The config file said those were only used with mongrel so I didn't uncomment
them. However, after fiddling for while I found that I had missed the exact
same thing on the apache virtual hosts config. The following lines were
missing:
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
which *are* in the instructions on the puppet wiki but not on the
instructions I had. Once I added that to the virtual hosts config,
everything went peachy. Thanks for the reply anyways. I appreciate it.
On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr <[email protected]> wrote:
> I think you might have missed this bit:
>
> *Setup your puppet.conf*
>
> *Make sure you have the following set in your puppetmaster’s puppet.conf:*
>
> *[puppetmasterd]*
>
> *ssl_client_header = SSL_CLIENT_S_DN*
>
> *ssl_client_verify_header = SSL_CLIENT_VERIFY*
>
>
> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott <[email protected]>wrote:
>
>> Hi everyone
>>
>> I'm having a problem with a clean install of puppet (2.6.0) on a Mac
>> server (Mac OS 10.5.8). I set up puppet initially with MySQL and the
>> puppetmaster standalone (Webrick) and that works fine. Clients can connect
>> and there are no problems. But when I configured it to use Apache and
>> Passenger, the client responds that the request is forbidden.
>>
>> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
>> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/
>> XXX.XXX.XXX [find] at line 97
>>
>> So after going through the mailing lists and google I've found that the
>> auth.conf file is the problem. I have stock standard auth.conf which looks
>> like this:
>>
>> http://pastie.org/1098939
>>
>> And yes, adding auth no to the first four methods does make it work, but I
>> know that's not the problem (or the solution). Am I missing something? Is it
>> a bug or PEBKAC?
>>
>> Some of the relevant puppet.conf entries
>>
>> vardir = /var/lib/puppet
>> confdir = /etc/puppet
>> puppetdlog = '$logdir/puppetd.log'
>> logdir = '$vardir/log'
>> rest_authconfig = '$confdir/auth.conf'
>> masterlog = '$logdir/puppetmaster.log'
>>
>> The Gem versions I am using:
>>
>> facter (1.5.7)
>> mongrel (1.1.5)
>> passenger (2.2.15)
>> puppet (2.6.0)
>> rack (1.2.1, 1.1.0)
>> ruby-mysql (2.9.3)
>>
>> The backtrace on the server is:
>>
>> http://pastie.org/1098964
>>
>> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>>
>> Virtualhost entry in apache looks like this:
>>
>> http://pastie.org/1098973
>>
>> and the config.ru file looks like this:
>>
>> http://pastie.org/1098974
>>
>> The client and server certs are fine (standalone works fine) and there are
>> no connectivity problems between the client and server.
>>
>> Anyone seen this or have any ideas? Any help would be greatly appreciated.
>>
>> Regards
>>
>> Sven Schott
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected]<puppet-users%[email protected]>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<puppet-users%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
