Hi Felix, Thanks for getting back to me! And yes, you are correct. Puppet/Foreman is running through apache/passenger.
And here's the vhost configurations. There's two of them, one for ssl and one for non ssl. Non ssl is first: # ************************************ # Vhost template in module puppetlabs-apache # Managed by Puppet # ************************************ <VirtualHost *:80> ServerName puppet.example.com ## Vhost docroot DocumentRoot "/usr/share/foreman/public" ## Directories, there should at least be a declaration for /usr/share/foreman/publ <Directory "/usr/share/foreman/public"> Options SymLinksIfOwnerMatch AllowOverride None Require all granted </Directory> ## Load additional static includes ## Logging ErrorLog "/var/log/httpd/foreman_error.log" ServerSignature Off CustomLog "/var/log/httpd/foreman_access.log" combined ## Server aliases ServerAlias foreman ## Custom fragment PassengerAppRoot /usr/share/foreman PassengerRuby /usr/bin/ruby193-ruby PassengerMinInstances 1 PassengerStartTimeout 600 AddDefaultCharset UTF-8 # Static public dir serving <Directory /usr/share/foreman/public> <IfVersion < 2.4> Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Directory> <Directory /usr/share/foreman/public/assets> # Use standard http expire header for assets instead of ETag <IfModule mod_expires.c> Header unset ETag FileETag None ExpiresActive On ExpiresDefault "access plus 1 year" </IfModule> # Return compressed assets if they are precompiled <IfModule mod_rewrite.c> RewriteEngine on # Make sure the browser supports gzip encoding and file with .gz added # does exist on disc before we rewrite with the extension RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b RewriteCond %{REQUEST_FILENAME}.gz -s RewriteRule ^(.+) $1.gz [L] # Set headers for all possible assets which are compressed <FilesMatch \.css\.gz$> ForceType text/css Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> <FilesMatch \.js\.gz$> ForceType text/javascript Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> </IfModule> </Directory> <IfVersion < 2.4> Include /etc/httpd/conf.d/05-foreman.d/*.conf </IfVersion> <IfVersion >= 2.4> IncludeOptional /etc/httpd/conf.d/05-foreman.d/*.conf </IfVersion> PassengerPreStart http://puppet.example.com </VirtualHost> And here's the SSL vhost: # ************************************ # Vhost template in module puppetlabs-apache # Managed by Puppet # ************************************ <VirtualHost *:443> ServerName puppet.example.com ## Vhost docroot DocumentRoot "/usr/share/foreman/public" ## Directories, there should at least be a declaration for /usr/share/foreman/public <Directory "/usr/share/foreman/public"> Options SymLinksIfOwnerMatch AllowOverride None Require all granted </Directory> ## Load additional static includes ## Logging ErrorLog "/var/log/httpd/foreman-ssl_error_ssl.log" ServerSignature Off CustomLog "/var/log/httpd/foreman-ssl_access_ssl.log" combined ## Server aliases ServerAlias foreman ## SSL directives SSLEngine on SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.example.com.pem" SSLCertificateKeyFile "/var/lib/puppet/ssl/private_keys/puppet.example.com.pem" SSLCertificateChainFile "/var/lib/puppet/ssl/certs/ca.pem" SSLCACertificatePath "/etc/pki/tls/certs" SSLCACertificateFile "/var/lib/puppet/ssl/certs/ca.pem" SSLVerifyClient optional SSLVerifyDepth 3 SSLOptions +StdEnvVars ## Custom fragment PassengerAppRoot /usr/share/foreman PassengerRuby /usr/bin/ruby193-ruby PassengerMinInstances 1 PassengerStartTimeout 600 AddDefaultCharset UTF-8 # Static public dir serving <Directory /usr/share/foreman/public> <IfVersion < 2.4> Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </Directory> <Directory /usr/share/foreman/public/assets> # Use standard http expire header for assets instead of ETag <IfModule mod_expires.c> Header unset ETag FileETag None ExpiresActive On ExpiresDefault "access plus 1 year" </IfModule> # Return compressed assets if they are precompiled <IfModule mod_rewrite.c> RewriteEngine on # Make sure the browser supports gzip encoding and file with .gz added # does exist on disc before we rewrite with the extension RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b RewriteCond %{REQUEST_FILENAME}.gz -s RewriteRule ^(.+) $1.gz [L] # Set headers for all possible assets which are compressed <FilesMatch \.css\.gz$> ForceType text/css Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> <FilesMatch \.js\.gz$> ForceType text/javascript Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> </IfModule> </Directory> <IfVersion < 2.4> Include /etc/httpd/conf.d/05-foreman-ssl.d/*.conf </IfVersion> <IfVersion >= 2.4> IncludeOptional /etc/httpd/conf.d/05-foreman-ssl.d/*.conf </IfVersion> PassengerPreStart https://puppet.example.com </VirtualHost> On Fri, Jul 17, 2015 at 4:16 PM, Felix Frank < felix.fr...@alumni.tu-berlin.de> wrote: Hi, I'm not very familiar with the puppet/foreman stack, so this might be a silly question, but how is the master set up? Is it running through Apache/Passenger? In that case, can we see the Apache vhost configuration? Thanks, Felix On 07/15/2015 05:12 AM, Tim Dunphy wrote: Hey all, I'm running puppet version 3.7.5 with foreman 1.7.4. Everything was going well with this setup for quite a long time. Many months at least it ran without even so much as a hiccup! Until recently when I started adding more nodes I've found this issue I'm having occurring every couple of days. Then as I added even more nodes it started happening every couple of hours!! The way I've always resolved it was to just reboot the puppet host. Which wasn't so bad at first. Not that I like frequent reboots as any kind of solution to a problem. But when I was having to do it once or twice in a weeks time it wasn't so bothersome. But now that it's occurring so often it's time to find a more permanent solution. Without further delay, here's the error I'm getting: #puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Net::ReadTimeout Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Net::ReadTimeout Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet.example.com/pluginfacts: Net::ReadTimeout Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 503 on SERVER: <h1>This website is under heavy load</h1><p>We're sorry, too many people are accessing this website at the same time. We're working on this problem. Please try again later.</p> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet.example.com/plugins: Error 503 on SERVER: <h1>This website is under heavy load</h1><p>We're sorry, too many people are accessing this website at the same time. We're working on this problem. Please try again later.</p> Info: Loading facts Error: Could not retrieve catalog from remote server: Error 503 on SERVER: <h1>This website is under heavy load</h1><p>We're sorry, too many people are accessing this website at the same time. We're working on this problem. Please try again later.</p> Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: Error 503 on SERVER: <h1>This website is under heavy load</h1><p>We're sorry, too many people are accessing this website at the same time. We're working on this problem. Please try again later.</p> I'm running this host on a CentOS 7 host with 4GB of ram with a single core 2.4 GhZ processor. Right now I'm managing a collection of 25 hosts with this puppet server. And as I mentioned I never really had this problem when I was managing less servers with this. So what I'm wondering is if adding more ram to the server would be the only way of solving this problem? Other than reducing the number of hosts that I'm managing with it. Thanks! Tim -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55A96286.1070007%40Alumni.TU-Berlin.de <https://groups.google.com/d/msgid/puppet-users/55A96286.1070007%40Alumni.TU-Berlin.de?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0emyAmjACUUvydAaQ5B19dw7t2nVjBqdaZx_9cvM7hWj4Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.