Databases
StackOverflow2013
Postsdbo
POConfigure Phusion Passenger 3.0.18 with RHEL 5.2 and Puppet 3.0.0
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConfigure Phusion Passenger 3.0.18 with RHEL 5.2 and Puppet 3.0.0
    text
    copied!<p>I am trying to configure Apache/Phusion Passenger under RHEL 5.2. So far the installation of the passenger module and mod_ssl for apache was successful but i am having issues trying to test a puppet client agent. </p> <p>This is how my <strong>passenger.conf</strong> located on <strong>/etc/httpd/conf.d</strong> looks like</p> <pre><code>LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18 PassengerRuby /usr/bin/ruby # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect On RailsAutoDetect Off Listen 8140 &lt;VirtualHost *:8140&gt; SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/xxxxx.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/xxxxx.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / &lt;Directory /etc/puppet/rack/&gt; Options None AllowOverride None Order allow,deny allow from all &lt;/Directory&gt; &lt;/VirtualHost&gt; </code></pre> <p>My puppet configuration <strong>/etc/puppet/puppet.conf</strong></p> <pre><code>[main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig </code></pre> <p>On the httpd server logs i can see the following warnings</p> <pre><code>[Mon Dec 03 13:53:08 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Dec 03 13:53:08 2012] [warn] RSA server certificate CommonName (CN) `xxxxx' does NOT match server name!? [Mon Dec 03 13:53:08 2012] [notice] Digest: generating secret for digest authentication ... [Mon Dec 03 13:53:08 2012] [notice] Digest: done [Mon Dec 03 13:53:08 2012] [warn] RSA server certificate CommonName (CN) `xxxxx' does NOT match server name!? [Mon Dec 03 13:53:08 2012] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations </code></pre> <p>I also get an html output from the client log when running <em>puppet agent --test</em></p> <pre><code>The application has exited during startup (i.e. during the evaluation of config/environment.rb). The error message may have been written to the web server's log file. Please check the web server's log file (i.e. not the (Rails) application's log file) to find out why the application exited. If that doesn't help, then please use the backtrace below to debug the problem. Application root: /etc/puppet/rack /usr/lib/ruby/site_ruby/1.8/puppet/util.rb 514 in `exit' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb 514 in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb 344 in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb 76 in `execute' config.ru 33 /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in `instance_eval' /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in `initialize' config.ru 1 in `new' config.ru 1 </code></pre> <p><em>Config.ru</em></p> <pre><code># a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB: # $LOAD_PATH.unshift('/opt/puppet/lib') $0 = "master" # if you want debugging: # ARGV &lt;&lt; "--debug" ARGV &lt;&lt; "--rack" # Rack applications typically don't start as root. Set --confdir to prevent # reading configuration from ~/.puppet/puppet.conf ARGV &lt;&lt; "--confdir" &lt;&lt; "/etc/puppet" # NOTE: it's unfortunate that we have to use the "CommandLine" class # here to launch the app, but it contains some initialization logic # (such as triggering the parsing of the config file) that is very # important. We should do something less nasty here when we've # gotten our API and settings initialization logic cleaned up. # # Also note that the "$0 = master" line up near the top here is # the magic that allows the CommandLine class to know that it's # supposed to be running master. # # --cprice 2012-05-22 require 'puppet/util/command_line' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Util::CommandLine.new.execute </code></pre> <p>This was working using the Webrick default webserver and it was connecting to the puppet clients without any issues. </p> <p>Any other clues that can help me troubleshoot this issue?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload