I changed the entry: <Proxy balancer://puppetmaster> to this: <Proxy balancer://puppetmaster.domain>
and changed too this two entries ProxyPass / balancer://localhost:8140/ ProxyPassReverse / balancer://localhost:8140/ to these one: ProxyPass / balancer://puppetmaster.domain:8140/ ProxyPassReverse / balancer://puppetmaster.domain:8140/ everything is working now! regards, Israel. On Aug 25, 2:38 pm, ELTigre <[email protected]> wrote: > I'm running puppetmasterd (0.24.8) with apache2 and mongrel on a > debian host. Apache2, mongrel instances and puppetmaster runs in the > same server. My apache2 puppetmaster.conf file is: > > PidFile /var/run/apache2-puppetmaster.pid > > # Include module configuration: > > Include /etc/apache2/mods-enabled/*.load > Include /etc/apache2/mods-enabled/*.conf > > TypesConfig /etc/mime.types > > User www-data > Group www-data > > ErrorLog /var/log/apache2/puppetmaster-error.log > > Listen 8140 > > ProxyRequests Off > > <Proxy balancer://puppetmaster> > BalancerMemberhttp://127.0.0.1:18140 > BalancerMemberhttp://127.0.0.1:18141 > BalancerMemberhttp://127.0.0.1:18142 > BalancerMemberhttp://127.0.0.1:18143 > BalancerMemberhttp://127.0.0.1:18144 > BalancerMemberhttp://127.0.0.1:18145 > BalancerMemberhttp://127.0.0.1:18146 > BalancerMemberhttp://127.0.0.1:18147 > BalancerMemberhttp://127.0.0.1:18148 > BalancerMemberhttp://127.0.0.1:18149 > </Proxy> > > <VirtualHost *:8140> > SSLEngine on > SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA > SSLCertificateFile /var/lib/puppet/ssl/certs/ > vps200.speedyrails.ca.pem > SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ > vps200.speedyrails.ca.pem > SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem > SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem > SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions +StdEnvVars > > RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > <Location /> > SetHandler balancer-manager > Order allow,deny > Allow from all > </Location> > > ProxyPass / balancer://localhost:8140/ > ProxyPassReverse / balancer://localhost:8140/ > ProxyPreserveHost on > # SetEnv force-proxy-request-1.0 1 > # SetEnv proxy-nokeepalive 1 > LogLevel Debug > CustomLog "|/usr/bin/cronolog /var/log/apache2/vps200-access-%Y- > %m-%d.log" combined > ErrorLog "|/usr/bin/cronolog /var/log/apache2/vps200-error-%Y-%m- > %d.log" > > # /etc/init.d/apache2-puppetmaster start (taken > fromhttp://reductivelabs.com/trac/puppet/attachment/wiki/UsingMongrelOnDe...). > > # /etc/init.d/puppetmaster start (taken > fromhttp://reductivelabs.com/trac/puppet/attachment/wiki/UsingMongrelOnDe...). > > My ps axf outoput: > 16815 ? Ss 0:00 /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16817 ? S 0:00 \_ /usr/bin/cronolog /var/log/apache2/ > vps200-error-%Y-%m-%d.log > 16818 ? S 0:00 \_ /usr/bin/cronolog /var/log/apache2/ > vps200-access-%Y-%m-%d.log > 16824 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16825 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16826 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16827 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16828 ? S 0:00 \_ /usr/sbin/apache2 -f /etc/apache2/ > puppetmaster.conf -k start > 16886 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18140 --pidfile=/var/ > 16911 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18141 --pidfile=/var/ > 16936 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18142 --pidfile=/var/ > 16961 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18143 --pidfile=/var/ > 16986 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18144 --pidfile=/var/ > 17011 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18145 --pidfile=/var/ > 17036 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18146 --pidfile=/var/ > 17061 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18147 --pidfile=/var/ > 17086 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18148 --pidfile=/var/ > 17111 ? Ssl 0:00 /usr/local/bin/ruby /usr/sbin/puppetmasterd > --servertype=mongrel --masterport=18149 --pidfile=/var/ > > The problem? > > Any connection from a any puppet client gets an error: > # puppetd -tv > warning: peer certificate won't be verified in this SSL session > err: Could not call puppetca.getcert: #<RuntimeError: HTTP-Error: 500 > Internal Server Error> > err: Could not request certificate: Certificate retrieval failed: HTTP- > Error: 500 Internal Server Error > > So, went to the apache log files and got this: > > [Tue Aug 25 15:27:10 2009] [info] Initial (No.1) HTTPS request > received for child 1 (server puppetmasterd.domain:8140) > [Tue Aug 25 15:27:10 2009] [debug] mod_proxy_balancer.c(46): proxy: > BALANCER: canonicalising URL //localhost:8140/RPC2 > [Tue Aug 25 15:27:10 2009] [debug] proxy_util.c(1507): [client > 67xx.xx.xx] proxy: *: found reverse proxy worker for balancer://localhost/RPC2 > [Tue Aug 25 15:27:10 2009] [debug] mod_proxy.c(966): Running scheme > balancer handler (attempt 0) > [Tue Aug 25 15:27:10 2009] [debug] mod_proxy_http.c(1927): proxy: > HTTP: declining URL balancer://localhost/RPC2 > [Tue Aug 25 15:27:10 2009] [warn] proxy: No protocol handler was valid > for the URL /RPC2. If you are using a DSO version of mod_proxy, make > sure the proxy submodules are included in the configuration using > LoadModule. > [Tue Aug 25 15:27:10 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: > Write: SSL negotiation finished successfully > [Tue Aug 25 15:27:10 2009] [info] [client 67.xx.xx.xx] Connection > closed to child 1 with standard shutdown (server puppetmasterd.domain: > 8140) > > Any ideas? > > regards, > Israel. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
