jimmy@goffaux.fr
2011-Jul-22 11:30 UTC
[Puppet Users] Random error in the recovery catalog
Hello, I randomly errors like this: Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not retrieve catalog from remote server: end of file reached Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (notice): Using cached catalog Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not retrieve catalog; skipping run Here are the versions: puppetmaster 2.6.2-4~bpo50+1 puppet 2.6.2-4 => Squeeze puppet 2.6.2-4~bpo50+1 => lenny I have about 130 customer puppet. I left the default time interval. Someone managed to solve this problem? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> I have about 130 customer puppet. > I left the default time interval.Are you still running with default webrick on the puppetmaster? (If you didn''t change anything, then yes you are). If yes, it''s time to scale out and use either a Mongrel or Passenger-based Setup: http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger ~pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jimmy@goffaux.fr
2011-Jul-26 12:33 UTC
[Puppet Users] Re: Random error in the recovery catalog
Passenger is already installed, but was not configured to Puppet. I will do the migration and I will return here. Thank you! On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote:> > I have about 130 customer puppet. > > I left the default time interval. > > Are you still running with default webrick on the puppetmaster? (If you > didn''t change anything, then yes you are). > > If yes, it''s time to scale out and use either a Mongrel or > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > ~pete-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jimmy@goffaux.fr
2011-Aug-16 14:31 UTC
[Puppet Users] Re: Random error in the recovery catalog
Hello, I just set up Puppet / Passenger by following the documentation. For servers already authenticated key I do not encounter problems, but for new I have these errors: <pre> root@server2:~# puppetd --test --no-daemonize info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed </pre> Also, I get a new type of error by mail: <pre> Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>414 Request-URI Too Large</title> </head><body> <h1>Request-URI Too Large</h1> <p>The requested URL''s length exceeds the capacity limit for this server.<br /> </p> <hr> <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ address> </body></html> Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using cached catalog Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog; skipping run </pre> I have set the variable: <pre> PassengerMaxRequests 10000 </pre> But I doubt that this impact on this error. Again, thank you! Jimmy On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote:> Passenger is already installed, but was not configured to Puppet. > I will do the migration and I will return here. > > Thank you! > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > > > > I have about 130 customer puppet. > > > I left the default time interval. > > > Are you still running with default webrick on the puppetmaster? (If you > > didn''t change anything, then yes you are). > > > If yes, it''s time to scale out and use either a Mongrel or > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > ~pete-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jimmy@goffaux.fr
2011-Aug-16 14:42 UTC
[Puppet Users] Re: Random error in the recovery catalog
Hello, I just set up Puppet / Passenger by following the documentation. For servers already authenticated key I do not encounter problems, but for new I have these errors: <--> root@server2:~# puppetd --test --no-daemonize warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for server2.fqdn info: Certificate Request fingerprint (md5): F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>405 Method Not Allowed</ title> </ head><body> <h1>Method Not Allowed</ h1> <p>The requested method PUT is not allowed for the URL /production/ certificate_request/server2.fqdn.</ p> <hr> <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ address> </body></ html> Exiting; failed to retrieve certificate and waitforcert is disabled root@server2:~# <---> Also, I get a new type of error by mail: <---> Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>414 Request-URI Too Large</title> </head><body> <h1>Request-URI Too Large</h1> <p>The requested URL''s length exceeds the capacity limit for this server.<br /> </p> <hr> <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ address> </body></html> Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using cached catalog Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog; skipping run <----> I have set the variable: <---> PassengerMaxRequests 10000 <---> But I doubt that this impact on this error. Again, thank you! Jimmy On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote:> Passenger is already installed, but was not configured to Puppet. > I will do the migration and I will return here. > > Thank you! > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > > > > I have about 130 customer puppet. > > > I left the default time interval. > > > Are you still running with default webrick on the puppetmaster? (If you > > didn''t change anything, then yes you are). > > > If yes, it''s time to scale out and use either a Mongrel or > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > ~pete-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jimmy@goffaux.fr
2011-Aug-24 10:19 UTC
[Puppet Users] Re: Random error in the recovery catalog
Does anyone have an idea? Thanks you On 16 août, 10:42, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote:> Hello, > > I just set up Puppet / Passenger by following the documentation. > For servers already authenticated key I do not encounter problems, but > for new I have these errors: > > <--> > root@server2:~# puppetd --test --no-daemonize > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for server2.fqdn > info: Certificate Request fingerprint (md5): > F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 > warning: peer certificate won''t be verified in this SSL session > err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>405 Method Not Allowed</ > title> > </ > head><body> > <h1>Method Not Allowed</ > h1> > <p>The requested method PUT is not allowed for the URL /production/ > certificate_request/server2.fqdn.</ > p> > <hr> > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ > address> > </body></ > html> > > Exiting; failed to retrieve certificate and waitforcert is disabled > root@server2:~# > <---> > > Also, I get a new type of error by mail: > > <---> > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>414 Request-URI Too Large</title> > </head><body> > <h1>Request-URI Too Large</h1> > <p>The requested URL''s length exceeds the capacity > limit for this server.<br /> > </p> > <hr> > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ > address> > </body></html> > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using > cached catalog > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > retrieve catalog; skipping run > > <----> > > I have set the variable: > <---> > PassengerMaxRequests 10000 > <---> > > But I doubt that this impact on this error. > > Again, thank you! > Jimmy > > On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > > > > > > Passenger is already installed, but was not configured to Puppet. > > I will do the migration and I will return here. > > > Thank you! > > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > I have about 130 customer puppet. > > > > I left the default time interval. > > > > Are you still running with default webrick on the puppetmaster? (If you > > > didn''t change anything, then yes you are). > > > > If yes, it''s time to scale out and use either a Mongrel or > > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > > ~pete-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Antoine Benkemoun
2011-Aug-24 10:27 UTC
Re: [Puppet Users] Re: Random error in the recovery catalog
I''m not going to be of much help but I also get your first error message from time to time and it goes away without having me do anything. I''m talking about this one : err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I think this may be due to the fact that by default Puppet runs with webrick (please correct me if I''m wrong) or something similar which can only process requests one at a time. Kind of like if this was some sort of disguised timeout. I have not tried to run Puppet with Passenger so I can''t confirm this. Antoine On Wed, Aug 24, 2011 at 12:19 PM, jimmy@goffaux.fr <jimmy@goffaux.fr> wrote:> Does anyone have an idea? > > Thanks you > > On 16 août, 10:42, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > Hello, > > > > I just set up Puppet / Passenger by following the documentation. > > For servers already authenticated key I do not encounter problems, but > > for new I have these errors: > > > > <--> > > root@server2:~# puppetd --test --no-daemonize > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > info: Creating a new SSL certificate request for server2.fqdn > > info: Certificate Request fingerprint (md5): > > F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 > > warning: peer certificate won''t be verified in this SSL session > > err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>405 Method Not Allowed</ > > title> > > </ > > head><body> > > <h1>Method Not Allowed</ > > h1> > > <p>The requested method PUT is not allowed for the URL /production/ > > certificate_request/server2.fqdn.</ > > p> > > <hr> > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ > > address> > > </body></ > > html> > > > > Exiting; failed to retrieve certificate and waitforcert is disabled > > root@server2:~# > > <---> > > > > Also, I get a new type of error by mail: > > > > <---> > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>414 Request-URI Too Large</title> > > </head><body> > > <h1>Request-URI Too Large</h1> > > <p>The requested URL''s length exceeds the capacity > > limit for this server.<br /> > > </p> > > <hr> > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ > > address> > > </body></html> > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using > > cached catalog > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > retrieve catalog; skipping run > > > > <----> > > > > I have set the variable: > > <---> > > PassengerMaxRequests 10000 > > <---> > > > > But I doubt that this impact on this error. > > > > Again, thank you! > > Jimmy > > > > On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > > > > > > > > > > > > > > Passenger is already installed, but was not configured to Puppet. > > > I will do the migration and I will return here. > > > > > Thank you! > > > > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > I have about 130 customer puppet. > > > > > I left the default time interval. > > > > > > Are you still running with default webrick on the puppetmaster? (If > you > > > > didn''t change anything, then yes you are). > > > > > > If yes, it''s time to scale out and use either a Mongrel or > > > > Passenger-based Setup: > http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > > > > ~pete > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi, Have you made any changes to your auth.conf? Are you auto signing your certs? How have you configured apache and passenger? Here''s what you can do as a test. Remove the apache passenger vhost and run puppet using webrick (puppetmasterd). If your client cant connect then your puppet conf needs checking. If it works, then the problem is in your apache configs. Cheers, Den On 24/08/2011, at 20:27, Antoine Benkemoun <antoine.benkemoun@gmail.com> wrote:> I''m not going to be of much help but I also get your first error message from time to time and it goes away without having me do anything. > > I''m talking about this one : > > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > certificate verify failed > > I think this may be due to the fact that by default Puppet runs with webrick (please correct me if I''m wrong) or something similar which can only process requests one at a time. Kind of like if this was some sort of disguised timeout. I have not tried to run Puppet with Passenger so I can''t confirm this. > > Antoine > On Wed, Aug 24, 2011 at 12:19 PM, jimmy@goffaux.fr <jimmy@goffaux.fr> wrote: > Does anyone have an idea? > > Thanks you > > On 16 août, 10:42, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > Hello, > > > > I just set up Puppet / Passenger by following the documentation. > > For servers already authenticated key I do not encounter problems, but > > for new I have these errors: > > > > <--> > > root@server2:~# puppetd --test --no-daemonize > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > info: Creating a new SSL certificate request for server2.fqdn > > info: Certificate Request fingerprint (md5): > > F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 > > warning: peer certificate won''t be verified in this SSL session > > err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>405 Method Not Allowed</ > > title> > > </ > > head><body> > > <h1>Method Not Allowed</ > > h1> > > <p>The requested method PUT is not allowed for the URL /production/ > > certificate_request/server2.fqdn.</ > > p> > > <hr> > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ > > address> > > </body></ > > html> > > > > Exiting; failed to retrieve certificate and waitforcert is disabled > > root@server2:~# > > <---> > > > > Also, I get a new type of error by mail: > > > > <---> > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>414 Request-URI Too Large</title> > > </head><body> > > <h1>Request-URI Too Large</h1> > > <p>The requested URL''s length exceeds the capacity > > limit for this server.<br /> > > </p> > > <hr> > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ > > address> > > </body></html> > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using > > cached catalog > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > retrieve catalog; skipping run > > > > <----> > > > > I have set the variable: > > <---> > > PassengerMaxRequests 10000 > > <---> > > > > But I doubt that this impact on this error. > > > > Again, thank you! > > Jimmy > > > > On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > > > > > > > > > > > > > > Passenger is already installed, but was not configured to Puppet. > > > I will do the migration and I will return here. > > > > > Thank you! > > > > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > I have about 130 customer puppet. > > > > > I left the default time interval. > > > > > > Are you still running with default webrick on the puppetmaster? (If you > > > > didn''t change anything, then yes you are). > > > > > > If yes, it''s time to scale out and use either a Mongrel or > > > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > > > > ~pete > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Funny thing.. I just set up apache passenger on my desktop (as opposed to my normal apache/passenger puppetmasters) and have the same issue. Looking through the apache logs it is showing that it is trying to PUT to a directory that doesn''t exist on the filesystem. <title>405 Method Not Allowed</title> </head><body> <h1>Method Not Allowed</h1> Digging a little further the difference between my desktop and the servers funnily enough is SELinux. Looking at the audit.log I noticed that httpd was not allowed to run the passenger app. A lot of trial and audit2allow''s later I have it working (kinda). Could this be your problem too? Cheers, Den On Aug 25, 8:20 am, Denmat <tu2bg...@gmail.com> wrote:> Hi, > > Have you made any changes to your auth.conf? Are you auto signing your certs? How have you configured apache and passenger? > > Here''s what you can do as a test. Remove the apache passenger vhost and run puppet using webrick (puppetmasterd). If your client cant connect then your puppet conf needs checking. If it works, then the problem is in your apache configs. > > Cheers, > Den > > On 24/08/2011, at 20:27, Antoine Benkemoun <antoine.benkem...@gmail.com> wrote: > > > > > > > > > I''m not going to be of much help but I also get your first error message from time to time and it goes away without having me do anything. > > > I''m talking about this one : > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > > verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: > > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > > certificate verify failed > > > I think this may be due to the fact that by default Puppet runs with webrick (please correct me if I''m wrong) or something similar which can only process requests one at a time. Kind of like if this was some sort of disguised timeout. I have not tried to run Puppet with Passenger so I can''t confirm this. > > > Antoine > > On Wed, Aug 24, 2011 at 12:19 PM, ji...@goffaux.fr <ji...@goffaux.fr> wrote: > > Does anyone have an idea? > > > Thanks you > > > On 16 août, 10:42, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > Hello, > > > > I just set up Puppet / Passenger by following the documentation. > > > For servers already authenticated key I do not encounter problems, but > > > for new I have these errors: > > > > <--> > > > root@server2:~# puppetd --test --no-daemonize > > > warning: peer certificate won''t be verified in this SSL session > > > warning: peer certificate won''t be verified in this SSL session > > > info: Creating a new SSL certificate request for server2.fqdn > > > info: Certificate Request fingerprint (md5): > > > F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 > > > warning: peer certificate won''t be verified in this SSL session > > > err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE > > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > > <html><head> > > > <title>405 Method Not Allowed</ > > > title> > > > </ > > > head><body> > > > <h1>Method Not Allowed</ > > > h1> > > > <p>The requested method PUT is not allowed for the URL /production/ > > > certificate_request/server2.fqdn.</ > > > p> > > > <hr> > > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ > > > address> > > > </body></ > > > html> > > > > Exiting; failed to retrieve certificate and waitforcert is disabled > > > root@server2:~# > > > <---> > > > > Also, I get a new type of error by mail: > > > > <---> > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > > retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE > > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > > <html><head> > > > <title>414 Request-URI Too Large</title> > > > </head><body> > > > <h1>Request-URI Too Large</h1> > > > <p>The requested URL''s length exceeds the capacity > > > limit for this server.<br /> > > > </p> > > > <hr> > > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ > > > address> > > > </body></html> > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using > > > cached catalog > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > > retrieve catalog; skipping run > > > > <----> > > > > I have set the variable: > > > <---> > > > PassengerMaxRequests 10000 > > > <---> > > > > But I doubt that this impact on this error. > > > > Again, thank you! > > > Jimmy > > > > On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > > Passenger is already installed, but was not configured to Puppet. > > > > I will do the migration and I will return here. > > > > > Thank you! > > > > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > I have about 130 customer puppet. > > > > > > I left the default time interval. > > > > > > Are you still running with default webrick on the puppetmaster? (If you > > > > > didn''t change anything, then yes you are). > > > > > > If yes, it''s time to scale out and use either a Mongrel or > > > > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > > > > ~pete > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jimmy@goffaux.fr
2011-Sep-18 12:35 UTC
[Puppet Users] Re: Random error in the recovery catalog
Hello, I''m resolv all problems after installation Apache / Passenger !! Thanks !! On 25 août, 02:54, denmat <tu2bg...@gmail.com> wrote:> Funny thing.. I just set up apache passenger on my desktop (as opposed > to my normal apache/passenger puppetmasters) and have the same issue. > > Looking through the apache logs it is showing that it is trying to PUT > to a directory that doesn''t exist on the filesystem. > > <title>405 Method Not Allowed</title> > </head><body> > <h1>Method Not Allowed</h1> > > Digging a little further the difference between my desktop and the > servers funnily enough is SELinux. Looking at the audit.log I noticed > that httpd was not allowed to run the passenger app. > > A lot of trial and audit2allow''s later I have it working (kinda). > Could this be your problem too? > > Cheers, > Den > > On Aug 25, 8:20 am, Denmat <tu2bg...@gmail.com> wrote: > > > > > > > > > Hi, > > > Have you made any changes to your auth.conf? Are you auto signing your certs? How have you configured apache and passenger? > > > Here''s what you can do as a test. Remove the apache passenger vhost and run puppet using webrick (puppetmasterd). If your client cant connect then your puppet conf needs checking. If it works, then the problem is in your apache configs. > > > Cheers, > > Den > > > On 24/08/2011, at 20:27, Antoine Benkemoun <antoine.benkem...@gmail.com> wrote: > > > > I''m not going to be of much help but I also get your first error message from time to time and it goes away without having me do anything. > > > > I''m talking about this one : > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > > > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > > > verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: > > > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > > > certificate verify failed > > > > I think this may be due to the fact that by default Puppet runs with webrick (please correct me if I''m wrong) or something similar which can only process requests one at a time. Kind of like if this was some sort of disguised timeout. I have not tried to run Puppet with Passenger so I can''t confirm this. > > > > Antoine > > > On Wed, Aug 24, 2011 at 12:19 PM, ji...@goffaux.fr <ji...@goffaux.fr> wrote: > > > Does anyone have an idea? > > > > Thanks you > > > > On 16 août, 10:42, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > Hello, > > > > > I just set up Puppet / Passenger by following the documentation. > > > > For servers already authenticated key I do not encounter problems, but > > > > for new I have these errors: > > > > > <--> > > > > root@server2:~# puppetd --test --no-daemonize > > > > warning: peer certificate won''t be verified in this SSL session > > > > warning: peer certificate won''t be verified in this SSL session > > > > info: Creating a new SSL certificate request for server2.fqdn > > > > info: Certificate Request fingerprint (md5): > > > > F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 > > > > warning: peer certificate won''t be verified in this SSL session > > > > err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE > > > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > > > <html><head> > > > > <title>405 Method Not Allowed</ > > > > title> > > > > </ > > > > head><body> > > > > <h1>Method Not Allowed</ > > > > h1> > > > > <p>The requested method PUT is not allowed for the URL /production/ > > > > certificate_request/server2.fqdn.</ > > > > p> > > > > <hr> > > > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</ > > > > address> > > > > </body></ > > > > html> > > > > > Exiting; failed to retrieve certificate and waitforcert is disabled > > > > root@server2:~# > > > > <---> > > > > > Also, I get a new type of error by mail: > > > > > <---> > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > > > retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE > > > > HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > > > <html><head> > > > > <title>414 Request-URI Too Large</title> > > > > </head><body> > > > > <h1>Request-URI Too Large</h1> > > > > <p>The requested URL''s length exceeds the capacity > > > > limit for this server.<br /> > > > > </p> > > > > <hr> > > > > <address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 > > > > mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</ > > > > address> > > > > </body></html> > > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using > > > > cached catalog > > > > Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not > > > > retrieve catalog; skipping run > > > > > <----> > > > > > I have set the variable: > > > > <---> > > > > PassengerMaxRequests 10000 > > > > <---> > > > > > But I doubt that this impact on this error. > > > > > Again, thank you! > > > > Jimmy > > > > > On 26 juil, 14:33, "ji...@goffaux.fr" <ji...@goffaux.fr> wrote: > > > > > > Passenger is already installed, but was not configured to Puppet. > > > > > I will do the migration and I will return here. > > > > > > Thank you! > > > > > > On 25 juil, 17:21, Peter Meier <peter.me...@immerda.ch> wrote: > > > > > > > > I have about 130 customer puppet. > > > > > > > I left the default time interval. > > > > > > > Are you still running with default webrick on the puppetmaster? (If you > > > > > > didn''t change anything, then yes you are). > > > > > > > If yes, it''s time to scale out and use either a Mongrel or > > > > > > Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger > > > > > > > ~pete > > > > -- > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.