[Puppet Users] Permission denied on new Passenger install
I installed puppet-passenger from Debian apt and most of the configuration files mentioned in my Pro Puppet book were already created and the config.ru script even had the correct owner permissions. I'm saying this so you'll understand that I have chapter 4 of the famous Apress book in front of me while I'm doing this and I have no idea what I've missed. This is the output when puppet agent -oDdv is run. Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderPw: file pw does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderLdap: true value when expecting false Jun 27 08:55:28 node00 puppet-agent[9861]: Failed to load library 'selinux' for feature 'selinux' Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/run/puppet/ agent.pid]) Autorequiring File[/var/run/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_data]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_yaml]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/graphs]) Autorequiring File[/var/lib/puppet/state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ clientbucket]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/last_run_summary.yaml]) Autorequiring File[/var/lib/puppet/ state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/etc/puppet/ puppet.conf]) Autorequiring File[/etc/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction 69835232135480 Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring
Re: [Puppet Users] Permission denied on new Passenger install
I see 2 likely options: 1) You don't have these lines in puppet.conf: #ssl_client_header = HTTP_SSL_CLIENT_S_DN #ssl_client_verify_header = HTTP_SSL_CLIENT_VERIFY and you didn't put the equivelent lines in the apache config files. 2) You put the correct lines in the apache files and the puppet files which doesn't work. Summery: You must change which headers puppet is looking for or what apache names those headers, but NOT both. On Jun 27, 2011, at 12:11 AM, Stefan Midjich wrote: I installed puppet-passenger from Debian apt and most of the configuration files mentioned in my Pro Puppet book were already created and the config.ru script even had the correct owner permissions. I'm saying this so you'll understand that I have chapter 4 of the famous Apress book in front of me while I'm doing this and I have no idea what I've missed. This is the output when puppet agent -oDdv is run. Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderPw: file pw does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderLdap: true value when expecting false Jun 27 08:55:28 node00 puppet-agent[9861]: Failed to load library 'selinux' for feature 'selinux' Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/run/puppet/ agent.pid]) Autorequiring File[/var/run/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_data]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_yaml]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/graphs]) Autorequiring File[/var/lib/puppet/state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ clientbucket]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/last_run_summary.yaml]) Autorequiring File[/var/lib/puppet/ state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/etc/puppet/ puppet.conf]) Autorequiring File[/etc/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction 69835232135480 Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state])
Re: [Puppet Users] Permission denied on new Passenger install
This was in the puppet.conf by default when installed through apt. [user] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY Here's my entire puppet.conf. [master] confdir=/etc/puppet manifestdir=$confdir/manifests logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet autosign=$confdir/autosign.conf factpath=$vardir/lib/facter templatedir=$confdir/templates server = node00.swehack.localdomain hostcsr = $ssldir/csr_node00.swehack.localdomain.pem hostpubkey = $ssldir/public_keys/node00.swehack.localdomain.pem hostcert = $ssldir/certs/node00.swehack.localdomain.pem hostprivkey = $ssldir/private_keys/node00.swehack.localdomain.pem ca_name = node00.swehack.localdomain prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post [user] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY [agent] rundir=/var/run/puppet vardir=/var/lib/puppet statedir = $vardir/state ssldir=/var/lib/puppet/ssl privatekeydir = /var/lib/puppet/ssl/private_keys cadir=$ssldir/ca templatedir = /etc/puppet/templates ignoreschedules = true inventory_port = 8140 ca_port = 8140 statefile = /var/lib/puppet/state/state.yaml classfile = /var/lib/puppet/state/classes.txt report_port = 8140 server = node00.swehack.localdomain lastrunfile = /var/lib/puppet/state/last_run_summary.yaml pidfile = $rundir/agent.pid config = /etc/puppet/puppet.conf puppetdlog = /var/log/puppet/puppetd.log daemonize = false hostcert = /etc/puppet/ssl/certs/node00.swehack.localdomain.pem hostcsr = /etc/puppet/ssl/csr_node00.swehack.localdomain.pem hostprivkey = /etc/puppet/ssl/private_keys/node00.swehack.localdomain.pem hostpubkey = /etc/puppet/ssl/public_keys/node00.swehack.localdomain.pem I do not have those options set in the apache vhost. I have a working configuration at work that I've taken over, hence my limited knowledge in it, and this configuration also sets the SSL options you speak of in puppet.conf instead of the vhost. Here's my vhost just for good measure, this is a closed network for testing anyways so I have nothing to hide. :) # Based on http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger Listen 8140 VirtualHost *:8140 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/node00.swehack.localdomain.pem SSLCertificateFile /var/lib/puppet/ssl/certs/node00.swehack.localdomain.pem SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. #SSLCARevocationFile /var/lib/puppet/ssl/crl.pem # Set to require if this puppetmaster doesn't issue certificates # to puppet clients. # NB: this requires SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem # issuing puppet client certificate. SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # This is useful for Pound proxying #RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e #RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e #RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e # Passenger options that can be set in a virtual host # configuration block. PassengerMaxPoolSize 15 PassengerUseGlobalQueue on PassengerMaxRequests 1 PassengerHighPerformance on PassengerStatThrottleRate 120 PassengerUseGlobalQueue on RackAutoDetect Off RailsAutoDetect Off RackBaseURI / DocumentRoot /usr/share/puppet/rack/puppetmasterd/public Directory /usr/share/puppet/rack/puppetmasterd/ Options None AllowOverride None Order allow,deny allow from all /Directory /VirtualHost And in the /usr/share/puppet/rack/puppetmasterd directory is where the config.ru script is. 2011/6/27 Patrick kc7...@gmail.com: I see 2 likely options: 1) You don't have these lines in puppet.conf: #ssl_client_header =