I'm running puppetmasterd (0.24.8) with apache2 and mongrel on a
debian host. Apache2, mongrel instances and puppetmaster runs in the
same server. My apache2 puppetmaster.conf file is:
PidFile /var/run/apache2-puppetmaster.pid
# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
TypesConfig /etc/mime.types
User www-data
Group www-data
ErrorLog /var/log/apache2/puppetmaster-error.log
Listen 8140
ProxyRequests Off
<Proxy balancer://puppetmaster>
BalancerMember http://127.0.0.1:18140
BalancerMember http://127.0.0.1:18141
BalancerMember http://127.0.0.1:18142
BalancerMember http://127.0.0.1:18143
BalancerMember http://127.0.0.1:18144
BalancerMember http://127.0.0.1:18145
BalancerMember http://127.0.0.1:18146
BalancerMember http://127.0.0.1:18147
BalancerMember http://127.0.0.1:18148
BalancerMember http://127.0.0.1:18149
</Proxy>
<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /var/lib/puppet/ssl/certs/
vps200.speedyrails.ca.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
vps200.speedyrails.ca.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
<Location />
SetHandler balancer-manager
Order allow,deny
Allow from all
</Location>
ProxyPass / balancer://localhost:8140/
ProxyPassReverse / balancer://localhost:8140/
ProxyPreserveHost on
# SetEnv force-proxy-request-1.0 1
# SetEnv proxy-nokeepalive 1
LogLevel Debug
CustomLog "|/usr/bin/cronolog /var/log/apache2/vps200-access-%Y-
%m-%d.log" combined
ErrorLog "|/usr/bin/cronolog /var/log/apache2/vps200-error-%Y-%m-
%d.log"
# /etc/init.d/apache2-puppetmaster start (taken from
http://reductivelabs.com/trac/puppet/attachment/wiki/UsingMongrelOnDebian/apache2-puppetmaster).
# /etc/init.d/puppetmaster start (taken from
http://reductivelabs.com/trac/puppet/attachment/wiki/UsingMongrelOnDebian/puppetmaster.conf).
My ps axf outoput:
16815 ? Ss 0:00 /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16817 ? S 0:00 \_ /usr/bin/cronolog /var/log/apache2/
vps200-error-%Y-%m-%d.log
16818 ? S 0:00 \_ /usr/bin/cronolog /var/log/apache2/
vps200-access-%Y-%m-%d.log
16824 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16825 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16826 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16827 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16828 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/
puppetmaster.conf -k start
16886 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18140 --pidfile=/var/
16911 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18141 --pidfile=/var/
16936 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18142 --pidfile=/var/
16961 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18143 --pidfile=/var/
16986 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18144 --pidfile=/var/
17011 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18145 --pidfile=/var/
17036 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18146 --pidfile=/var/
17061 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18147 --pidfile=/var/
17086 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18148 --pidfile=/var/
17111 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd
--servertype=mongrel --masterport=18149 --pidfile=/var/
The problem?
Any connection from a any puppet client gets an error:
# puppetd -tv
warning: peer certificate won't be verified in this SSL session
err: Could not call puppetca.getcert: #<RuntimeError: HTTP-Error: 500
Internal Server Error>
err: Could not request certificate: Certificate retrieval failed: HTTP-
Error: 500 Internal Server Error
So, went to the apache log files and got this:
[Tue Aug 25 15:27:10 2009] [info] Initial (No.1) HTTPS request
received for child 1 (server puppetmasterd.domain:8140)
[Tue Aug 25 15:27:10 2009] [debug] mod_proxy_balancer.c(46): proxy:
BALANCER: canonicalising URL //localhost:8140/RPC2
[Tue Aug 25 15:27:10 2009] [debug] proxy_util.c(1507): [client
67xx.xx.xx] proxy: *: found reverse proxy worker for balancer://localhost/RPC2
[Tue Aug 25 15:27:10 2009] [debug] mod_proxy.c(966): Running scheme
balancer handler (attempt 0)
[Tue Aug 25 15:27:10 2009] [debug] mod_proxy_http.c(1927): proxy:
HTTP: declining URL balancer://localhost/RPC2
[Tue Aug 25 15:27:10 2009] [warn] proxy: No protocol handler was valid
for the URL /RPC2. If you are using a DSO version of mod_proxy, make
sure the proxy submodules are included in the configuration using
LoadModule.
[Tue Aug 25 15:27:10 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL:
Write: SSL negotiation finished successfully
[Tue Aug 25 15:27:10 2009] [info] [client 67.xx.xx.xx] Connection
closed to child 1 with standard shutdown (server puppetmasterd.domain:
8140)
Any ideas?
regards,
Israel.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
