On Aug 17, 2010, at 9:51 PM, Sven Schott wrote:
> The config file said those were only used with mongrel so I didn't uncomment
> them. However, after fiddling for while I found that I had missed the exact
> same thing on the apache virtual hosts config. The following lines were
> missing:
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> which are in the instructions on the puppet wiki but not on the instructions
> I had. Once I added that to the virtual hosts config, everything went peachy.
> Thanks for the reply anyways. I appreciate it.
That's half true. Basically, apache and puppet use different header names for
the same thing be default, so you can either tell apache to name them
differently, or tell puppet to look for different header.
> On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr <[email protected]> wrote:
> I think you might have missed this bit:
>
> Setup your puppet.conf
>
> Make sure you have the following set in your puppetmaster’s puppet.conf:
>
> [puppetmasterd]
>
> ssl_client_header = SSL_CLIENT_S_DN
>
> ssl_client_verify_header = SSL_CLIENT_VERIFY
>
>
>
> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott <[email protected]> wrote:
> Hi everyone
>
> I'm having a problem with a clean install of puppet (2.6.0) on a Mac server
> (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster
> standalone (Webrick) and that works fine. Clients can connect and there are
> no problems. But when I configured it to use Apache and Passenger, the client
> responds that the request is forbidden.
>
> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/XXX.XXX.XXX
> [find] at line 97
>
> So after going through the mailing lists and google I've found that the
> auth.conf file is the problem. I have stock standard auth.conf which looks
> like this:
>
> http://pastie.org/1098939
>
> And yes, adding auth no to the first four methods does make it work, but I
> know that's not the problem (or the solution). Am I missing something? Is it
> a bug or PEBKAC?
>
> Some of the relevant puppet.conf entries
>
> vardir = /var/lib/puppet
> confdir = /etc/puppet
> puppetdlog = '$logdir/puppetd.log'
> logdir = '$vardir/log'
> rest_authconfig = '$confdir/auth.conf'
> masterlog = '$logdir/puppetmaster.log'
>
> The Gem versions I am using:
>
> facter (1.5.7)
> mongrel (1.1.5)
> passenger (2.2.15)
> puppet (2.6.0)
> rack (1.2.1, 1.1.0)
> ruby-mysql (2.9.3)
>
> The backtrace on the server is:
>
> http://pastie.org/1098964
>
> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>
> Virtualhost entry in apache looks like this:
>
> http://pastie.org/1098973
>
> and the config.ru file looks like this:
>
> http://pastie.org/1098974
>
> The client and server certs are fine (standalone works fine) and there are no
> connectivity problems between the client and server.
>
> Anyone seen this or have any ideas? Any help would be greatly appreciated.
>
> Regards
>
> Sven Schott
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
