Hi, all. I'm having a problem that I'm virtually certain is a perms
issue, but I can't figure out where it's going wrong.
The puppetmaster server is a CentOS6 x64 minimal install.
Puppet was installed from the epel-testing repository (2.6.6-1) and an
updated SELinux policy loaded to allow it to run. Apache was
installed the standard way (yum install httpd mod_ssl).
Passenger was installed from the stealthymonkeys repository (3.0.8-2).
I've been following the instructions in Chapter 5 in Pro Puppet, but
when I configure /etc/httpd/conf.d/puppetmaster.conf and provide the
correct paths to the certificate files, then try to start the httpd
service, I get this:
# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: Syntax error on line 22 of /etc/httpd/conf.d/
puppetmaster.conf:
SSLCertificateFile: file '/var/lib/puppet/ssl/certs/
puppet.tst.mydomain.pem' does not exist or is empty
[FAILED]
/var/lib/puppet/ssl/certs/puppet.tst.mydomain.com.pem most certainly
does exist, however:
[root@brllx097 ~]# ls -la /var/lib/puppet/ssl/certs/
puppet.tst.mydomain.com.pem
-rw-r-----. 1 puppet root 912 Sep 2 11:40 /var/lib/puppet/ssl/certs/
puppet.tst.mydomain.com.pem
So this is probably a perms issue, but I don't know why. Apache
starts up as root, which has read access to the file, and the cert's
owned by the puppet user. I don't have to set my other certificates
as owned by the apache user for httpd to load them properly.
In this config, puppetmasterd starts up and runs fine by itself, so
it's an Apache/passenger problem.
Any ideas what I'm doing wrong?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
