Anadi Misra
2012-Dec-06 10:17 UTC
[Puppet Users] pasenger does not start puppet master under nginx
On the server [root@bangvmpllDA02 logs]# ruby -v ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [root@bangvmpllDA02 logs]# puppet --version 3.0.1 and [root@bangvmpllDA02 logs]# service nginx configtest nginx: the configuration file /apps/nginx/nginx.conf syntax is ok nginx: configuration file /apps/nginx/nginx.conf test is successful [root@bangvmpllDA02 logs]# service nginx status nginx (pid 25923 25921 25920 25917 25908) is running... [root@bangvmpllDA02 logs]# however none of my agents are able to connect to the master, they all fail with errors like so [amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server bangvmpllda02.XXXXX.com Info: Creating a new SSL certificate request for blramisr195602.XXXXX.com Info: Certificate Request fingerprint (SHA256): 26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41 Error: Could not request certificate: Error 405 on SERVER: <html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx</center> </body> </html> Exiting; failed to retrieve certificate and waitforcert is disabled when I check logs on puppet master [root@bangvmpllDA02 logs]# tail puppet_access.log [05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" 404 162 "-" "Ruby" [05/Dec/2012:18:32:23 +0530] "PUT /production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" [05/Dec/2012:18:33:33 +0530] "GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" [05/Dec/2012:18:33:33 +0530] "GET /production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" [05/Dec/2012:18:33:33 +0530] "PUT /production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" and the error logs show that nginx is not really able to process the request well 2012/12/05 18:33:33 [error] 25920#0: *23 open() "/etc/puppet/rack/public/production/certificate/sl63anadi.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.26, server: , request: "GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" 2012/12/05 18:33:33 [error] 25920#0: *24 open() "/etc/puppet/rack/public/production/certificate_request/sl63anadi.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.26, server: , request: "GET /production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" 2012/12/05 18:47:56 [error] 25923#0: *27 open() "/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file or directory), client: 10.209.47.31, server: , request: "GET /production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" 2012/12/05 18:47:56 [error] 25923#0: *28 open() "/etc/puppet/rack/public/production/certificate_request/blramisr195602.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.31, server: , request: "GET /production/certificate_request/blramisr195602.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" Passenger does not show any application groups either [root@bangvmpllDA02 nginx]# passenger-status ----------- General information ----------- max = 15 count = 0 active = 0 inactive = 0 Waiting on global queue: 0 ----------- Application groups ----------- [root@bangvmpllDA02 nginx]# here''s my nginx configuration user puppet; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; error_log logs/error.log info; #pid logs/nginx.pid; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main ''$remote_addr - $remote_user [$time_local] "$request" '' ''$status $body_bytes_sent "$http_referer" '' ''"$http_user_agent" "$http_x_forwarded_for"''; access_log logs/access.log main; sendfile on; #tcp_nopush on; server_tokens off; #keepalive_timeout 0; keepalive_timeout 120; gzip on; gzip_http_version 1.1; gzip_disable "msie6"; gzip_vary on; gzip_min_length 1100; gzip_buffers 64 8k; gzip_comp_level 3; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml; server { listen 80; server_name bangvmpllda02.XXXXXX.com; charset utf-8; #access_log logs/http.access.log main; location / { root html; index index.html index.htm index.php; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { root html; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache''s document root # concurs with nginx''s one # location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { access_log off; log_not_found off; expires 2d; } } # Passenger needed for puppet passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18; passenger_ruby /usr/bin/ruby; passenger_max_pool_size 15; server { ssl on; listen 8140 default ssl; server_name bangvmpllda02.XXXXX.com; passenger_enabled on; passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /etc/puppet/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } } and the puppet.conf [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = /var/run/puppet dns_alt_names = devops.XXXXX.com,devops confdir = /etc/puppet vardir = /var/lib/puppet storeconfigs = true storeconfigs_backend = puppetdb thin_storeconfigs = false async_storeconfigs = false ssl_client_header = SSL_CLIENT_S_D ssl_client_verify_header = SSL_CLIENT_VERIFY # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl any ideas where am I going wrong? I checkthe directory permissions; /usr/share/puppet, /etc/puppet and /var/lib/puppet (and files inside them) are owned by puppet user. I also disabled selinux to ensure there is not problem on that front, but no luck I keep getting the 405 responses from puppt master. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-rBZV_cMRU8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Craig White
2012-Dec-06 17:41 UTC
Re: [Puppet Users] pasenger does not start puppet master under nginx
On Dec 6, 2012, at 3:17 AM, Anadi Misra wrote:> On the server > > [root@bangvmpllDA02 logs]# ruby -v > ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] > > [root@bangvmpllDA02 logs]# puppet --version > 3.0.1 > > and > > [root@bangvmpllDA02 logs]# service nginx configtest > nginx: the configuration file /apps/nginx/nginx.conf syntax is ok > nginx: configuration file /apps/nginx/nginx.conf test is successful > > [root@bangvmpllDA02 logs]# service nginx status > nginx (pid 25923 25921 25920 25917 25908) is running... > [root@bangvmpllDA02 logs]# > > however none of my agents are able to connect to the master, they all fail with errors like so > > [amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server bangvmpllda02.XXXXX.com > Info: Creating a new SSL certificate request for blramisr195602.XXXXX.com > Info: Certificate Request fingerprint (SHA256): 26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41 > Error: Could not request certificate: Error 405 on SERVER: <html> > <head><title>405 Not Allowed</title></head> > <body bgcolor="white"> > <center><h1>405 Not Allowed</h1></center> > <hr><center>nginx</center> > </body> > </html> > > Exiting; failed to retrieve certificate and waitforcert is disabled > > when I check logs on puppet master > > [root@bangvmpllDA02 logs]# tail puppet_access.log > [05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" 404 162 "-" "Ruby" > [05/Dec/2012:18:32:23 +0530] "PUT /production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" > [05/Dec/2012:18:33:33 +0530] "GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" > [05/Dec/2012:18:33:33 +0530] "GET /production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" > [05/Dec/2012:18:33:33 +0530] "PUT /production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" > > and the error logs show that nginx is not really able to process the request well > > 2012/12/05 18:33:33 [error] 25920#0: *23 open() "/etc/puppet/rack/public/production/certificate/sl63anadi.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.26, server: , request: "GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > 2012/12/05 18:33:33 [error] 25920#0: *24 open() "/etc/puppet/rack/public/production/certificate_request/sl63anadi.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.26, server: , request: "GET /production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > 2012/12/05 18:47:56 [error] 25923#0: *27 open() "/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file or directory), client: 10.209.47.31, server: , request: "GET /production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > 2012/12/05 18:47:56 [error] 25923#0: *28 open() "/etc/puppet/rack/public/production/certificate_request/blramisr195602.XXXXX.com" failed (2: No such file or directory), client: 10.209.47.31, server: , request: "GET /production/certificate_request/blramisr195602.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > > Passenger does not show any application groups either > > [root@bangvmpllDA02 nginx]# passenger-status > ----------- General information ----------- > max = 15 > count = 0 > active = 0 > inactive = 0 > Waiting on global queue: 0 > > ----------- Application groups ----------- > [root@bangvmpllDA02 nginx]# > > here''s my nginx configuration > > user puppet; > worker_processes 4; > > #error_log logs/error.log; > #error_log logs/error.log notice; > error_log logs/error.log info; > > #pid logs/nginx.pid; > > > events { > use epoll; > worker_connections 1024; > } > > > http { > include mime.types; > default_type application/octet-stream; > > log_format main ''$remote_addr - $remote_user [$time_local] "$request" '' > ''$status $body_bytes_sent "$http_referer" '' > ''"$http_user_agent" "$http_x_forwarded_for"''; > > access_log logs/access.log main; > > sendfile on; > #tcp_nopush on; > server_tokens off; > #keepalive_timeout 0; > keepalive_timeout 120; > > gzip on; > gzip_http_version 1.1; > gzip_disable "msie6"; > gzip_vary on; > gzip_min_length 1100; > gzip_buffers 64 8k; > gzip_comp_level 3; > gzip_proxied any; > gzip_types text/plain text/css application/x-javascript text/xml application/xml; > > server { > listen 80; > server_name bangvmpllda02.XXXXXX.com; > > charset utf-8; > > #access_log logs/http.access.log main; > > location / { > root html; > index index.html index.htm index.php; > } > > #error_page 404 /404.html; > > # redirect server error pages to the static page /50x.html > # > error_page 500 502 503 504 /50x.html; > location = /50x.html { > root html; > } > > # proxy the PHP scripts to Apache listening on 127.0.0.1:80 > # > #location ~ \.php$ { > # proxy_pass http://127.0.0.1; > #} > > # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 > # > location ~ \.php$ { > root html; > fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > include fastcgi_params; > } > > # deny access to .htaccess files, if Apache''s document root > # concurs with nginx''s one > # > location ~ /\.ht { > access_log off; > log_not_found off; > deny all; > } > > location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { > access_log off; > log_not_found off; > expires 2d; > } > } > > # Passenger needed for puppet > passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18; > passenger_ruby /usr/bin/ruby; > passenger_max_pool_size 15; > > server { > ssl on; > listen 8140 default ssl; > server_name bangvmpllda02.XXXXX.com; > passenger_enabled on; > passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; > passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; > passenger_min_instances 5; > > access_log logs/puppet_access.log; > error_log logs/puppet_error.log; > > root /etc/puppet/rack/public; > > ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; > ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; > ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; > ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; > ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; > ssl_prefer_server_ciphers on; > ssl_verify_client optional; > ssl_verify_depth 1; > ssl_session_cache shared:SSL:128m; > ssl_session_timeout 5m; > } > } > > and the puppet.conf > > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > dns_alt_names = devops.XXXXX.com,devops > confdir = /etc/puppet > vardir = /var/lib/puppet > storeconfigs = true > storeconfigs_backend = puppetdb > thin_storeconfigs = false > async_storeconfigs = false > ssl_client_header = SSL_CLIENT_S_D > ssl_client_verify_header = SSL_CLIENT_VERIFY > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > any ideas where am I going wrong? I checkthe directory permissions; /usr/share/puppet, /etc/puppet and /var/lib/puppet (and files inside them) are owned by puppet user. I also disabled selinux to ensure there is not problem on that front, but no luck I keep getting the 405 responses from puppt master.---- don''t know that this is significant to your issue but I useā¦ ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem; ssl_crl /etc/puppet/ssl/ca/ca_crl.pem; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!kEDH:+EXP:-SSLv2; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache builtin:1000 shared:SSL:10m; Aside from the fact that my certs are stored in /etc/puppet/ssl and yours are stored in /var/lib/puppet/ssl (which really shouldn''t matter), I also different ssl_protocols - specifically don''t use SSLv2 (broken) and use ca_crt.pem instead of ca.pem for the ssl_client_certificate and an entirely different set of ssl_ciphers. Perhaps this will help Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Anadi Misra
2012-Dec-10 13:22 UTC
[Puppet Users] Re: pasenger does not start puppet master under nginx
The problem was I had misplaced config.ru inside public directory while it should have been in rack directory. BR/ Anadi Misra On Thursday, 6 December 2012 15:47:42 UTC+5:30, Anadi Misra wrote:> > On the server > > [root@bangvmpllDA02 logs]# ruby -v > ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] > > [root@bangvmpllDA02 logs]# puppet --version > 3.0.1 > > and > > [root@bangvmpllDA02 logs]# service nginx configtest > nginx: the configuration file /apps/nginx/nginx.conf syntax is ok > nginx: configuration file /apps/nginx/nginx.conf test is successful > > [root@bangvmpllDA02 logs]# service nginx status > nginx (pid 25923 25921 25920 25917 25908) is running... > [root@bangvmpllDA02 logs]# > > however none of my agents are able to connect to the master, they all fail > with errors like so > > [amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server > bangvmpllda02.XXXXX.com > Info: Creating a new SSL certificate request for blramisr195602.XXXXX.com > Info: Certificate Request fingerprint (SHA256): > 26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41 > Error: Could not request certificate: Error 405 on SERVER: <html> > <head><title>405 Not Allowed</title></head> > <body bgcolor="white"> > <center><h1>405 Not Allowed</h1></center> > <hr><center>nginx</center> > </body> > </html> > > Exiting; failed to retrieve certificate and waitforcert is disabled > > when I check logs on puppet master > > [root@bangvmpllDA02 logs]# tail puppet_access.log > [05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" > 404 162 "-" "Ruby" > [05/Dec/2012:18:32:23 +0530] "PUT /production/certificate_request/ > sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" > [05/Dec/2012:18:33:33 +0530] "GET /production/certificate/ > sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" > [05/Dec/2012:18:33:33 +0530] "GET /production/certificate_request/ > sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-" > [05/Dec/2012:18:33:33 +0530] "PUT /production/certificate_request/ > sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-" "-" > > and the error logs show that nginx is not really able to process the > request well > > 2012/12/05 18:33:33 [error] 25920#0: *23 open() > "/etc/puppet/rack/public/production/certificate/sl63anadi.XXXXX.com" > failed (2: No such file or directory), client: 10.209.47.26, server: , > request: "GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1", > host: "bangvmpllda02.XXXXX.com:8140" > 2012/12/05 18:33:33 [error] 25920#0: *24 open() > "/etc/puppet/rack/public/production/certificate_request/ > sl63anadi.XXXXX.com" failed (2: No such file or directory), client: > 10.209.47.26, server: , request: "GET /production/certificate_request/ > sl63anadi.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > 2012/12/05 18:47:56 [error] 25923#0: *27 open() > "/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file > or directory), client: 10.209.47.31, server: , request: "GET > /production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140 > " > 2012/12/05 18:47:56 [error] 25923#0: *28 open() > "/etc/puppet/rack/public/production/certificate_request/ > blramisr195602.XXXXX.com" failed (2: No such file or directory), client: > 10.209.47.31, server: , request: "GET /production/certificate_request/ > blramisr195602.XXXXX.com? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140" > > Passenger does not show any application groups either > > [root@bangvmpllDA02 nginx]# passenger-status > ----------- General information ----------- > max = 15 > count = 0 > active = 0 > inactive = 0 > Waiting on global queue: 0 > > ----------- Application groups ----------- > [root@bangvmpllDA02 nginx]# > > here''s my nginx configuration > > user puppet; > worker_processes 4; > > #error_log logs/error.log; > #error_log logs/error.log notice; > error_log logs/error.log info; > > #pid logs/nginx.pid; > > > events { > use epoll; > worker_connections 1024; > } > > > http { > include mime.types; > default_type application/octet-stream; > > log_format main ''$remote_addr - $remote_user [$time_local] > "$request" '' > ''$status $body_bytes_sent "$http_referer" '' > ''"$http_user_agent" "$http_x_forwarded_for"''; > > access_log logs/access.log main; > > sendfile on; > #tcp_nopush on; > server_tokens off; > #keepalive_timeout 0; > keepalive_timeout 120; > > gzip on; > gzip_http_version 1.1; > gzip_disable "msie6"; > gzip_vary on; > gzip_min_length 1100; > gzip_buffers 64 8k; > gzip_comp_level 3; > gzip_proxied any; > gzip_types text/plain text/css application/x-javascript text/xml > application/xml; > > server { > listen 80; > server_name bangvmpllda02.XXXXXX.com; > > charset utf-8; > > #access_log logs/http.access.log main; > > location / { > root html; > index index.html index.htm index.php; > } > > #error_page 404 /404.html; > > # redirect server error pages to the static page /50x.html > # > error_page 500 502 503 504 /50x.html; > location = /50x.html { > root html; > } > > # proxy the PHP scripts to Apache listening on 127.0.0.1:80 > # > #location ~ \.php$ { > # proxy_pass http://127.0.0.1; > #} > > # pass the PHP scripts to FastCGI server listening on > 127.0.0.1:9000 > # > location ~ \.php$ { > root html; > fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > include fastcgi_params; > } > > # deny access to .htaccess files, if Apache''s document root > # concurs with nginx''s one > # > location ~ /\.ht { > access_log off; > log_not_found off; > deny all; > } > > location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { > access_log off; > log_not_found off; > expires 2d; > } > } > > # Passenger needed for puppet > passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18; > passenger_ruby /usr/bin/ruby; > passenger_max_pool_size 15; > > server { > ssl on; > listen 8140 default ssl; > server_name bangvmpllda02.XXXXX.com; > passenger_enabled on; > passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; > passenger_set_cgi_param HTTP_X_CLIENT_VERIFY > $ssl_client_verify; > passenger_min_instances 5; > > access_log logs/puppet_access.log; > error_log logs/puppet_error.log; > > root /etc/puppet/rack/public; > > ssl_certificate > /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; > ssl_certificate_key > /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; > ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; > ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; > ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; > ssl_prefer_server_ciphers on; > ssl_verify_client optional; > ssl_verify_depth 1; > ssl_session_cache shared:SSL:128m; > ssl_session_timeout 5m; > } > } > > and the puppet.conf > > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > dns_alt_names = devops.XXXXX.com,devops > confdir = /etc/puppet > vardir = /var/lib/puppet > storeconfigs = true > storeconfigs_backend = puppetdb > thin_storeconfigs = false > async_storeconfigs = false > ssl_client_header = SSL_CLIENT_S_D > ssl_client_verify_header = SSL_CLIENT_VERIFY > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > any ideas where am I going wrong? I checkthe directory permissions; > /usr/share/puppet, /etc/puppet and /var/lib/puppet (and files inside them) > are owned by puppet user. I also disabled selinux to ensure there is not > problem on that front, but no luck I keep getting the 405 responses from > puppt master. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-izBQZHsjfkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Apparently Analagous Threads
- puppet master REST API returns 403 when running under passenger works when running from command line
- Puppetmaster setup with separate CA server configuration help
- Could not request certificate: Error 405 on SERVER
- Debugging Puppetmaster with Apache/Rack/Passenger
- Puppet 3.0: Not authorized to call find on /file_metadata, more issues?