Issue #23094 has been updated by Zackary Deems.
Sorry... this looks to have been related to an old config.ru. I'm still beating my head against this thing, but at the moment it does not appear to be a bug. ---------------------------------------- Bug #23094: Puppet master running under Passenger places new certificate requests in incorrect directory https://projects.puppetlabs.com/issues/23094#change-99694 * Author: Zackary Deems * Status: Unreviewed * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- A new install of puppet 3.3.1, with passenger 4.0.23 - when the puppet master is started standalone, it processes certificate requests normally, placing them in /var/lib/puppet/ssl/ca/requests/. When I shut this down and start up apache + passenger, any agents with signed certificates are handled normally, but new node behaviour changed. With standalone (WEBrick) master, the agent output looked like this: puppet agent --test --verbose Info: Creating a new SSL key for racprd01.lcec.pwr Info: Creating a new SSL certificate request for racprd01.lcec.pwr Info: Certificate Request fingerprint (SHA256): 21:65:A6:13:D9:BA:86:52:AB:71:C4:79:AA:2E:04:5A:10:5D:C5:0B:1A:0D:E7:DB:77:E2:01:AA:5A:11:AF:CA Exiting; no certificate found and waitforcert is disabled When I switched to the Passenger configuration, the output changed, and the request never appeared on the master to be signed: puppet agent --test --verbose Info: Creating a new SSL key for racprd01.lcec.pwr Info: Caching certificate_request for racprd01.lcec.pwr Exiting; no certificate found and waitforcert is disabled After much digging, I found a case where an older version of puppet experienced similar behaviour when switched to nginx + Passenger, and that was attributed to the request being placed in the wrong path when running under Passenger. So I went looking to see if the request was there, and I DID find it, in /var/lib/puppet/.puppet/ssl/ca/requests. When I removed .puppet and replaced it with a symbolix link pointing to /var/lib/puppet, the next attempt was successful. # gem list *** LOCAL GEMS *** daemon_controller (1.1.5) fastthread (1.0.7) json (1.5.5) passenger (4.0.23) rack (1.1.0) rake (0.8.7) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
