Puppet

More testing determined that ENV[Puppet[:ssl_client_header]] was retaining the DN for the first client to contact it (which in my testing was the server itself, hence my always seeing the server’s DN). HUPping Apache between different clients or setting PassengerMaxRequests to 1 fixed the problem, so it appears that ENV isn’t being reset between requests.

John A. Barbuto wrote:

More testing determined that ENV[Puppet[:ssl_client_header]] was retaining the DN for the first client to contact it (which in my testing was the server itself, hence my always seeing the server’s DN). HUPping Apache between different clients or setting PassengerMaxRequests to 1 fixed the problem, so it appears that ENV isn’t being reset between requests.

That seems like a Passenger problem, doesn’t it?

It is, it should be fixed in the next release: http://code.google.com/p/phusion-passenger/issues/detail?id=335

Still the Passenger changelog looks like they will/have changed the way envvars from Apache (modules) will be passed to the Ruby application, so we’ll need to adapt (and probably support the old and new way).

So is there an action here? It sounds like this is a change in Passenger, but we can’t respond to it quite yet, right?

If so, this should either be closed, or bumped until the actually-changed release comes out.

Note: Passenger 2.2.5 has been released, now supporting both the old and the new way of passing ENV vars. We’ll see what that means.

Christian Hofstaedtler wrote:

Note: Passenger 2.2.5 has been released, now supporting both the old and the new way of passing ENV vars. We’ll see what that means.

2.2.5 seems work fine on RHEL/OEL5. Just FYI.

Patch: http://groups.google.com/group/puppet-dev/browse_thread/thread/68fa1ca6cc5147e4

Paul Lathrop confirms that the patch fixes his problem. NigelK reports that it works fine without the patch. On my test setup it only works with the patch.

Please, everyone who can test this patch with Passenger 2.2.5.

Just upgraded to 2.2.5 with the patch and it’s working for me as well.

the patch (or reverting the commit) didn’t work for me under nginx (0.8.22), passenger (2.2.5) and puppet 0.25.1 (debian unstable pkg). i still get errors like:

err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: Error 403 on SERVER: Forbidden request: some.puppet.client.host.name(X.X.X.X) access to /certificate_revocation_list/ca [find] at line 93

i updated from 0.24.8 and replaced webrick with passanger and nginx.

I think we don’t even have any docs or known working installations of Nginx+Passenger … Has this ever worked? What are the required settings?