I am at the end of my rope here so I pray to the gods that
puppet-users can help.
Using Debian apt-get install puppetmaster-passenger you get a fairly
complete puppetmaster setup. I have the Pro Puppet book next to me and
following Chapter 4 on setting up Puppet with Passenger I can see that
apt has already done most of the ground work.
For example the config.ru script is owned by puppet, passenger module
in apache is activated. One thing is that puppetmaster is never run
and when dpkg tries to start apache it fails because there are no
certificates.
So at this point I did puppetca --generate node00.swehack.localdomain.
Now passenger starts and listens on port 8140 through apache.
My site.pp is for simplicity and debugging only import "nodes/*.pp"
and in /etc/puppet/manifests/nodes I have just one file called
node00.swehack.localdomain.pp and in there the following block.
node 'node00' {
}
In /etc/hosts I have setup long and short forms of the domain to the
local ip. And I've also added swehack.localdomain as search domain in
/etc/resolv.conf.
I try running puppet agent --server node00.swehack.localdomain -otDdv
from the same machine as the master and this is what I get.
root@node00:/home/nocturnal# puppet agent --server
node00.swehack.localdomain -otvDd
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file
/usr/bin/dscl does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/certs/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state/last_run_summary.yaml]:
Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private_keys/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70218012435120
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/node00.swehack.localdomain.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: Finishing transaction 70218014163440
debug: Using cached certificate for ca
debug: Using cached certificate for node00.swehack.localdomain
debug: Finishing transaction 70218012999760
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for node00.swehack.localdomain
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw
yaml; using pson
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
Same in my /var/log/daemon.log.
My puppet.conf is real simple.
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
certname=node00.swehack.localdomain
#prerun_command=/etc/puppet/etckeeper-commit-pre
#postrun_command=/etc/puppet/etckeeper-commit-post
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
My /etc/apache2/sites-available/puppetmaster
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/node00.swehack.localdomain.pem
SSLCertificateFile
/var/lib/puppet/ssl/certs/node00.swehack.localdomain.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile
/var/lib/puppet/ssl/certs/ca.pem
# issuing puppet client certificate.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/apache2/mods-enabled/passenger.conf
<IfModule mod_passenger.c>
PassengerRoot /usr/lib/ruby/1.8
PassengerRuby /usr/bin/ruby
</IfModule>
Reason I picked that PassengerRoot path was logical deduction and not
based on any documentation, because
/usr/share/puppet/rack/puppetmasterd/config.ru says require
'puppet/application/master' and the only directory structure that
matches that path is in the PassengerRoot I set. The default
PassengerRoot set by apt was /usr.
What am I missing here?
--
Med vänliga hälsningar / With kind regards
Stefan Midjich
http://swehack.se/
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
