Issue #2500 has been updated by Luke Kanies. Subject changed from puppetmaster failes when not running as a ca to puppetmaster should not load certs when not running under webrick Status changed from Needs more information to Accepted Assigned to deleted (Luke Kanies) Target version changed from 0.25.0 to 0.26.0
Ohad Levy wrote: > Luke Kanies wrote: > > I still can't reproduce this. When you say you've disabled access to the > > keys, what do you mean? Have you changed the default permissions or > > something? > > What i did was simply to upgrade an existing 0.24-8 with passenger to RC1. > (and yes, the permissions did not allow the puppet service user to read the > certificates). > > the real question from my side is, why does puppet needs to read the > certificate information at all when used without a CA. > Apache takes care for the SSL stuff, so why would it be required at all? I didn't realize - this is only for use with Passenger? You're right that it shouldn't need access to that information, but I think it will work now based on the changes I just made, and I'd rather not fix the larger issue (that puppetmasterd shouldn't read the certs when running under passenger) this late in the release cycle. I'll rename this ticket and bump it, given that I think it should work now. ---------------------------------------- Bug #2500: puppetmaster should not load certs when not running under webrick http://projects.reductivelabs.com/issues/2500 Author: Ohad Levy Status: Accepted Priority: Normal Assigned to: Category: SSL Target version: 0.26.0 Complexity: Unknown Affected version: 0.25.0rc1 Keywords: when running with puppetca false option, the following is observed on a client: <pre> err: Could not retrieve catalog from remote server: Error 500 on SERVER: Internal Server Error </pre> and on the server: <pre> 1.2.3.4 - - [05/Aug/2009:13:44:02 +0800] "GET /development/certificate_revocation_list/ca HTTP/1.1" 500 9451 "-" "-" Aug 5 13:44:11 hostname puppetd[23354]: Could not retrieve catalog from remote server: Error 500 on SERVER: Internal Server Error </pre> this happens when running the puppetmaster and puppetd on the same machine. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
