Issue #23094 has been reported by Zackary Deems. ---------------------------------------- Bug #23094: Puppet master running under Passenger places new certificate requests in incorrect directory https://projects.puppetlabs.com/issues/23094
* Author: Zackary Deems * Status: Unreviewed * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- A new install of puppet 3.3.1, with passenger 4.0.23 - when the puppet master is started standalone, it processes certificate requests normally, placing them in /var/lib/puppet/ssl/ca/requests/. When I shut this down and start up apache + passenger, any agents with signed certificates are handled normally, but new node behaviour changed. With standalone (WEBrick) master, the agent output looked like this: puppet agent --test --verbose Info: Creating a new SSL key for racprd01.lcec.pwr Info: Creating a new SSL certificate request for racprd01.lcec.pwr Info: Certificate Request fingerprint (SHA256): 21:65:A6:13:D9:BA:86:52:AB:71:C4:79:AA:2E:04:5A:10:5D:C5:0B:1A:0D:E7:DB:77:E2:01:AA:5A:11:AF:CA Exiting; no certificate found and waitforcert is disabled When I switched to the Passenger configuration, the output changed, and the request never appeared on the master to be signed: puppet agent --test --verbose Info: Creating a new SSL key for racprd01.lcec.pwr Info: Caching certificate_request for racprd01.lcec.pwr Exiting; no certificate found and waitforcert is disabled After much digging, I found a case where an older version of puppet experienced similar behaviour when switched to nginx + Passenger, and that was attributed to the request being placed in the wrong path when running under Passenger. So I went looking to see if the request was there, and I DID find it, in /var/lib/puppet/.puppet/ssl/ca/requests. When I removed .puppet and replaced it with a symbolix link pointing to /var/lib/puppet, the next attempt was successful. # gem list *** LOCAL GEMS *** daemon_controller (1.1.5) fastthread (1.0.7) json (1.5.5) passenger (4.0.23) rack (1.1.0) rake (0.8.7) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
