > # Where SSL certificates are kept. > > > # The default value is ''$confdir/ssl''. > > > ssldir = $vardir/ssl > > > > > rails_loglevel = debug > > > > > *cat /etc/apache2/sites-available/puppetmaster * > > > > > # you probably want to tune these settings > > > PassengerHighPerformance on > > > PassengerMaxPoolSize 12 > > > PassengerPoolIdleTime 1500 > > > # PassengerMaxRequests 1000 > > > PassengerStatThrottleRate 120 > > > RackAutoDetect Off > > > RailsAutoDetect Off > > > > > Listen 8140 > > > > > <VirtualHost *:8140> > > > ServerName 192.168.2.4 > > > SSLEngine on > > > SSLProtocol -ALL +SSLv3 +TLSv1 > > > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > > > > SSLCertificateFile > > > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > > > SSLCertificateKeyFile > > > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > > > SSLCertificateChainFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > > SSLCACertificateFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > > # If Apache complains about invalid signatures on the CRL, you > can > > > try disabling > > > # CRL checking by commenting the next line, but this is not > > > recommended. > > > #SSLCARevocationFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > > > SSLVerifyClient optional > > > SSLVerifyDepth 1 > > > SSLOptions +StdEnvVars > > > > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > > > RackBaseURI / > > > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > > > Options None > > > AllowOverride None > > > Order allow,deny > > > allow from all > > > </Directory> > > > </VirtualHost> > > > > > *Client Error Message:* > > > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > > > debug: Puppet::Type::User::ProviderLdap: true value when expecting > false > > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > > > exist > > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl > does > > > not exist > > > debug: Failed to load library ''ldap'' for feature ''ldap'' > > > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: > Autorequiring > > > File[/etc/puppet/ssl/private_keys] > > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/facts]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > > > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > > > File[/var/lib/puppet/state] > > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/var/lib/puppet/state]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > > > File[/var/lib/puppet] > > > debug: Finishing transaction 70037710483600 with 0 changes > > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/state]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/var/lib/puppet/facts]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > > > ... > > > > Erfahren Sie mehr » > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Brice Figureau
2010-Aug-15 17:09 UTC
Re: [Puppet Users] Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Hi, On 14/08/10 00:18, Yushu Yao wrote:> I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit > and it refuse to work with an error: > > /*err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93*/ >[snipped]> /*cat /etc/puppet/puppet.conf*/ > [main] > pluginsync = true > > [puppetmasterd] > confdir=/opt/cloudcrv/puppet > vardir=/opt/cloudcrv/varpuppet > ssldir = $vardir/ssl > user = cloudcrvI''m no passenger expert (I even don''t use it), but it looks like you are missing the following two important variables: ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY> # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = $vardir/log > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = $vardir/run > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > rails_loglevel = debugDo not run in production with rails_loglevel at debug, it will dump a lot of things to the rails log (ie all SQL requests sent), and certainly will slow down your master. -- Brice Figureau My Blog: http://www.masterzen.fr/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.