I'm trying to load balance multiple puppetmasters using apache and passenger as described in James's book.
Was able to get a single passenger server installation to work correctly. When I configure the frontend load balancer and backend workers, the backend workers does not authenticate even though I am passing the headers to it. curl -v -H "Accept: pson, yaml" \ > -H "X-Client-DN:: /CN=puppetclient.example" \ > -H "X-Client-Verify: SUCCESS" \ > 'http://puppetmaster.example:18140/production/catalog/puppetclient.example?facts_format=b64_zlib_yaml&facts=...' * About to connect() to puppetmaster.example port 18140 * Trying puppetmaster.example... connected * Connected to puppetmaster.example (192.168.1.100) port 18140 > GET > /production/catalog/puppetclient.example?facts_format=b64_zlib_yaml&facts=... > HTTP/1.1 > User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 > OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 > Host: puppetmaster.example:18140 > Accept: pson, yaml > X-Client-DN:: /CN=puppetclient.example > X-Client-Verify: SUCCESS > < HTTP/1.1 403 Forbidden < Date: Tue, 13 Sep 2011 14:28:39 GMT < Server: Apache/2.2.3 (CentOS) < X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.9 < Content-Length: 98 < Status: 403 < Connection: close < Content-Type: text/plain; charset=UTF-8 Closing connection #0 Forbidden request: puppetclient.example(192.168.1.201) access to / catalog/puppetclient.example [find] at line 93 Here is the backend configuration: Listen 18140 <VirtualHost 192.168.1.100:18140> SSLEngine off # Obtain Authentication Information from Client Request Headers SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 RackAutoDetect On DocumentRoot /usr/share/puppet/rack/puppetmaster_18140/public/ <Directory /usr/share/puppet/rack/puppetmaster_18140/> Options None AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/httpd/puppetmaster_worker_error_18140.log CustomLog /var/log/httpd/puppetmaster_worker_access_18140.log combined </VirtualHost> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
