...and the answer is...
http://groups.google.com/group/puppet-dev/msg/b15e1c93bbc70fdb This reverts commit c702f76b271515e9c42dcb923d379fbfac4c83cd and turns it into a documentation only fix. As it turns out, ENV should have never been used at all, as the Rack docs say nothing about it *and* Passenger's behaviour in 2.2.3 + 2.2.4 was completely broken and still is half-way broken in 2.2.5 (but is OK with the Rack specs). --- ext/rack/README | 4 ++-- lib/puppet/network/http/rack/httphandler.rb | 18 ------------------ lib/puppet/network/http/rack/rest.rb | 8 ++++---- lib/puppet/network/http/rack/xmlrpc.rb | 8 ++++---- 4 files changed, 10 insertions(+), 28 deletions(-) diff --git a/ext/rack/README b/ext/rack/README index 3bdcca5..d05d402 100644 --- a/ext/rack/README +++ b/ext/rack/README @@ -43,7 +43,7 @@ Make sure puppetmasterd ran at least once, so the CA & SSL certificates got set up. Requirements: - Passenger version 2.2.2 or newer*** + Passenger version 2.2.2 or 2.2.5 or newer*** Rack version 1.0.0 Apache 2.x SSL Module loaded @@ -68,6 +68,6 @@ config.ru. Therefore, config.ru shall be owned by the puppet user. *** Important note about Passenger versions: 2.2.2 is known to work. 2.2.3-2.2.4 are known to *NOT* work. - 2.2.5 (when it is released) is expected to work properly again. + 2.2.5 works again when used with Puppet 0.25.2+. Passenger installation doc: http://www.modrails.com/install.html diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/ network/http/rack/httphandler.rb index 31aa837..e142068 100644 --- a/lib/puppet/network/http/rack/httphandler.rb +++ b/lib/puppet/network/http/rack/httphandler.rb @@ -12,23 +12,5 @@ class Puppet::Network::HTTP::RackHttpHandler raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)" end - def ssl_client_header(request) - env_or_request_env(Puppet[:ssl_client_header], request) - end - - def ssl_client_verify_header(request) - env_or_request_env(Puppet[:ssl_client_verify_header], request) - end - - # Older Passenger versions passed all Environment vars in app(env), - # but since 2.2.3 they (some?) are really in ENV. - # Mongrel, etc. may also still use request.env. - def env_or_request_env(var, request) - if ENV.include?(var) - ENV[var] - else - request.env[var] - end - end end diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/ http/rack/rest.rb index bdca651..1047512 100644 --- a/lib/puppet/network/http/rack/rest.rb +++ b/lib/puppet/network/http/rack/rest.rb @@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler result[:ip] = request.ip # if we find SSL info in the headers, use them to get a hostname. - # try this with :ssl_client_header. - # For Apache you need special configuration, see ext/rack/ README. - if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + # try this with :ssl_client_header, which defaults should work for + # Apache with StdEnvVars. + if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) result[:node] = dn_matchdata[1].to_str - result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS') + result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS') else result[:node] = resolve_node(result) result[:authenticated] = false diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/ network/http/rack/xmlrpc.rb index 9d0f486..4fc9e82 100644 --- a/lib/puppet/network/http/rack/xmlrpc.rb +++ b/lib/puppet/network/http/rack/xmlrpc.rb @@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler ip = request.ip # if we find SSL info in the headers, use them to get a hostname. - # try this with :ssl_client_header. - # For Apache you need special configuration, see ext/rack/ README. - if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + # try this with :ssl_client_header, which defaults should work for + # Apache with StdEnvVars. + if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) node = dn_matchdata[1].to_str - authenticated = (ssl_client_verify_header(request) == 'SUCCESS') + authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS') else begin node = Resolv.getname(ip) -- 1.5.6.5 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
