Re: Could not request certificate: Error 405 on SERVER
3,774 views
Skip to first unread message
Jonathan
May 31, 2013, 5:05:20 PM5/31/13
to puppet...@googlegroups.com
I found a solution for this...use an older version of Passenger, specifically Passenger 3.0.21
To do this I uninstalled the Passenger gem:
gem uninstall passenger
Then installed the older version:
gem install passenger --version 3.0.21
Then rebuilt libraries:
passenger-install-apache2-module
On Thursday, May 30, 2013 2:19:47 PM UTC-7, Jonathan wrote:
To do this I uninstalled the Passenger gem:
gem uninstall passenger
Then installed the older version:
gem install passenger --version 3.0.21
Then rebuilt libraries:
passenger-install-apache2-module
On Thursday, May 30, 2013 2:19:47 PM UTC-7, Jonathan wrote:
Hi all,
I have experience using puppet, however I am new to setting puppet up as it was already done for me in past environments. I am running into an issue while trying to set puppet up for the first time on RHEL 6.4. I was hoping y'all might be able to help me!
I get the following error from the puppet client's /var/log/messages log:
May 30 07:06:30 pclient puppet-agent[1458]: Creating a new SSL certificate request for pclient
May 30 07:06:30 pclient puppet-agent[1458]: Certificate Request fingerprint (SHA256): 62:1A:83:7D:DA:8B:A5:4B:14:D8:85:CF:D2:87:72:FA:88:9C:F5:88:46:28:3D:59:10:99:30:D8:50:9D:7A:2E
May 30 07:06:30 pclient puppet-agent[1458]: Could not request certificate: Error 405 on SERVER: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
May 30 07:06:30 pclient puppet-agent[1458]: <html><head>
May 30 07:06:30 pclient puppet-agent[1458]: <title>405 Method Not Allowed</title>
May 30 07:06:30 pclient puppet-agent[1458]: </head><body>
May 30 07:06:30 pclient puppet-agent[1458]: <h1>Method Not Allowed</h1>
May 30 07:06:30 pclient puppet-agent[1458]: <p>The requested method PUT is not allowed for the URL /production/certificate_request/pclient.</p>
<...truncated...>
On the puppet master I get stuff like this in the apache logs:
[Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/node
[Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadatas
[Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadata
[Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/catalog
[Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate
[Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate_request/pclient
Here is some relevant apache config info:
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
Any ideas? I'm sure this is something VERY basic that I missed, but I keep reading through the setup guide and coming up with nothing to try.
Most appreciated!
Don Harden
Jun 13, 2013, 6:29:46 PM6/13/13
to puppet...@googlegroups.com
Hello,
I followed the instructions on puppetlabs to install puppet 3.2.1 and Passenger on RedHat 6.4 x86_64.
http://docs.puppetlabs.com/guides/installation.html
http://docs.puppetlabs.com/guides/passenger.html
I also installed puppet 3.2.1 on a RedHat 5.6 as the client.
I finally got puppet agent to successfully retrieve the catalog from the master and apply it when using WEBrick. But when using apache and Passenger 4.05 and got the same 405 error above. I saw your post and downgraded to Passenger 3.0.21 per your instructions, but I still have the same 405 error.
client > puppet agent --test --verbose --server vm1415701.bwi40g.vzbi.caas
Info: Creating a new SSL certificate request for vm1340701.bwi40g.vzbi.caas
Info: Certificate Request fingerprint (SHA256): 31:AE:B8:AC:F5:01:D3:C7:5B:83:7C:3A:9E:87:AC:5C:24:C7:E3:E0:89:63:0D:B4:0E:AD:E5:9B:95:F5:52:E5
Error: Could not request certificate: Error 405 on SERVER: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at vm1415701.bwi40g.vzbi.caas Port 8140</address>
</body></html>
Exiting; failed to retrieve certificate and waitforcert is disabled
The Apache logs have these entries:
error:
[Thu Jun 13 18:10:41 2013] [notice] Apache/2.2.15 (Unix) DAV/2 Phusion_Passenger/3.0.21 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Jun 13 18:10:59 2013] [error] [client 10.105.80.149] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate
[Thu Jun 13 18:10:59 2013] [error] [client 10.105.80.149] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate_request
access:
[13/Jun/2013:18:10:59 -0400] "GET /production/certificate/ca? HTTP/1.1" 404 318 "-" "-"
[13/Jun/2013:18:10:59 -0400] "GET /production/certificate_request/vm1340701.bwi40g.vzbi.caas? HTTP/1.1" 404 350 "-" "-"
[13/Jun/2013:18:10:59 -0400] "PUT /production/certificate_request/vm1340701.bwi40g.vzbi.caas HTTP/1.1" 405 373 "-" "-"
Any ideas on what to do next?
Thanks,
Don
Robin M
Aug 16, 2013, 9:12:43 AM8/16/13
to puppet...@googlegroups.com, har...@gmail.com
I have the same problem (PUT is not allowed for the URL /production/certificate_request/...) with puppet 3.2.4 on client and server and CentOS 6.4 on both.
This is a new install using Passenger 3.0.21.
Suggestions welcome!
Robin
Simon Y
Sep 19, 2013, 7:05:49 PM9/19/13
to puppet...@googlegroups.com
I just ran into this exact same problem. It turned out to be SELinux preventing Apache from loading the Phusion Passenger watchdog:
[Thu Sep 19 18:53:32 2013] [error] *** Passenger could not be initialized because of this error: Unable to start the Phusion Passenger watchdog (/usr/lib/ruby/gems/1.8/gems/passenger-3.0.21/agents/PassengerWatchdog): Permission denied (13)
I temporarily put SELinux into permissive mode like this:
Then restarted Apache. No more Passenger initialization error, and the puppet agent is now working fine.
I'm not yet sure exactly how to fix this "properly" (i.e. configuring SELinux to allow Apache to load the file), but I'll leave that as an exercise for the reader :-)
Hope it helps!
Simon.
[Thu Sep 19 18:53:32 2013] [error] *** Passenger could not be initialized because of this error: Unable to start the Phusion Passenger watchdog (/usr/lib/ruby/gems/1.8/gems/passenger-3.0.21/agents/PassengerWatchdog): Permission denied (13)
I temporarily put SELinux into permissive mode like this:
echo 0 >/selinux/enforce
Then restarted Apache. No more Passenger initialization error, and the puppet agent is now working fine.
I'm not yet sure exactly how to fix this "properly" (i.e. configuring SELinux to allow Apache to load the file), but I'll leave that as an exercise for the reader :-)
Hope it helps!
Simon.
catalin...@sqsltd.co.uk
Feb 13, 2014, 6:39:30 AM2/13/14
to puppet...@googlegroups.com
I was getting that error but I manage to solve it doing this:
ref: http://www.tomhayman.co.uk/linux/install-puppet-passenger-centos-6-part/
cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/
Give Puppet correct permission to access the Rack config:
chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
ref: http://www.tomhayman.co.uk/linux/install-puppet-passenger-centos-6-part/
Steve Kilduff
Jun 5, 2014, 5:35:20 AM6/5/14
to puppet...@googlegroups.com
I found this page when searching for a solution to errors like “403 Forbidden error” and error 405 “The requested method PUT is not allowed for the URL /production/”
I searched all the permissions, all the dir layouts, but nothing was fixing. Quickly put, my solution was to downgrade the latest passenger gem from 4.0.44 to 3.0.21. Maybe other versions work, but I was happy to see a working system and left it alone.
Passenger 4 release seems to coincide with puppet 3.5/3.6 releases, and for anyone doing an upgrade, maybe their passenger version stays the same, but for anyone doing a new install, maybe it pulls all the latest versions.
Centos 6.5, puppet-server 3.6.1, httpd-2.2, passenger 3.0.21
Hope this helps someone not loose 2 hours like I did.
steve...@gmail.com
Jun 6, 2014, 12:03:40 AM6/6/14
to puppet...@googlegroups.com
I was in the same boat. Permissions were correct, copied that config.ru file to the correct location and assigned puppet as the owner etc.
Simon's suggestion fixed it for me. Disabling selinux worked. And no, I'm not sure what folders should be configured to what security context.
Thanks Simon.
Patrick Robinson
Aug 12, 2014, 9:08:20 PM8/12/14
to puppet...@googlegroups.com
I had a similar error getting 405. I found I hadn't set the PassengerRoot directory correctly in the puppetmaster vhost config:
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.48
Jake Dupuy
Apr 9, 2015, 11:47:27 AM4/9/15
to puppet...@googlegroups.com
I had the same issue. /etc/selinux/config to SELINUX=permissive fixed my issue.
Reply all
Reply to author
Forward
0 new messages