Just for being sure. Do you have selinux in enforcing mode ? What tell you the sestatus command ? And ausearch -m avc ? Regards
2011/9/2, Chris Doherty <cpdoh...@gmail.com>: > Hi, all. I'm having a problem that I'm virtually certain is a perms > issue, but I can't figure out where it's going wrong. > > The puppetmaster server is a CentOS6 x64 minimal install. > > Puppet was installed from the epel-testing repository (2.6.6-1) and an > updated SELinux policy loaded to allow it to run. Apache was > installed the standard way (yum install httpd mod_ssl). > > Passenger was installed from the stealthymonkeys repository (3.0.8-2). > > I've been following the instructions in Chapter 5 in Pro Puppet, but > when I configure /etc/httpd/conf.d/puppetmaster.conf and provide the > correct paths to the certificate files, then try to start the httpd > service, I get this: > > # service httpd restart > Stopping httpd: [FAILED] > Starting httpd: Syntax error on line 22 of /etc/httpd/conf.d/ > puppetmaster.conf: > SSLCertificateFile: file '/var/lib/puppet/ssl/certs/ > puppet.tst.mydomain.pem' does not exist or is empty > [FAILED] > > /var/lib/puppet/ssl/certs/puppet.tst.mydomain.com.pem most certainly > does exist, however: > > [root@brllx097 ~]# ls -la /var/lib/puppet/ssl/certs/ > puppet.tst.mydomain.com.pem > -rw-r-----. 1 puppet root 912 Sep 2 11:40 /var/lib/puppet/ssl/certs/ > puppet.tst.mydomain.com.pem > > So this is probably a perms issue, but I don't know why. Apache > starts up as root, which has read access to the file, and the cert's > owned by the puppet user. I don't have to set my other certificates > as owned by the apache user for httpd to load them properly. > > In this config, puppetmasterd starts up and runs fine by itself, so > it's an Apache/passenger problem. > > Any ideas what I'm doing wrong? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
