puppetrun :: "HTTP-Error: 500 Internal Server Error" (w/ Passenger)

[CraftyTech]

I'm running puppetmaster with passenger and it's breaking my puppetrun capabilities.  If run puppetrun running from webbrick it runs, if I run it with apache/passenger, it gives me an error.  

bash-3.2# /usr/sbin/puppetrun --host client.dev.domain.com

Triggering client.dev.domain.com

warning: peer certificate won't be verified in this SSL session

Host client.dev.domain.com failed: HTTP-Error: 500 Internal Server Error

client.dev.domain.com finished with exit code 2

Failed: client.dev.domain.com

puppetmaster manifests $ nc -v client 8139

Connection to client 8139 port [tcp/*] succeeded!

puppetmaster manifests $

(client / Server ) namespaceauth.conf: 

[fileserver]

    allow *

[puppetmaster]

    allow *

[puppetrunner]

    allow *

puppetmaster manifests $ sudo /usr/sbin/puppetrun  --trace --debug --host=client.dev.domain.com

Triggering client.dev.domain.com

warning: peer certificate won't be verified in this SSL session

/usr/lib/ruby/1.8/xmlrpc/client.rb:546:in `do_rpc'

/usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'

/usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'

/usr/lib/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:146:in `make_rpc_call'

/usr/lib/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:39:in `run'

/usr/lib/ruby/site_ruby/1.8/puppet/network/client/proxy.rb:15:in `send'

/usr/lib/ruby/site_ruby/1.8/puppet/network/client/proxy.rb:15:in `run'

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetrun.rb:122:in `run_for_host'

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetrun.rb:70:in `main'

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetrun.rb:69:in `fork'

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetrun.rb:69:in `main'

/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'

/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'

/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'

/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'

/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'

/usr/sbin/puppetrun:129

Host client.dev.domain.com failed: HTTP-Error: 500 Internal Server Error

client.dev.domain.com finished with exit code 2

Failed: client.dev.domain.com

Has anyone seen this before?

Thanks,

[CraftyTech]

BTW: I'm using puppet 0.25.5

[Iain Sutton]

We use passenger and puppet 0.25.5 too.

Since I've never figured out the right contents for namespaceauth.conf on the puppetmaster to avoid these 500 errors when performing puppetruns, we perform the following steps:

1. delete the namespaceauth.conf file on the puppetmaster

2. ensure that the the [puppetrunner] section in namespaceauth.conf on the client nodes contains the FQDN of the puppetmaster and not the puppet.our.domain CNAME. (I appreciate that this may well be due to the names we used for the puppet certs etc)

With this setup, puppetd works on every node except the puppetmaster - not ideal, but not disastrous either - but we can successfully trigger puppetruns for any (other) node from the puppetmaster.

On 12 February 2011 06:48, CraftyTech <hmme...@gmail.com> wrote:

BTW: I'm using puppet 0.25.5

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Jeff McCune]

On Fri, Feb 11, 2011 at 11:38 AM, CraftyTech <hmme...@gmail.com> wrote:
> I'm running puppetmaster with passenger and it's breaking my puppetrun
> capabilities.  If run puppetrun running from webbrick it runs, if I run it
> with apache/passenger, it gives me an error.

It sounds like puppetrun isn't using the same certificate name as your
passenger puppet master. The "warning: peer certificate won't be
verified in this SSL session" message leads me to believe this.

You may want to run /usr/sbin/puppetrun --configprint confdir and make
sure it matches the same configuration directory Passenger is using.

Depending on the version of Puppet, there was an issue where Passenger
started the process as UID puppet, which used ~puppet/.puppet as the
$confdir and when running pupprun as root, /etc/puppet may be the
directory being used.

Hope this helps,
--
Jeff McCune
http://www.puppetlabs.com/

[CraftyTech]

Thanks for the replies...  When I run puppetrun with either --configprint confdir or --genconfig, I only get "Finished" as the output, nothing else.  It doesn't show me any configuration parameters...

[CraftyTech]

How do I make sure "puppetrun" is using the same configuration directory Passenger is using?  when I run "/usr/sbin/puppetrun --configprint confdir" all I get is "finished" as the end result... and nothing else... has anyone experience this before?  I'm running:

CentOS 5.4

httpd-2.2.3-31.el5.centos.4

passenger (2.2.11)

Puppet 0.25.5

Thanks in advance...

[CraftyTech]

Shameless bump... :-)

[Nigel Kersten]

On Tue, Feb 15, 2011 at 7:47 AM, CraftyTech <hmme...@gmail.com> wrote:
> How do I make sure "puppetrun" is using the same configuration directory
> Passenger is using?  when I run "/usr/sbin/puppetrun --configprint confdir"
> all I get is "finished" as the end result... and nothing else... has anyone
> experience this before?  I'm running:

That's a bug. Can you report it and update the thread please ?

[CraftyTech]

Actually it's working now. Sorry to report it's bitter-sweet solution, as I don't seem to be able to identify the exact root of the problem.  I had a template that was updating the namespace.conf file, and it wasn't including the server where I was running puppetrun from.  I know sounds a bit vague, but I'd have re-trace my steps tomorrow to see if I can pin-point the issue more specifically.  I'll keep you guys posted.

Henry