FAQ
On the server

[root@bangvmpllDA02 logs]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

[root@bangvmpllDA02 logs]# puppet --version
3.0.1

and

[root@bangvmpllDA02 logs]# service nginx configtest
nginx: the configuration file /apps/nginx/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/nginx.conf test is successful

[root@bangvmpllDA02 logs]# service nginx status
nginx (pid 25923 25921 25920 25917 25908) is running...
[root@bangvmpllDA02 logs]#

however none of my agents are able to connect to the master, they all fail
with errors like so

[amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server
bangvmpllda02.XXXXX.com
Info: Creating a new SSL certificate request for blramisr195602.XXXXX.com
Info: Certificate Request fingerprint (SHA256):
26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41
Error: Could not request certificate: Error 405 on SERVER: <html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>

Exiting; failed to retrieve certificate and waitforcert is disabled

when I check logs on puppet master

[root@bangvmpllDA02 logs]# tail puppet_access.log
[05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" 404
162 "-" "Ruby"
[05/Dec/2012:18:32:23 +0530] "PUT
/production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-"
"-"
[05/Dec/2012:18:33:33 +0530] "GET
/production/certificate/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-" "-"
[05/Dec/2012:18:33:33 +0530] "GET
/production/certificate_request/sl63anadi.XXXXX.com? HTTP/1.1" 404 162 "-"
"-"
[05/Dec/2012:18:33:33 +0530] "PUT
/production/certificate_request/sl63anadi.XXXXX.com HTTP/1.1" 405 166 "-"
"-"

and the error logs show that nginx is not really able to process the
request well

2012/12/05 18:33:33 [error] 25920#0: *23 open()
"/etc/puppet/rack/public/production/certificate/sl63anadi.XXXXX.com" failed
(2: No such file or directory), client: 10.209.47.26, server: , request:
"GET /production/certificate/sl63anadi.XXXXX.com? HTTP/1.1", host:
"bangvmpllda02.XXXXX.com:8140"
2012/12/05 18:33:33 [error] 25920#0: *24 open()
"/etc/puppet/rack/public/production/certificate_request/sl63anadi.XXXXX.com"
failed (2: No such file or directory), client: 10.209.47.26, server: ,
request: "GET /production/certificate_request/sl63anadi.XXXXX.com?
HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"
2012/12/05 18:47:56 [error] 25923#0: *27 open()
"/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file
or directory), client: 10.209.47.31, server: , request: "GET
/production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"
2012/12/05 18:47:56 [error] 25923#0: *28 open()
"/etc/puppet/rack/public/production/certificate_request/blramisr195602.XXXXX.com"
failed (2: No such file or directory), client: 10.209.47.31, server: ,
request: "GET /production/certificate_request/blramisr195602.XXXXX.com?
HTTP/1.1", host: "bangvmpllda02.XXXXX.com:8140"

Passenger does not show any application groups either

[root@bangvmpllDA02 nginx]# passenger-status
----------- General information -----------
max = 15
count = 0
active = 0
inactive = 0
Waiting on global queue: 0

----------- Application groups -----------
[root@bangvmpllDA02 nginx]#

here's my nginx configuration

user puppet;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;

#pid logs/nginx.pid;


events {
use epoll;
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log main;

sendfile on;
#tcp_nopush on;
server_tokens off;
#keepalive_timeout 0;
keepalive_timeout 120;

gzip on;
gzip_http_version 1.1;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml;

server {
listen 80;
server_name bangvmpllda02.XXXXXX.com;

charset utf-8;

#access_log logs/http.access.log main;

location / {
root html;
index index.html index.htm index.php;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on
127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 2d;
}
}

# Passenger needed for puppet
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18;
passenger_ruby /usr/bin/ruby;
passenger_max_pool_size 15;

server {
ssl on;
listen 8140 default ssl;
server_name bangvmpllda02.XXXXX.com;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
passenger_min_instances 5;

access_log logs/puppet_access.log;
error_log logs/puppet_error.log;

root /etc/puppet/rack/public;

ssl_certificate
/var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem;
ssl_certificate_key
/var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}
}

and the puppet.conf

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
dns_alt_names = devops.XXXXX.com,devops
confdir = /etc/puppet
vardir = /var/lib/puppet
storeconfigs = true
storeconfigs_backend = puppetdb
thin_storeconfigs = false
async_storeconfigs = false
ssl_client_header = SSL_CLIENT_S_D
ssl_client_verify_header = SSL_CLIENT_VERIFY

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

any ideas where am I going wrong? I checkthe directory permissions;
/usr/share/puppet, /etc/puppet and /var/lib/puppet (and files inside them)
are owned by puppet user. I have also disabled selinux ginf by this
discussion:
https://groups.google.com/d/topic/puppet-users/tLuwFOoiqvA/discussion

none of it got puppet to work.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/MpZauUrPI_0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 6, '12 at 3:33p
activeDec 6, '12 at 3:33p
posts1
users1
websitepuppetlabs.com

1 user in discussion

Anadi Misra: 1 post

People

Translate

site design / logo © 2022 Grokbase