Yushu Yao
2010-Aug-13 22:18 UTC
[Puppet Users] Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Hi Experts, I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and it refuse to work with an error: *err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca [find] at line 93* I googled around and found this problem was discussed some time ago, but there was no clear fix. Any help is appreciated. A side question is where are the logs of puppetmaster stored? They are not in /var/log/messages nor $logdir/* Thanks a lot. -Yushu *dpkg -l|grep apache* ii apache2 2.2.14-5ubuntu8 Apache HTTP Server metapackage ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP Server - high speed threaded mod ii apache2-utils 2.2.14-5ubuntu8 utility programs for webservers ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP Server common binary files ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP Server common files ii libapache2-mod-passenger 2.2.7debian-1 Rails and Rack support for Apache2 ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI adapter module for Apache *dpkg -l|grep ruby* ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas bindings for the Ruby language ii libopenssl-ruby 4.2 OpenSSL interface for Ruby ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL interface for Ruby 1.8 ii librack-ruby 1.1.0-3 A modular Ruby webserver interface ii librack-ruby1.8 1.1.0-3 A modular Ruby webserver interface (Ruby 1.8 ii libreadline-ruby1.8 1.8.7.249-2 Readline interface for Ruby 1.8 ii libruby 4.2 Libraries necessary to run Ruby 1.8.x ii libruby1.8 1.8.7.249-2 Libraries necessary to run Ruby 1.8 ii libshadow-ruby1.8 1.4.1-8build1 Interface of shadow password for Ruby 1.8 ii libxmlrpc-ruby 4.2 transitional dummy package ii rdoc 4.2 Generate documentation from ruby source file ii ruby 4.2 An interpreter of object-oriented scripting ii ruby1.8 1.8.7.249-2 Interpreter of object-oriented scripting lan ii rubygems 1.3.5-1ubuntu2 package management framework for Ruby librar ii rubygems1.8 1.3.5-1ubuntu2 package management framework for Ruby librar *cat ../puppetrack/puppetmasterd/config.ru * # a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB: # $:.unshift(''/opt/puppet/lib'') $0 = "puppetmasterd" require ''puppet'' # if you want debugging: ARGV << "--debug" ARGV << "--rack" require ''puppet/application/puppetmasterd'' # we''re usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Application[:puppetmasterd].run *cat /etc/puppet/puppet.conf* [main] pluginsync = true [puppetmasterd] confdir=/opt/cloudcrv/puppet vardir=/opt/cloudcrv/varpuppet ssldir = $vardir/ssl user = cloudcrv # The Puppet log directory. # The default value is ''$vardir/log''. logdir = $vardir/log # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = $vardir/run # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl rails_loglevel = debug *cat /etc/apache2/sites-available/puppetmaster * # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> ServerName 192.168.2.4 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem SSLCertificateKeyFile /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public RackBaseURI / <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> *Client Error Message:* -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Failed to load library ''ldap'' for feature ''ldap'' debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 70037710483600 with 0 changes debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 70037709988180 with 0 changes debug: Using cached certificate for ca debug: Using cached certificate for 192.168.2.3 debug: Finishing transaction 70037709743040 with 0 changes debug: Using cached certificate for ca debug: Using cached certificate for 192.168.2.3 /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in `http_instance'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in `retrieve_new_catalog'' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark'' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark'' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in `retrieve_new_catalog'' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in `retrieve_catalog'' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'' /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime'' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' /usr/sbin/puppetd:160 err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca [find] at line 93 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Yushu
2010-Aug-13 23:46 UTC
[Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Just to add: in the puppet masterlog it shows below. What causes the "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? I''m running inside Eucalyptus, where the domainname is strange. Also, with exactly the same configuration/certs, if I run puppetmasterd directly, it works fine. Thanks a lot! -Yushu Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / production/certificate_revocation_list/ca Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve 192.168.2.3: no name for 192.168.2.3 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to no access for 192.168.2.3 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden request: 192.168.2.3(192.168.2.3) access to / certificate_revocation_list/ca [find] at line 93 Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca [find] at line 93 On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote:> Hi Experts, > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and > it refuse to work with an error: > > *err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93* > > I googled around and found this problem was discussed some time ago, but > there was no clear fix. > > Any help is appreciated. > > A side question is where are the logs of puppetmaster stored? They are not > in /var/log/messages nor $logdir/* > > Thanks a lot. > > -Yushu > > *dpkg -l|grep apache* > > ii apache2 2.2.14-5ubuntu8 Apache HTTP > Server metapackage > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP > Server - high speed threaded mod > ii apache2-utils 2.2.14-5ubuntu8 utility > programs for webservers > ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP > Server common binary files > ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP > Server common files > ii libapache2-mod-passenger 2.2.7debian-1 Rails and > Rack support for Apache2 > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI > adapter module for Apache > > *dpkg -l|grep ruby* > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > bindings for the Ruby language > ii libopenssl-ruby 4.2 OpenSSL > interface for Ruby > ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL > interface for Ruby 1.8 > ii librack-ruby 1.1.0-3 A modular > Ruby webserver interface > ii librack-ruby1.8 1.1.0-3 A modular > Ruby webserver interface (Ruby 1.8 > ii libreadline-ruby1.8 1.8.7.249-2 Readline > interface for Ruby 1.8 > ii libruby 4.2 Libraries > necessary to run Ruby 1.8.x > ii libruby1.8 1.8.7.249-2 Libraries > necessary to run Ruby 1.8 > ii libshadow-ruby1.8 1.4.1-8build1 Interface > of shadow password for Ruby 1.8 > ii libxmlrpc-ruby 4.2 > transitional dummy package > ii rdoc 4.2 Generate > documentation from ruby source file > ii ruby 4.2 An > interpreter of object-oriented scripting > ii ruby1.8 1.8.7.249-2 Interpreter > of object-oriented scripting lan > ii rubygems 1.3.5-1ubuntu2 package > management framework for Ruby librar > ii rubygems1.8 1.3.5-1ubuntu2 package > management framework for Ruby librar > > *cat ../puppetrack/puppetmasterd/config.ru * > # a config.ru, for use with every rack-compatible webserver. > # SSL needs to be handled outside this, though. > > # if puppet is not in your RUBYLIB: > # $:.unshift(''/opt/puppet/lib'') > > $0 = "puppetmasterd" > require ''puppet'' > > # if you want debugging: > ARGV << "--debug" > > ARGV << "--rack" > require ''puppet/application/puppetmasterd'' > # we''re usually running inside a Rack::Builder.new {} block, > # therefore we need to call run *here*. > run Puppet::Application[:puppetmasterd].run > > *cat /etc/puppet/puppet.conf* > [main] > pluginsync = true > > [puppetmasterd] > confdir=/opt/cloudcrv/puppet > vardir=/opt/cloudcrv/varpuppet > ssldir = $vardir/ssl > user = cloudcrv > > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = $vardir/log > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = $vardir/run > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > rails_loglevel = debug > > *cat /etc/apache2/sites-available/puppetmaster * > > # you probably want to tune these settings > PassengerHighPerformance on > PassengerMaxPoolSize 12 > PassengerPoolIdleTime 1500 > # PassengerMaxRequests 1000 > PassengerStatThrottleRate 120 > RackAutoDetect Off > RailsAutoDetect Off > > Listen 8140 > > <VirtualHost *:8140> > ServerName 192.168.2.4 > SSLEngine on > SSLProtocol -ALL +SSLv3 +TLSv1 > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > SSLCertificateFile > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > SSLCertificateKeyFile > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > # If Apache complains about invalid signatures on the CRL, you can > try disabling > # CRL checking by commenting the next line, but this is not > recommended. > #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > RackBaseURI / > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > Options None > AllowOverride None > Order allow,deny > allow from all > </Directory> > </VirtualHost> > > *Client Error Message:* > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > debug: Puppet::Type::User::ProviderLdap: true value when expecting false > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > exist > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does > not exist > debug: Failed to load library ''ldap'' for feature ''ldap'' > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > File[/var/lib/puppet] > debug: Finishing transaction 70037710483600 with 0 changes > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > File[/etc/puppet/ssl/private_keys] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: Finishing transaction 70037709988180 with 0 changes > debug: Using cached certificate for ca > debug: Using cached certificate for 192.168.2.3 > debug: Finishing transaction 70037709743040 with 0 changes > debug: Using cached certificate for ca > debug: Using cached certificate for 192.168.2.3 > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in `deserialize'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in > `http_instance'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in > `retrieve_new_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark'' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in > `retrieve_new_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in `retrieve_catalog'' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'' > /usr/sbin/puppetd:160 > err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93 > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christian
2010-Aug-14 15:55 UTC
[Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Where did you find the log? I opened a similar thread three days ago... with no results yet. like you I didn''t found it in /var/log/puppet/. On 14 Aug., 01:46, Yushu <yao.yu...@gmail.com> wrote:> Just to add: in the puppet masterlog it shows below. What causes the > "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? > > I''m running inside Eucalyptus, where the domainname is strange. > > Also, with exactly the same configuration/certs, if I run > puppetmasterd directly, it works fine. > > Thanks a lot! > > -Yushu > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / > production/certificate_revocation_list/ca > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve > 192.168.2.3: no name for 192.168.2.3 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to > no access for 192.168.2.3 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden > request: 192.168.2.3(192.168.2.3) access to / > certificate_revocation_list/ca [find] at line 93 > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: > 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca > [find] at line 93 > > On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote: > > > Hi Experts, > > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit and > > it refuse to work with an error: > > > *err: Could not retrieve catalog from remote server: Error 403 on SERVER: > > Forbidden request: 192.168.2.3(192.168.2.3) access to > > /certificate_revocation_list/ca [find] at line 93* > > > I googled around and found this problem was discussed some time ago, but > > there was no clear fix. > > > Any help is appreciated. > > > A side question is where are the logs of puppetmaster stored? They are not > > in /var/log/messages nor $logdir/* > > > Thanks a lot. > > > -Yushu > > > *dpkg -l|grep apache* > > > ii apache2 2.2.14-5ubuntu8 Apache HTTP > > Server metapackage > > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache HTTP > > Server - high speed threaded mod > > ii apache2-utils 2.2.14-5ubuntu8 utility > > programs for webservers > > ii apache2.2-bin 2.2.14-5ubuntu8 Apache HTTP > > Server common binary files > > ii apache2.2-common 2.2.14-5ubuntu8 Apache HTTP > > Server common files > > ii libapache2-mod-passenger 2.2.7debian-1 Rails and > > Rack support for Apache2 > > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python WSGI > > adapter module for Apache > > > *dpkg -l|grep ruby* > > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > > bindings for the Ruby language > > ii libopenssl-ruby 4.2 OpenSSL > > interface for Ruby > > ii libopenssl-ruby1.8 1.8.7.249-2 OpenSSL > > interface for Ruby 1.8 > > ii librack-ruby 1.1.0-3 A modular > > Ruby webserver interface > > ii librack-ruby1.8 1.1.0-3 A modular > > Ruby webserver interface (Ruby 1.8 > > ii libreadline-ruby1.8 1.8.7.249-2 Readline > > interface for Ruby 1.8 > > ii libruby 4.2 Libraries > > necessary to run Ruby 1.8.x > > ii libruby1.8 1.8.7.249-2 Libraries > > necessary to run Ruby 1.8 > > ii libshadow-ruby1.8 1.4.1-8build1 Interface > > of shadow password for Ruby 1.8 > > ii libxmlrpc-ruby 4.2 > > transitional dummy package > > ii rdoc 4.2 Generate > > documentation from ruby source file > > ii ruby 4.2 An > > interpreter of object-oriented scripting > > ii ruby1.8 1.8.7.249-2 Interpreter > > of object-oriented scripting lan > > ii rubygems 1.3.5-1ubuntu2 package > > management framework for Ruby librar > > ii rubygems1.8 1.3.5-1ubuntu2 package > > management framework for Ruby librar > > > *cat ../puppetrack/puppetmasterd/config.ru * > > # a config.ru, for use with every rack-compatible webserver. > > # SSL needs to be handled outside this, though. > > > # if puppet is not in your RUBYLIB: > > # $:.unshift(''/opt/puppet/lib'') > > > $0 = "puppetmasterd" > > require ''puppet'' > > > # if you want debugging: > > ARGV << "--debug" > > > ARGV << "--rack" > > require ''puppet/application/puppetmasterd'' > > # we''re usually running inside a Rack::Builder.new {} block, > > # therefore we need to call run *here*. > > run Puppet::Application[:puppetmasterd].run > > > *cat /etc/puppet/puppet.conf* > > [main] > > pluginsync = true > > > [puppetmasterd] > > confdir=/opt/cloudcrv/puppet > > vardir=/opt/cloudcrv/varpuppet > > ssldir = $vardir/ssl > > user = cloudcrv > > > # The Puppet log directory. > > # The default value is ''$vardir/log''. > > logdir = $vardir/log > > > # Where Puppet PID files are kept. > > # The default value is ''$vardir/run''. > > rundir = $vardir/run > > > # Where SSL certificates are kept. > > # The default value is ''$confdir/ssl''. > > ssldir = $vardir/ssl > > > rails_loglevel = debug > > > *cat /etc/apache2/sites-available/puppetmaster * > > > # you probably want to tune these settings > > PassengerHighPerformance on > > PassengerMaxPoolSize 12 > > PassengerPoolIdleTime 1500 > > # PassengerMaxRequests 1000 > > PassengerStatThrottleRate 120 > > RackAutoDetect Off > > RailsAutoDetect Off > > > Listen 8140 > > > <VirtualHost *:8140> > > ServerName 192.168.2.4 > > SSLEngine on > > SSLProtocol -ALL +SSLv3 +TLSv1 > > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > > SSLCertificateFile > > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > > SSLCertificateKeyFile > > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > > SSLCertificateChainFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > SSLCACertificateFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > # If Apache complains about invalid signatures on the CRL, you can > > try disabling > > # CRL checking by commenting the next line, but this is not > > recommended. > > #SSLCARevocationFile /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > > SSLVerifyClient optional > > SSLVerifyDepth 1 > > SSLOptions +StdEnvVars > > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > > RackBaseURI / > > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > > Options None > > AllowOverride None > > Order allow,deny > > allow from all > > </Directory> > > </VirtualHost> > > > *Client Error Message:* > > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > > debug: Puppet::Type::User::ProviderLdap: true value when expecting false > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > > exist > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does > > not exist > > debug: Failed to load library ''ldap'' for feature ''ldap'' > > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/private_keys] > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > > File[/var/lib/puppet/state] > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > > File[/var/lib/puppet] > > debug: Finishing transaction 70037710483600 with 0 changes > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > ... > > Erfahren Sie mehr »-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Yushu Yao
2010-Aug-14 17:39 UTC
Re: [Puppet Users] Re: Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
in ubuntu it is in /var/log/rsyslog On Sat, Aug 14, 2010 at 8:55 AM, Christian < berwangerchristian@googlemail.com> wrote:> Where did you find the log? I opened a similar thread three days > ago... with no results yet. > > like you I didn''t found it in /var/log/puppet/. > > > > On 14 Aug., 01:46, Yushu <yao.yu...@gmail.com> wrote: > > Just to add: in the puppet masterlog it shows below. What causes the > > "Could not resolve 192.168.2.3: no name for 192.168.2.3" ? > > > > I''m running inside Eucalyptus, where the domainname is strange. > > > > Also, with exactly the same configuration/certs, if I run > > puppetmasterd directly, it works fine. > > > > Thanks a lot! > > > > -Yushu > > > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Handling request: GET / > > production/certificate_revocation_list/ca > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Could not resolve > > 192.168.2.3: no name for 192.168.2.3 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: (access[/]) defaulting to > > no access for 192.168.2.3 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Denying access: Forbidden > > request: 192.168.2.3(192.168.2.3) access to / > > certificate_revocation_list/ca [find] at line 93 > > Aug 13 23:43:22 ubuntu puppetmasterd[10619]: Forbidden request: > > 192.168.2.3(192.168.2.3) access to /certificate_revocation_list/ca > > [find] at line 93 > > > > On Aug 13, 3:18 pm, Yushu Yao <yao.yu...@gmail.com> wrote: > > > > > Hi Experts, > > > > > I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit > and > > > it refuse to work with an error: > > > > > *err: Could not retrieve catalog from remote server: Error 403 on > SERVER: > > > Forbidden request: 192.168.2.3(192.168.2.3) access to > > > /certificate_revocation_list/ca [find] at line 93* > > > > > I googled around and found this problem was discussed some time ago, > but > > > there was no clear fix. > > > > > Any help is appreciated. > > > > > A side question is where are the logs of puppetmaster stored? They are > not > > > in /var/log/messages nor $logdir/* > > > > > Thanks a lot. > > > > > -Yushu > > > > > *dpkg -l|grep apache* > > > > > ii apache2 2.2.14-5ubuntu8 Apache > HTTP > > > Server metapackage > > > ii apache2-mpm-worker 2.2.14-5ubuntu8 Apache > HTTP > > > Server - high speed threaded mod > > > ii apache2-utils 2.2.14-5ubuntu8 > utility > > > programs for webservers > > > ii apache2.2-bin 2.2.14-5ubuntu8 Apache > HTTP > > > Server common binary files > > > ii apache2.2-common 2.2.14-5ubuntu8 Apache > HTTP > > > Server common files > > > ii libapache2-mod-passenger 2.2.7debian-1 Rails > and > > > Rack support for Apache2 > > > ii libapache2-mod-wsgi 2.8-2ubuntu1 Python > WSGI > > > adapter module for Apache > > > > > *dpkg -l|grep ruby* > > > ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas > > > bindings for the Ruby language > > > ii libopenssl-ruby 4.2 > OpenSSL > > > interface for Ruby > > > ii libopenssl-ruby1.8 1.8.7.249-2 > OpenSSL > > > interface for Ruby 1.8 > > > ii librack-ruby 1.1.0-3 A > modular > > > Ruby webserver interface > > > ii librack-ruby1.8 1.1.0-3 A > modular > > > Ruby webserver interface (Ruby 1.8 > > > ii libreadline-ruby1.8 1.8.7.249-2 > Readline > > > interface for Ruby 1.8 > > > ii libruby 4.2 > Libraries > > > necessary to run Ruby 1.8.x > > > ii libruby1.8 1.8.7.249-2 > Libraries > > > necessary to run Ruby 1.8 > > > ii libshadow-ruby1.8 1.4.1-8build1 > Interface > > > of shadow password for Ruby 1.8 > > > ii libxmlrpc-ruby 4.2 > > > transitional dummy package > > > ii rdoc 4.2 > Generate > > > documentation from ruby source file > > > ii ruby 4.2 An > > > interpreter of object-oriented scripting > > > ii ruby1.8 1.8.7.249-2 > Interpreter > > > of object-oriented scripting lan > > > ii rubygems 1.3.5-1ubuntu2 > package > > > management framework for Ruby librar > > > ii rubygems1.8 1.3.5-1ubuntu2 > package > > > management framework for Ruby librar > > > > > *cat ../puppetrack/puppetmasterd/config.ru * > > > # a config.ru, for use with every rack-compatible webserver. > > > # SSL needs to be handled outside this, though. > > > > > # if puppet is not in your RUBYLIB: > > > # $:.unshift(''/opt/puppet/lib'') > > > > > $0 = "puppetmasterd" > > > require ''puppet'' > > > > > # if you want debugging: > > > ARGV << "--debug" > > > > > ARGV << "--rack" > > > require ''puppet/application/puppetmasterd'' > > > # we''re usually running inside a Rack::Builder.new {} block, > > > # therefore we need to call run *here*. > > > run Puppet::Application[:puppetmasterd].run > > > > > *cat /etc/puppet/puppet.conf* > > > [main] > > > pluginsync = true > > > > > [puppetmasterd] > > > confdir=/opt/cloudcrv/puppet > > > vardir=/opt/cloudcrv/varpuppet > > > ssldir = $vardir/ssl > > > user = cloudcrv > > > > > # The Puppet log directory. > > > # The default value is ''$vardir/log''. > > > logdir = $vardir/log > > > > > # Where Puppet PID files are kept. > > > # The default value is ''$vardir/run''. > > > rundir = $vardir/run > > > > > # Where SSL certificates are kept. > > > # The default value is ''$confdir/ssl''. > > > ssldir = $vardir/ssl > > > > > rails_loglevel = debug > > > > > *cat /etc/apache2/sites-available/puppetmaster * > > > > > # you probably want to tune these settings > > > PassengerHighPerformance on > > > PassengerMaxPoolSize 12 > > > PassengerPoolIdleTime 1500 > > > # PassengerMaxRequests 1000 > > > PassengerStatThrottleRate 120 > > > RackAutoDetect Off > > > RailsAutoDetect Off > > > > > Listen 8140 > > > > > <VirtualHost *:8140> > > > ServerName 192.168.2.4 > > > SSLEngine on > > > SSLProtocol -ALL +SSLv3 +TLSv1 > > > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > > > > SSLCertificateFile > > > /opt/cloudcrv/varpuppet/ssl/certs/192.168.2.4.pem > > > SSLCertificateKeyFile > > > /opt/cloudcrv/varpuppet/ssl/private_keys/192.168.2.4.pem > > > SSLCertificateChainFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > > SSLCACertificateFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crt.pem > > > # If Apache complains about invalid signatures on the CRL, you > can > > > try disabling > > > # CRL checking by commenting the next line, but this is not > > > recommended. > > > #SSLCARevocationFile > /opt/cloudcrv/varpuppet/ssl/ca/ca_crl.pem > > > SSLVerifyClient optional > > > SSLVerifyDepth 1 > > > SSLOptions +StdEnvVars > > > > > DocumentRoot /opt/cloudcrv/puppetrack/puppetmasterd/public > > > RackBaseURI / > > > <Directory /opt/cloudcrv/puppetrack/puppetmasterd/public > > > > Options None > > > AllowOverride None > > > Order allow,deny > > > allow from all > > > </Directory> > > > </VirtualHost> > > > > > *Client Error Message:* > > > -bash-3.2# puppetd --test --debug --server=192.168.2.4 --trace > > > debug: Puppet::Type::User::ProviderLdap: true value when expecting > false > > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > > > exist > > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl > does > > > not exist > > > debug: Failed to load library ''ldap'' for feature ''ldap'' > > > debug: /File[/etc/puppet/ssl/private_keys/192.168.2.3.pem]: > Autorequiring > > > File[/etc/puppet/ssl/private_keys] > > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/facts]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > > > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > > > File[/var/lib/puppet/state] > > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/var/lib/puppet/state]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > > > File[/var/lib/puppet] > > > debug: Finishing transaction 70037710483600 with 0 changes > > > debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/var/lib/puppet/state]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/var/lib/puppet/facts]: Autorequiring > File[/var/lib/puppet] > > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/etc/puppet/ssl/certs/192.168.2.3.pem]: Autorequiring > > > File[/etc/puppet/ssl/certs] > > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > > > ... > > > > Erfahren Sie mehr » > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Brice Figureau
2010-Aug-15 17:09 UTC
Re: [Puppet Users] Puppet via Passenger+Apache2 on Ubuntu /certificate_revocation_list/ca 403 error
Hi, On 14/08/10 00:18, Yushu Yao wrote:> I''m trying to run puppet via passenger _ apache2 on ubuntu 10.04 64bit > and it refuse to work with an error: > > /*err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: 192.168.2.3(192.168.2.3) access to > /certificate_revocation_list/ca [find] at line 93*/ >[snipped]> /*cat /etc/puppet/puppet.conf*/ > [main] > pluginsync = true > > [puppetmasterd] > confdir=/opt/cloudcrv/puppet > vardir=/opt/cloudcrv/varpuppet > ssldir = $vardir/ssl > user = cloudcrvI''m no passenger expert (I even don''t use it), but it looks like you are missing the following two important variables: ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY> # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = $vardir/log > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = $vardir/run > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > rails_loglevel = debugDo not run in production with rails_loglevel at debug, it will dump a lot of things to the rails log (ie all SQL requests sent), and certainly will slow down your master. -- Brice Figureau My Blog: http://www.masterzen.fr/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.