Hi Felix,
Thanks for getting back to me! And yes, you are correct. Puppet/Foreman is
running through apache/passenger.
And here's the vhost configurations. There's two of them, one for ssl and
one for non ssl. Non ssl is first:
#
************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:80>
ServerName puppet.example.com
## Vhost docroot
DocumentRoot "/usr/share/foreman/public"
## Directories, there should at least be a declaration for
/usr/share/foreman/publ
<Directory "/usr/share/foreman/public">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/foreman_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/foreman_access.log" combined
## Server aliases
ServerAlias foreman
## Custom fragment
PassengerAppRoot /usr/share/foreman
PassengerRuby /usr/bin/ruby193-ruby
PassengerMinInstances 1
PassengerStartTimeout 600
AddDefaultCharset UTF-8
# Static public dir serving
<Directory /usr/share/foreman/public>
<IfVersion < 2.4>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/foreman/public/assets>
# Use standard http expire header for assets instead of ETag
<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
# Return compressed assets if they are precompiled
<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch \.css\.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.js\.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>
</Directory>
<IfVersion < 2.4>
Include /etc/httpd/conf.d/05-foreman.d/*.conf
</IfVersion>
<IfVersion >= 2.4>
IncludeOptional /etc/httpd/conf.d/05-foreman.d/*.conf
</IfVersion>
PassengerPreStart http://puppet.example.com
</VirtualHost>
And here's the SSL vhost:
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:443>
ServerName puppet.example.com
## Vhost docroot
DocumentRoot "/usr/share/foreman/public"
## Directories, there should at least be a declaration for
/usr/share/foreman/public
<Directory "/usr/share/foreman/public">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/foreman-ssl_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/foreman-ssl_access_ssl.log" combined
## Server aliases
ServerAlias foreman
## SSL directives
SSLEngine on
SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.example.com.pem"
SSLCertificateKeyFile
"/var/lib/puppet/ssl/private_keys/puppet.example.com.pem"
SSLCertificateChainFile "/var/lib/puppet/ssl/certs/ca.pem"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/var/lib/puppet/ssl/certs/ca.pem"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars
## Custom fragment
PassengerAppRoot /usr/share/foreman
PassengerRuby /usr/bin/ruby193-ruby
PassengerMinInstances 1
PassengerStartTimeout 600
AddDefaultCharset UTF-8
# Static public dir serving
<Directory /usr/share/foreman/public>
<IfVersion < 2.4>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/foreman/public/assets>
# Use standard http expire header for assets instead of ETag
<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
# Return compressed assets if they are precompiled
<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch \.css\.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.js\.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>
</Directory>
<IfVersion < 2.4>
Include /etc/httpd/conf.d/05-foreman-ssl.d/*.conf
</IfVersion>
<IfVersion >= 2.4>
IncludeOptional /etc/httpd/conf.d/05-foreman-ssl.d/*.conf
</IfVersion>
PassengerPreStart https://puppet.example.com
</VirtualHost>
On Fri, Jul 17, 2015 at 4:16 PM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:
Hi,
I'm not very familiar with the puppet/foreman stack, so this might be a
silly question, but how is the master set up? Is it running through
Apache/Passenger?
In that case, can we see the Apache vhost configuration?
Thanks,
Felix
On 07/15/2015 05:12 AM, Tim Dunphy wrote:
Hey all,
I'm running puppet version 3.7.5 with foreman 1.7.4. Everything was going
well with this setup for quite a long time. Many months at least it ran
without even so much as a hiccup!
Until recently when I started adding more nodes I've found this issue I'm
having occurring every couple of days. Then as I added even more nodes it
started happening every couple of hours!!
The way I've always resolved it was to just reboot the puppet host. Which
wasn't so bad at first. Not that I like frequent reboots as any kind of
solution to a problem. But when I was having to do it once or twice in a
weeks time it wasn't so bothersome.
But now that it's occurring so often it's time to find a more permanent
solution.
Without further delay, here's the error I'm getting:
#puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: Net::ReadTimeout
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using 'eval_generate': Net::ReadTimeout
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
retrieve file metadata for puppet://puppet.example.com/pluginfacts:
Net::ReadTimeout
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using 'eval_generate': Error 503 on SERVER: <h1>This website is under heavy
load</h1><p>We're sorry, too many people are accessing this website at the
same time. We're working on this problem. Please try again later.</p>
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
file metadata for puppet://puppet.example.com/plugins: Error 503 on SERVER:
<h1>This website is under heavy load</h1><p>We're sorry, too many people
are accessing this website at the same time. We're working on this problem.
Please try again later.</p>
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 503 on SERVER:
<h1>This website is under heavy load</h1><p>We're sorry, too many people
are accessing this website at the same time. We're working on this problem.
Please try again later.</p>
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Error 503 on SERVER: <h1>This website is
under heavy load</h1><p>We're sorry, too many people are accessing this
website at the same time. We're working on this problem. Please try again
later.</p>
I'm running this host on a CentOS 7 host with 4GB of ram with a single core
2.4 GhZ processor. Right now I'm managing a collection of 25 hosts with
this puppet server. And as I mentioned I never really had this problem when
I was managing less servers with this.
So what I'm wondering is if adding more ram to the server would be the only
way of solving this problem? Other than reducing the number of hosts that
I'm managing with it.
Thanks!
Tim
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/55A96286.1070007%40Alumni.TU-Berlin.de
<https://groups.google.com/d/msgid/puppet-users/55A96286.1070007%40Alumni.TU-Berlin.de?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0emyAmjACUUvydAaQ5B19dw7t2nVjBqdaZx_9cvM7hWj4Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
