On the server

[root@bangvmpllDA02 logs]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

[root@bangvmpllDA02 logs]# puppet --version


[root@bangvmpllDA02 logs]# service nginx configtest
nginx: the configuration file /apps/nginx/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/nginx.conf test is successful

[root@bangvmpllDA02 logs]# service nginx status
nginx (pid 25923 25921 25920 25917 25908) is running...
[root@bangvmpllDA02 logs]#

however none of my agents are able to connect to the master, they all fail
with errors like so

[amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server
Info: Creating a new SSL certificate request for blramisr195602.XXXXX.com
Info: Certificate Request fingerprint (SHA256):
Error: Could not request certificate: Error 405 on SERVER: <html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>

Exiting; failed to retrieve certificate and waitforcert is disabled

when I check logs on puppet master

[root@bangvmpllDA02 logs]# tail puppet_access.log
[05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" 404
162 "-" "Ruby"
[05/Dec/2012:18:32:23 +0530] "PUT
/production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-"
[05/Dec/2012:18:33:33 +0530] "GET
/production/certificate/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-"
[05/Dec/2012:18:33:33 +0530] "GET
/production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-"
[05/Dec/2012:18:33:33 +0530] "PUT
/production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-"

and the error logs show that nginx is not really able to process the
request well

2012/12/05 18:33:33 [error] 25920#0: *23 open()
"/etc/puppet/rack/public/production/certificate/sl63anadi.XXXXX.com" failed
(2: No such file or directory), client:, server: , request:
"GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1", host:
2012/12/05 18:33:33 [error] 25920#0: *24 open()
failed (2: No such file or directory), client:, server: ,
request: "GET /production/certificate_request/sl63anadi.XXXXX.com?
HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"
2012/12/05 18:47:56 [error] 25923#0: *27 open()
"/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file
or directory), client:, server: , request: "GET
/production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"
2012/12/05 18:47:56 [error] 25923#0: *28 open()
failed (2: No such file or directory), client:, server: ,
request: "GET /production/certificate_request/blramisr195602.XXXXX.com?
HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"

Passenger does not show any application groups either

[root@bangvmpllDA02 nginx]# passenger-status
----------- General information -----------
max = 15
count = 0
active = 0
inactive = 0
Waiting on global queue: 0

----------- Application groups -----------
[root@bangvmpllDA02 nginx]#

here's my nginx configuration

user puppet;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;

#pid logs/nginx.pid;

events {
use epoll;
worker_connections 1024;

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log main;

sendfile on;
#tcp_nopush on;
server_tokens off;
#keepalive_timeout 0;
keepalive_timeout 120;

gzip on;
gzip_http_version 1.1;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml

server {
listen 80;
server_name bangvmpllda02.XXXXXX.com;

charset utf-8;

#access_log logs/http.access.log main;

location / {
root html;
index index.html index.htm index.php;

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;

# proxy the PHP scripts to Apache listening on
#location ~ \.php$ {
# proxy_pass;

# pass the PHP scripts to FastCGI server listening on
location ~ \.php$ {
root html;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 2d;

# Passenger needed for puppet
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18;
passenger_ruby /usr/bin/ruby;
passenger_max_pool_size 15;

server {
ssl on;
listen 8140 default ssl;
server_name bangvmpllda02.XXXXX.com;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
passenger_min_instances 5;

access_log logs/puppet_access.log;
error_log logs/puppet_error.log;

root /etc/puppet/rack/public;

ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;

and the puppet.conf

# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
dns_alt_names = devops.XXXXX.com,devops
confdir = /etc/puppet
vardir = /var/lib/puppet
storeconfigs = true
storeconfigs_backend = puppetdb
thin_storeconfigs = false
async_storeconfigs = false
ssl_client_header = SSL_CLIENT_S_D
ssl_client_verify_header = SSL_CLIENT_VERIFY

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

any ideas where am I going wrong? I checkthe directory permissions;
/usr/share/puppet, /etc/puppet and /var/lib/puppet (and files inside them)
are owned by puppet user. I also disabled selinux to ensure there is not
problem on that front, but no luck I keep getting the 405 responses from
puppt master.

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-rBZV_cMRU8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 2 | next ›
Discussion Overview
grouppuppet-users @
postedDec 6, '12 at 3:33p
activeDec 6, '12 at 5:41p

2 users in discussion

Craig White: 1 post Anadi Misra: 1 post



site design / logo © 2022 Grokbase