[Puppet Users] Permission denied on new Passenger install

Mon, 27 Jun 2011 00:18:29 -0700 

I installed puppet-passenger from Debian apt and most of the
configuration files mentioned in my Pro Puppet book were already
created and the config.ru script even had the correct owner
permissions. I'm saying this so you'll understand that I have chapter
4 of the famous Apress book in front of me while I'm doing this and I
have no idea what I've missed.

This is the output when puppet agent -oDdv is run.

    Jun 27 08:55:28 node00 puppet-agent[9861]:
Puppet::Type::User::ProviderPw: file pw does not exist
    Jun 27 08:55:28 node00 puppet-agent[9861]:
Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
    Jun 27 08:55:28 node00 puppet-agent[9861]:
Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
    Jun 27 08:55:28 node00 puppet-agent[9861]:
Puppet::Type::User::ProviderLdap: true value when expecting false
    Jun 27 08:55:28 node00 puppet-agent[9861]: Failed to load library
'selinux' for feature 'selinux'
    Jun 27 08:55:28 node00 puppet-agent[9861]:
Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
log]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/run/puppet/
agent.pid]) Autorequiring File[/var/run/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
client_data]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
client_yaml]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
state]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certs]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
state/graphs]) Autorequiring File[/var/lib/puppet/state]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
clientbucket]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
state/last_run_summary.yaml]) Autorequiring File[/var/lib/puppet/
state]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/private]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
facts]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
lib]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/etc/puppet/
puppet.conf]) Autorequiring File[/etc/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction
69835232135480
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certs]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
log]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
lib]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
facts]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
state]) Autorequiring File[/var/lib/puppet]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/private]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/
ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl]
    Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction
69835233959160
    Jun 27 08:55:28 node00 puppet-agent[9861]: Using cached
certificate for ca
    Jun 27 08:55:28 node00 puppet-agent[9861]: Using cached
certificate for node00.swehack.localdomain
    Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction
69835232882020
    Jun 27 08:55:28 node00 puppet-agent[9861]: catalog supports
formats: b64_zlib_yaml dot marshal pson raw yaml; using pson
    Jun 27 08:55:29 node00 puppet-master[9939]: Starting Puppet master
version 2.6.8
    Jun 27 08:55:29 node00 puppet-master[9939]: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
site.pp on node node00.swehack.localdomain
    Jun 27 08:55:29 node00 puppet-master[9939]: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
site.pp on node node00.swehack.localdomain
    Jun 27 08:55:29 node00 puppet-agent[9861]: Could not retrieve
catalog from remote server: Error 400 on SERVER: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
site.pp on node node00.swehack.localdomain
    Jun 27 08:55:29 node00 puppet-agent[9861]: Not using cache on
failed catalog
    Jun 27 08:55:29 node00 puppet-agent[9861]: Could not retrieve
catalog; skipping run

Permissions on /etc/puppet/manifests is 0644 recursively. Just to be
on the safe side, even puppet configuration in /etc/puppet is readable
by world.

The above output comes after disabling auth in auth.conf by putting
auth no under the /catalog regex. If I re-enable auth I get this
output.

    Jun 27 09:03:30 node00 puppet-agent[9968]: (/File[/var/lib/puppet/
state]) Autorequiring File[/var/lib/puppet]
    Jun 27 09:03:30 node00 puppet-agent[9968]: Finishing transaction
70017548799140
    Jun 27 09:03:30 node00 puppet-agent[9968]: Using cached
certificate for ca
    Jun 27 09:03:30 node00 puppet-agent[9968]: Using cached
certificate for node00.swehack.localdomain
    Jun 27 09:03:30 node00 puppet-agent[9968]: Finishing transaction
70017547722900
    Jun 27 09:03:30 node00 puppet-agent[9968]: catalog supports
formats: b64_zlib_yaml dot marshal pson raw yaml; using pson
    Jun 27 09:03:30 node00 puppet-master[9939]: Mon Jun 27 09:03:26
+0200 2011 vs Mon Jun 27 08:29:42 +0200 2011
    Jun 27 09:03:30 node00 puppet-master[9939]: Denying access:
Forbidden request: node00.swehack.localdomain(172.16.248.136) access
to /catalog/node00.swehack.localdomain [find] at line 93
    Jun 27 09:03:30 node00 puppet-master[9939]: Forbidden request:
node00.swehack.localdomain(172.16.248.136) access to /catalog/
node00.swehack.localdomain [find] at line 93
    Jun 27 09:03:30 node00 puppet-agent[9968]: Could not retrieve
catalog from remote server: Error 403 on SERVER: Forbidden request:
node00.swehack.localdomain(172.16.248.136) access to /catalog/
node00.swehack.localdomain [find] at line 93
    Jun 27 09:03:30 node00 puppet-agent[9968]: Not using cache on
failed catalog
    Jun 27 09:03:30 node00 puppet-agent[9968]: Could not retrieve
catalog; skipping run

Line 93? Where?!

My auth.conf is also pretty standard but here's the block regarding /
catalog.

    # allow nodes to retrieve their own catalog (ie their
configuration)
    path ~ ^/catalog/([^/]+)$
    method find
    allow $1

I've also tried without the $ end of line character because I noticed
in the apache access log that the GET request actually has more stuff
at the end of the hostname.

"GET /production/catalog/node00.swehack.localdomain?facts=eNqFVlm..."

I've made sure to let puppetmaster create the certificates and all, I
really don't get any certificate issues and I know how to re-create
them in the worst case.

The only thing that would differ here from a plain old vanilla Debian
with passenger installed through apt would be that I changed the
hostname of the machine after the installation and after the first
certificates were created. I felt it was important to mention this
because that means I have in fact re-created all the certs at least
once.

I've also grep'd for the old hostname to make sure it's not dormant
somewhere causing issues but I can't find it. Except for in the
inventory.txt file but I deleted those old lines just to be on the
safe side.

I found a thread dealing with this, replied to it because I was
confused as to what the solution was. The thread in question mentioned
that http://groups.google.com/group/puppet-dev/msg/b15e1c93bbc70fdb
held the answer somehow.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to