Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
I believe the --debug in config.ru sends output to syslog so either look in /var/log/messages (or similar) or specify a log destination filename like: ARGV --logdest /var/log/puppet/puppet-master.log - Keith On 23 Jul 2013 09:15, Christian Flamm christian.le.fl...@gmail.com wrote: Hi, I'm currently trying to debug a performance issue I'm having. Therefore I would need DEBUG output. When using one puppetmaster process, this is fairly easy by starting it like this: puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking around a bit in the vhost config file cat /etc/httpd/conf.d/puppetmaster.conf LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10 PassengerDefaultRuby /usr/bin/ruby # TODO evaluate benefit of ThrottleRate PassengerStatThrottleRate 120 PassengerHighPerformance On PassengerMaxPoolSize 12 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 VirtualHost *:8140 SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster .pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ puppetmaster.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ Directory /usr/share/puppet/rack/puppetmasterd/ Options None AllowOverride None Order Allow,Deny Allow from All /Directory /VirtualHost I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which contains this: [snippet] # if you want debugging: # ARGV --debug ... so I enabled it. But this actually only gives me extra lines I believe belong to INFO log level: Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/file]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) allowing 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: Inserting default '~ ^/report/([^/]+)$' (auth true)
Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
Did what you posted. Strange thing happened: nothing appears in the specified logdest. Instead: the (wanted) debug output it now sent to apache's error log! I have no idea what's going on - but at least I have the output I was looking for :-/ Thanks, Christian Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis: I believe the --debug in config.ru sends output to syslog so either look in /var/log/messages (or similar) or specify a log destination filename like: ARGV --logdest /var/log/puppet/puppet-master.log - Keith On 23 Jul 2013 09:15, Christian Flamm christian...@gmail.comjavascript: wrote: Hi, I'm currently trying to debug a performance issue I'm having. Therefore I would need DEBUG output. When using one puppetmaster process, this is fairly easy by starting it like this: puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking around a bit in the vhost config file cat /etc/httpd/conf.d/puppetmaster.conf LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10 PassengerDefaultRuby /usr/bin/ruby # TODO evaluate benefit of ThrottleRate PassengerStatThrottleRate 120 PassengerHighPerformance On PassengerMaxPoolSize 12 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 VirtualHost *:8140 SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster .pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ puppetmaster.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ Directory /usr/share/puppet/rack/puppetmasterd/ Options None AllowOverride None Order Allow,Deny Allow from All /Directory /VirtualHost I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which contains this: [snippet] # if you want debugging: # ARGV --debug ... so I enabled it. But this actually only gives me extra lines I believe belong to INFO log level: Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/file]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_request]) allowing 'method'
Re: [Puppet Users] Debugging Puppetmaster with Apache/Rack/Passenger
Debug output is sent to Apache error log, because of missing permissions to write to the defined logdest. So - bottom line - thanks for your reply, --logdest is necessary. Without it debug output is (per default) not sent to /var/log/messages. Am Mittwoch, 24. Juli 2013 09:59:40 UTC+2 schrieb Christian Flamm: Did what you posted. Strange thing happened: nothing appears in the specified logdest. Instead: the (wanted) debug output it now sent to apache's error log! I have no idea what's going on - but at least I have the output I was looking for :-/ Thanks, Christian Am Mittwoch, 24. Juli 2013 09:42:14 UTC+2 schrieb Keith Burdis: I believe the --debug in config.ru sends output to syslog so either look in /var/log/messages (or similar) or specify a log destination filename like: ARGV --logdest /var/log/puppet/puppet-master.log - Keith On 23 Jul 2013 09:15, Christian Flamm christian...@gmail.com wrote: Hi, I'm currently trying to debug a performance issue I'm having. Therefore I would need DEBUG output. When using one puppetmaster process, this is fairly easy by starting it like this: puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking around a bit in the vhost config file cat /etc/httpd/conf.d/puppetmaster.conf LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.10 PassengerDefaultRuby /usr/bin/ruby # TODO evaluate benefit of ThrottleRate PassengerStatThrottleRate 120 PassengerHighPerformance On PassengerMaxPoolSize 12 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 VirtualHost *:8140 SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster .pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ puppetmaster.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ Directory /usr/share/puppet/rack/puppetmasterd/ Options None AllowOverride None Order Allow,Deny Allow from All /Directory /VirtualHost I had a look at /usr/share/puppet/rack/puppetmasterd/config.ru which contains this: [snippet] # if you want debugging: # ARGV --debug ... so I enabled it. But this actually only gives me extra lines I believe belong to INFO log level: Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/catalog/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[^/node/([^/]+)$]) allowing $1 access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate_revocation_list/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing 'method' save Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/report]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/file]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing 'method' find Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/ca]) allowing * access Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) adding authentication any Jul 22 17:17:47 puppetmaster puppet-master[22132]: (access[/certificate/]) allowing 'method' find Jul 22