ankush grover
2012-Jun-08 08:40 UTC
[Puppet Users] Unable to run puppet with apache + passenger
Hi Friends,
I am trying to run puppet with apache on Centos 6.2. 64-bit (with
selinux off) but it seems apache is refusing to read the pem file of
puppet. Below are the errors I am getting in the apache logs.
Puppetmaster is working fine without Apache. The same setup is working
fine with (Puppet + Apache) in another office . What could be the
problem that apache is not able to read the files.
Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
^C
puppet.conf
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not recommended.
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn''t issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile to include the CA cert
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
PassengerMaxRequests 10000
DocumentRoot /etc/puppet/rack/public
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Jo Rhett
2012-Jun-08 16:37 UTC
Re: [Puppet Users] Unable to run puppet with apache + passenger
Check ownership of config.ru. Passenger runs based on the owner of that file. On Jun 8, 2012, at 1:40 AM, ankush grover wrote:> Hi Friends, > > I am trying to run puppet with apache on Centos 6.2. 64-bit (with > selinux off) but it seems apache is refusing to read the pem file of > puppet. Below are the errors I am getting in the apache logs. > Puppetmaster is working fine without Apache. The same setup is working > fine with (Puppet + Apache) in another office . What could be the > problem that apache is not able to read the files. > > > Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > [Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > [Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > [Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > [Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > [Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server > certificate from file > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > [Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error > ^C > > > puppet.conf > > Listen 8140 > <VirtualHost *:8140> > SSLEngine on > SSLProtocol -ALL +SSLv3 +TLSv1 > SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > SSLCertificateKeyFile > /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem > SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem > SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem > # If Apache complains about invalid signatures on the CRL, you can > try disabling > # CRL checking by commenting the next line, but this is not recommended. > # SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem > # Set to require if this puppetmaster doesn''t issue certificates > # to puppet clients. > # NB: this requires SSLCACertificateFile to include the CA cert > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > > # Passenger options that can be set in a virtual host > # configuration block. > PassengerHighPerformance on > PassengerStatThrottleRate 120 > PassengerUseGlobalQueue on > RackAutoDetect Off > RailsAutoDetect Off > RackBaseURI / > PassengerMaxRequests 10000 > DocumentRoot /etc/puppet/rack/public > > > <Directory /etc/puppet/rack/> > Options None > AllowOverride None > Order allow,deny > Allow from all > </Directory> > </VirtualHost> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sans
2012-Jun-08 23:47 UTC
[Puppet Users] Re: Unable to run puppet with apache + passenger
I don''t wanna hijack the thread but I''m also having almost the same issue. For me httpd/passenger starts just fine but puppetmaster doesn''t start until I start it manually using puppetmasterd on the box. These are in the httpd_error log: [Fri Jun 08 19:24:06 2012] [notice] suEXEC mechanism enabled (wrapper:> /usr/sbin/suexec) > [Fri Jun 08 19:24:06 2012] [notice] Digest: generating secret for digest > authentication ... > [Fri Jun 08 19:24:06 2012] [notice] Digest: done > [Fri Jun 08 19:24:07 2012] [notice] Apache/2.2.15 (Unix) DAV/2 > Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- > resuming normal operations >Is it related? Cheers!! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
ankush grover
2012-Jun-12 05:21 UTC
Re: [Puppet Users] Re: Unable to run puppet with apache + passenger
Please check ownership of config.ru and also check whether there is entry for puppet in /etc/hosts file. On Sat, Jun 9, 2012 at 5:17 AM, Sans <r.santanu.das@gmail.com> wrote:> I don''t wanna hijack the thread but I''m also having almost the same issue. > For me httpd/passenger starts just fine but puppetmaster doesn''t start until > I start it manually using puppetmasterd on the box. These are in the > httpd_error log: > > >> [Fri Jun 08 19:24:06 2012] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jun 08 19:24:06 2012] [notice] Digest: generating secret for digest >> authentication ... >> [Fri Jun 08 19:24:06 2012] [notice] Digest: done >> [Fri Jun 08 19:24:07 2012] [notice] Apache/2.2.15 (Unix) DAV/2 >> Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- >> resuming normal operations > > > Is it related? Cheers!! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.