[Puppet Users] Unable to run puppet with apache + passenger

On Jun 8, 2012, at 1:40 AM, ankush grover wrote:
Hi Friends,

I am trying to run puppet with apache on Centos 6.2. 64-bit (with
selinux off) but it seems apache is refusing to read the pem file of
puppet. Below are the errors I am getting in the apache logs.
Puppetmaster is working fine without Apache. The same setup is working
fine with (Puppet + Apache) in another office . What could be the
problem that apache is not able to read the files.


Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
^C


puppet.conf

Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not recommended.
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile to include the CA cert
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
PassengerMaxRequests 10000
DocumentRoot /etc/puppet/rack/public


<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

On Sat, Jun 9, 2012 at 5:17 AM, Sans wrote:
I don't wanna hijack the thread but I'm also having almost the same issue.
For me httpd/passenger starts just fine but puppetmaster doesn't start until
I start it manually using puppetmasterd on the box. These are in the
httpd_error log:


Is it related? Cheers!!

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ.

To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.