我正在尝试在 RHEL 5.2 下配置 Apache/Phusion Passenger。到目前为止,apache 的乘客模块和 mod_ssl 的安装是成功的,但是我在尝试测试 puppet 客户端代理时遇到了问题。
这就是我位于/etc/httpd/conf.d上的乘客.conf 的样子
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18
PassengerRuby /usr/bin/ruby
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect On
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/xxxxx.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/xxxxx.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
# The `ExportCertData` option is needed for agent certificate expiration warnings
SSLOptions +StdEnvVars +ExportCertData
# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
我的人偶配置/etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
在 httpd 服务器日志上,我可以看到以下警告
[Mon Dec 03 13:53:08 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Dec 03 13:53:08 2012] [warn] RSA server certificate CommonName (CN) `xxxxx' does NOT match server name!?
[Mon Dec 03 13:53:08 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Dec 03 13:53:08 2012] [notice] Digest: done
[Mon Dec 03 13:53:08 2012] [warn] RSA server certificate CommonName (CN) `xxxxx' does NOT match server name!?
[Mon Dec 03 13:53:08 2012] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
运行puppet agent --test时,我还从客户端日志中获得了 html 输出
The application has exited during startup (i.e. during the evaluation of config/environment.rb). The error message may have been written to the web server's log file. Please check the web server's log file (i.e. not the (Rails) application's log file) to find out why the application exited.
If that doesn't help, then please use the backtrace below to debug the problem.
Application root:
/etc/puppet/rack
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb 514 in `exit'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb 514 in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb 344 in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb 76 in `execute'
config.ru 33
/usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in `instance_eval'
/usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in `initialize'
config.ru 1 in `new'
config.ru 1
配置.ru
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $LOAD_PATH.unshift('/opt/puppet/lib')
$0 = "master"
# if you want debugging:
# ARGV << "--debug"
ARGV << "--rack"
# Rack applications typically don't start as root. Set --confdir to prevent
# reading configuration from ~/.puppet/puppet.conf
ARGV << "--confdir" << "/etc/puppet"
# NOTE: it's unfortunate that we have to use the "CommandLine" class
# here to launch the app, but it contains some initialization logic
# (such as triggering the parsing of the config file) that is very
# important. We should do something less nasty here when we've
# gotten our API and settings initialization logic cleaned up.
#
# Also note that the "$0 = master" line up near the top here is
# the magic that allows the CommandLine class to know that it's
# supposed to be running master.
#
# --cprice 2012-05-22
require 'puppet/util/command_line'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Util::CommandLine.new.execute
这是使用 Webrick 默认网络服务器工作的,它连接到 puppet 客户端没有任何问题。
还有其他线索可以帮助我解决此问题吗?