I recently moved from manually configured Puppetmaster under passenger to
fully managed using theforeman/puppet module. Now I am experiencing
constant crashes (every few minutes) of the passenger process that runs the
puppetmaster.
Host is CentOS 6.5 running Puppet 3.4.3.
This is the entry I see in /var/log/httpd/puppet_error_ssl.log:
[Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of
script headers: production
This is the entry I see in /var/log/httpd/error_log
/usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark():
unknown data type 0x20(0x2e6b230) non object
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
[ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841
time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did
not send a valid HTTP response; instead, it sent nothing at all. It is
possible that it has crashed; please check whe.
/etc/httpd/conf.d/passenger.conf:
LoadModule passenger_module modules/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/rubygem-passenger
</IfModule>
/etc/httpd/conf.d/25-puppet.conf
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:8140>
ServerName puppet
## Vhost docroot
DocumentRoot "/etc/puppet/rack/public/"
## Directories, there should at least be a declaration for
/etc/puppet/rack/public/
<Directory "/etc/puppet/rack/public/">
AllowOverride None
Order allow,deny
Allow from all
PassengerEnabled On
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/puppet_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/puppet_access_ssl.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.<DOMAIN>.pem"
SSLCertificateKeyFile
"/var/lib/puppet/ssl/private_keys/puppet.<DOMAIN>.pem"
SSLCertificateChainFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCARevocationFile "/var/lib/puppet/ssl/ca/ca_crl.pem"
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
## Request header rules
## as per
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
## Custom fragment
</VirtualHost>
Any suggestions or means to work around this issue?
Thanks
- Trey
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/570ab513-d4e3-4c42-9481-c53ac49e2845%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
