Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
I believe the --debug in config.ru sends output to syslog so either look in
/var/log/messages (or similar) or specify a log destination filename like:
ARGV --logdest /var/log/puppet/puppet-master.log
- Keith
On 23 Jul 2013 09:15, Christian Flamm christian.le.fl...@gmail.com
wrote:
Hi,
I'm currently trying to debug a performance issue I'm having. Therefore I
would need DEBUG output. When using one puppetmaster process, this is
fairly easy by starting it like this:
puppet master --no-daemonize --debug
Now I need to see this debug output when running puppetmaster the way I
ususally do - using Apache/Rack/Passenger. After looking around a bit in
the vhost config file
cat /etc/httpd/conf.d/puppetmaster.conf
LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
PassengerDefaultRuby /usr/bin/ruby
# TODO evaluate benefit of ThrottleRate
PassengerStatThrottleRate 120
PassengerHighPerformance On
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
VirtualHost *:8140
SSLEngine On
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster
.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
Directory /usr/share/puppet/rack/puppetmasterd/
Options None
AllowOverride None
Order Allow,Deny
Allow from All
/Directory
/VirtualHost
I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which
contains this:
[snippet]
# if you want debugging:
# ARGV --debug
... so I enabled it. But this actually only gives me extra lines I believe
belong to INFO log level:
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing
$1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1
access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing 'method' find Jul
22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing
'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/report]) allowing * access Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/file]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca])
adding authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate/ca]) allowing * access Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[/certificate/]) adding
authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul
22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/])
allowing * access Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate_request]) adding authentication
any Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_request]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[/certificate_request])
allowing 'method' save Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate_request]) allowing * access
Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/]) adding
authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: Inserting default '~ ^/report/([^/]+)$' (auth true)
Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
Did what you posted.
Strange thing happened: nothing appears in the specified logdest. Instead:
the (wanted) debug output it now sent to apache's error log!
I have no idea what's going on - but at least I have the output I was
looking for :-/
Thanks,
Christian
Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis:
I believe the --debug in config.ru sends output to syslog so either look
in /var/log/messages (or similar) or specify a log destination filename
like:
ARGV --logdest /var/log/puppet/puppet-master.log
- Keith
On 23 Jul 2013 09:15, Christian Flamm
christian...@gmail.comjavascript:
wrote:
Hi,
I'm currently trying to debug a performance issue I'm having. Therefore I
would need DEBUG output. When using one puppetmaster process, this is
fairly easy by starting it like this:
puppet master --no-daemonize --debug
Now I need to see this debug output when running puppetmaster the way I
ususally do - using Apache/Rack/Passenger. After looking around a bit in
the vhost config file
cat /etc/httpd/conf.d/puppetmaster.conf
LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
PassengerDefaultRuby /usr/bin/ruby
# TODO evaluate benefit of ThrottleRate
PassengerStatThrottleRate 120
PassengerHighPerformance On
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
VirtualHost *:8140
SSLEngine On
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster
.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
Directory /usr/share/puppet/rack/puppetmasterd/
Options None
AllowOverride None
Order Allow,Deny
Allow from All
/Directory
/VirtualHost
I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which
contains this:
[snippet]
# if you want debugging:
# ARGV --debug
... so I enabled it. But this actually only gives me extra lines I
believe belong to INFO log level:
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing
$1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1
access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing 'method' find Jul
22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing
'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/report]) allowing * access Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/file]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca])
adding authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate/ca]) allowing * access Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[/certificate/]) adding
authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul
22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/])
allowing * access Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate_request]) adding authentication
any Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_request]) allowing 'method'
Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
Debug output is sent to Apache error log, because of missing permissions to
write to the defined logdest.
So - bottom line - thanks for your reply, --logdest is necessary. Without
it debug output is (per default) not sent to /var/log/messages.
Am Mittwoch, 24. Juli 2013 09:59:40 UTC+2 schrieb Christian Flamm:
Did what you posted.
Strange thing happened: nothing appears in the specified logdest. Instead:
the (wanted) debug output it now sent to apache's error log!
I have no idea what's going on - but at least I have the output I was
looking for :-/
Thanks,
Christian
Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis:
I believe the --debug in config.ru sends output to syslog so either look
in /var/log/messages (or similar) or specify a log destination filename
like:
ARGV --logdest /var/log/puppet/puppet-master.log
- Keith
On 23 Jul 2013 09:15, Christian Flamm christian...@gmail.com wrote:
Hi,
I'm currently trying to debug a performance issue I'm having. Therefore
I would need DEBUG output. When using one puppetmaster process, this
is fairly easy by starting it like this:
puppet master --no-daemonize --debug
Now I need to see this debug output when running puppetmaster the way I
ususally do - using Apache/Rack/Passenger. After looking around a bit in
the vhost config file
cat /etc/httpd/conf.d/puppetmaster.conf
LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10
PassengerDefaultRuby /usr/bin/ruby
# TODO evaluate benefit of ThrottleRate
PassengerStatThrottleRate 120
PassengerHighPerformance On
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
VirtualHost *:8140
SSLEngine On
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster
.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
Directory /usr/share/puppet/rack/puppetmasterd/
Options None
AllowOverride None
Order Allow,Deny
Allow from All
/Directory
/VirtualHost
I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which
contains this:
[snippet]
# if you want debugging:
# ARGV --debug
... so I enabled it. But this actually only gives me extra lines I
believe belong to INFO log level:
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing
$1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1
access Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing 'method' find Jul
22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate_revocation_list/ca]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing
'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/report]) allowing * access Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/file]) allowing * access Jul 22
17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca])
adding authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find
Jul 22 17:17:47 puppetmaster puppet-master[22132]:
(access[/certificate/ca]) allowing * access Jul 22 17:17:47
puppetmaster puppet-master[22132]: (access[/certificate/]) adding
authentication any Jul 22 17:17:47 puppetmaster
puppet-master[22132]: (access[/certificate/]) allowing 'method' find
Jul 22
