I recently moved from manually configured Puppetmaster under passenger to
fully managed using theforeman/puppet module. Now I am experiencing
constant crashes (every few minutes) of the passenger process that runs the
puppetmaster.
Host is CentOS 6.5 running Puppet 3.4.3.
This is the entry I see in /var/log/httpd/puppet_error_ssl.log:
[Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of
script headers: production
This is the entry I see in /var/log/httpd/error_log
/usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark():
unknown data type 0x20(0x2e6b230) non object
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
[ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841
time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did
not send a valid HTTP response; instead, it sent nothing at all. It is
possible that it has crashed; please check whe.
/etc/httpd/conf.d/passenger.conf:
LoadModule passenger_module modules/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/rubygem-passenger
</IfModule>
/etc/httpd/conf.d/25-puppet.conf
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:8140>
ServerName puppet
## Vhost docroot
DocumentRoot "/etc/puppet/rack/public/"
## Directories, there should at least be a declaration for
/etc/puppet/rack/public/
<Directory "/etc/puppet/rack/public/">
AllowOverride None
Order allow,deny
Allow from all
PassengerEnabled On
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/puppet_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/puppet_access_ssl.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.<DOMAIN>.pem"
SSLCertificateKeyFile
"/var/lib/puppet/ssl/private_keys/puppet.<DOMAIN>.pem"
SSLCertificateChainFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCARevocationFile "/var/lib/puppet/ssl/ca/ca_crl.pem"
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
## Request header rules
## as per
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
## Custom fragment
</VirtualHost>
Any suggestions or means to work around this issue?
Thanks
- Trey
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/570ab513-d4e3-4c42-9481-c53ac49e2845%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
