Re: [Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
Aha! Fixes my problem too. I knew if I procrastinated enough someone would find an answer. :-) On Tue, Feb 9, 2010 at 2:54 AM, Christophe Bonnaud wrote: > On Feb 9, 9:50 am, Eric Sorenson wrote: >> On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote: >> >> >> >> >> >> >> I've seen the same thing with my setup...the solution for me was to >> >> put the "RequestHeader" lines found on the Puppet Passenger wiki page >> >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my >> >> Apache virtual host config: >> >> >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e >> >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e >> >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e >> >> >> ...not sure why that section isn't included in the provided template >> >> (./ext/rack/files/apache2.conf) from the puppet sources (I'm using >> >> v0.25.4), but adding them fixed things up for me. Note that I also >> >> don't have an auth.conf file, and even if I add one and take these >> >> lines out, I'm back to getting the "err: Could not retrieve catalog >> >> from remote server: Error 403 on SERVER:" message. Hope that helps! >> >> > Indeed this was the solution... thanks so much for your help!! >> > I'm agree it's strange that those lines are not in the provided >> > template... >> > Anyone know why? >> >> The documented suggestion -- though I agree it's not on the wiki page; once >> we resolve this question here I'd be happy to update UsingPassenger this as >> I've just gone through it myself -- is to go at it from the other direction. >> Instead of changing apache to match puppet's defaults, you tell puppet the >> names of the apache variables: >> >> (from ext/rack/README) >> Required puppet.conf settings: >> [puppetmasterd] >> ssl_client_header = SSL_CLIENT_S_DN >> ssl_client_verify_header = SSL_CLIENT_VERIFY >> >> Then the required httpd.conf line is just >> SSLOptions +StdEnvVars >> >> which *is* in the config file in the distribution. >> >> I'm not enough of an expert to know whether one is preferable to the other, >> though. >> >> -=Eric > > > hum yes indeed it works fine in that way too. I though I already tried > that because I saw that in the documentation but I may have done > something else wrong at this moment... > Thanks Eric! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 9, 9:50 am, Eric Sorenson wrote: > On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote: > > > > > > >> I've seen the same thing with my setup...the solution for me was to > >> put the "RequestHeader" lines found on the Puppet Passenger wiki page > >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my > >> Apache virtual host config: > > >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > >> ...not sure why that section isn't included in the provided template > >> (./ext/rack/files/apache2.conf) from the puppet sources (I'm using > >> v0.25.4), but adding them fixed things up for me. Note that I also > >> don't have an auth.conf file, and even if I add one and take these > >> lines out, I'm back to getting the "err: Could not retrieve catalog > >> from remote server: Error 403 on SERVER:" message. Hope that helps! > > > Indeed this was the solution... thanks so much for your help!! > > I'm agree it's strange that those lines are not in the provided > > template... > > Anyone know why? > > The documented suggestion -- though I agree it's not on the wiki page; once > we resolve this question here I'd be happy to update UsingPassenger this as > I've just gone through it myself -- is to go at it from the other direction. > Instead of changing apache to match puppet's defaults, you tell puppet the > names of the apache variables: > > (from ext/rack/README) > Required puppet.conf settings: > [puppetmasterd] > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > > Then the required httpd.conf line is just > SSLOptions +StdEnvVars > > which *is* in the config file in the distribution. > > I'm not enough of an expert to know whether one is preferable to the other, > though. > > -=Eric hum yes indeed it works fine in that way too. I though I already tried that because I saw that in the documentation but I may have done something else wrong at this moment... Thanks Eric! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 8, 2010, at 4:20 PM, Christophe Bonnaud wrote: >> I've seen the same thing with my setup...the solution for me was to >> put the "RequestHeader" lines found on the Puppet Passenger wiki page >> (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my >> Apache virtual host config: >> >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e >> >> ...not sure why that section isn't included in the provided template >> (./ext/rack/files/apache2.conf) from the puppet sources (I'm using >> v0.25.4), but adding them fixed things up for me. Note that I also >> don't have an auth.conf file, and even if I add one and take these >> lines out, I'm back to getting the "err: Could not retrieve catalog >> from remote server: Error 403 on SERVER:" message. Hope that helps! > > Indeed this was the solution... thanks so much for your help!! > I'm agree it's strange that those lines are not in the provided > template... > Anyone know why? The documented suggestion -- though I agree it's not on the wiki page; once we resolve this question here I'd be happy to update UsingPassenger this as I've just gone through it myself -- is to go at it from the other direction. Instead of changing apache to match puppet's defaults, you tell puppet the names of the apache variables: (from ext/rack/README) Required puppet.conf settings: [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY Then the required httpd.conf line is just SSLOptions +StdEnvVars which *is* in the config file in the distribution. I'm not enough of an expert to know whether one is preferable to the other, though. -=Eric -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 9, 6:20 am, Aaron Schaefer wrote: > On Feb 8, 3:18 am, Christophe Bonnaud wrote: > > > so I have obviously an authorization problem, but i cannot find the > > solution to this problem... > > > Does anyone have a suggestion? > > I've seen the same thing with my setup...the solution for me was to > put the "RequestHeader" lines found on the Puppet Passenger wiki page > (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my > Apache virtual host config: > > RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > ...not sure why that section isn't included in the provided template > (./ext/rack/files/apache2.conf) from the puppet sources (I'm using > v0.25.4), but adding them fixed things up for me. Note that I also > don't have an auth.conf file, and even if I add one and take these > lines out, I'm back to getting the "err: Could not retrieve catalog > from remote server: Error 403 on SERVER:" message. Hope that helps! Indeed this was the solution... thanks so much for your help!! I'm agree it's strange that those lines are not in the provided template... Anyone know why? > > -- > Aaron "ElasticDog" Schaefer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: error on puppet 25.4 with passenger 2.2.2
On Feb 8, 3:18 am, Christophe Bonnaud wrote: > so I have obviously an authorization problem, but i cannot find the > solution to this problem... > > Does anyone have a suggestion? I've seen the same thing with my setup...the solution for me was to put the "RequestHeader" lines found on the Puppet Passenger wiki page (http://www.reductivelabs.com/trac/puppet/wiki/UsingPassenger) into my Apache virtual host config: RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e ...not sure why that section isn't included in the provided template (./ext/rack/files/apache2.conf) from the puppet sources (I'm using v0.25.4), but adding them fixed things up for me. Note that I also don't have an auth.conf file, and even if I add one and take these lines out, I'm back to getting the "err: Could not retrieve catalog from remote server: Error 403 on SERVER:" message. Hope that helps! -- Aaron "ElasticDog" Schaefer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.