Unable to run puppet with apache + passenger

[ankush grover]

Hi Friends,

I am trying to run puppet with apache on Centos 6.2. 64-bit (with
selinux off) but it seems apache is refusing to read the pem file of
puppet. Below are the errors I am getting in the apache logs.
Puppetmaster is working fine without Apache. The same setup is working
fine with (Puppet + Apache) in another office . What could be the
problem that apache is not able to read the files.


Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
^C


puppet.conf

Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not recommended.
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile to include the CA cert
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
PassengerMaxRequests 10000
DocumentRoot /etc/puppet/rack/public


<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

[Jo Rhett]

Check ownership of config.ru.  Passenger runs based on the owner of that file.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

-- 

Jo Rhett

Net Consonance : net philanthropy to improve open source and internet projects.

[Sans]

I don't wanna hijack the thread but I'm also having almost the same issue. For me httpd/passenger starts just fine but puppetmaster doesn't start until I start it manually using puppetmasterd on the box. These are in the httpd_error log:

[Fri Jun 08 19:24:06 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jun 08 19:24:06 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Jun 08 19:24:06 2012] [notice] Digest: done
[Fri Jun 08 19:24:07 2012] [notice] Apache/2.2.15 (Unix) DAV/2 Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

Is it related? Cheers!!

[ankush grover]

Please check ownership of config.ru and also check whether there is
entry for puppet in /etc/hosts file.

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.

> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ.