The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #2386

passenger >= 2.2.3 not working with 0.25.0b2

Added by John Barbuto almost 5 years ago. Updated almost 4 years ago.

Status:ClosedStart date:07/02/2009
Priority:HighDue date:
Assignee:James Turnbull% Done:

0%

Category:server
Target version:0.25.2
Affected Puppet version:0.25.1 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

I was trying to get Passenger 2.2.4 working using the instructions on http://github.com/reductivelabs/puppet/blob/master/ext/rack/README, but I kept having authentication errors (I had a correct auth.conf):

Denying access: Forbidden request: XXX.XXX.com(YYY.YYY.YYY.YYY) access to /catalog/XXX.XXX.com [find] at line 93

Downgrading to 2.2.2 fixed the problem. Did some digging around and found that the ??[Apache] Ability to pass environment variables via mod_env directives?? change in 2.2.3 is responsible:

http://blog.phusion.nl/2009/06/17/phusion-passenger-223-released-bug-fix-edition/

This was causing @request.env[Puppet[:ssl_client_header]]@ in the following places to be blank:

http://github.com/reductivelabs/puppet/blob/master/lib/puppet/network/http/rack/rest.rb#L63 http://github.com/reductivelabs/puppet/blob/master/lib/puppet/network/http/rack/xmlrpc.rb#L48

I tried changing @request.env@ to @ENV@, which didn’t quite work, as it always appeared to have the server’s DN, not the client’s.

Hopefully this gives you a good head start on finding a fix. :)


Related issues

Related to Puppet - Bug #2828: Passenger problem connecting new puppet client to new pup... Closed 11/17/2009
Duplicated by Puppet - Bug #6245: puppetmaster thinks second host is host from a previous run Duplicate 02/07/2011

History

#1 Updated by Luke Kanies almost 5 years ago

  • Category set to server
  • Status changed from Unreviewed to Accepted
  • Target version set to 0.25.0

#2 Updated by John Barbuto almost 5 years ago

More testing determined that ENV[Puppet[:ssl_client_header]] was retaining the DN for the first client to contact it (which in my testing was the server itself, hence my always seeing the server’s DN). HUPping Apache between different clients or setting PassengerMaxRequests to 1 fixed the problem, so it appears that ENV isn’t being reset between requests.

#3 Updated by Luke Kanies almost 5 years ago

John A. Barbuto wrote:

More testing determined that ENV[Puppet[:ssl_client_header]] was retaining the DN for the first client to contact it (which in my testing was the server itself, hence my always seeing the server’s DN). HUPping Apache between different clients or setting PassengerMaxRequests to 1 fixed the problem, so it appears that ENV isn’t being reset between requests.

That seems like a Passenger problem, doesn’t it?

#4 Updated by Luke Kanies almost 5 years ago

  • Status changed from Accepted to Needs More Information

#5 Updated by John Barbuto almost 5 years ago

It is, it should be fixed in the next release: http://code.google.com/p/phusion-passenger/issues/detail?id=335

#6 Updated by Christian Hofstaedtler almost 5 years ago

Still the Passenger changelog looks like they will/have changed the way envvars from Apache (modules) will be passed to the Ruby application, so we’ll need to adapt (and probably support the old and new way).

#7 Updated by Luke Kanies over 4 years ago

So is there an action here? It sounds like this is a change in Passenger, but we can’t respond to it quite yet, right?

If so, this should either be closed, or bumped until the actually-changed release comes out.

#8 Updated by Christian Hofstaedtler over 4 years ago

  • Status changed from Needs More Information to Tests Insufficient
  • Assignee set to Christian Hofstaedtler
  • 3 changed from Unknown to Medium

I’ve started working on a patch, which would fix this with passenger 2.2.5+ (maybe also for 2.2.4) but I was having trouble with the tests.

At the very least we should update the docs to say that 2.2.3 is broken, and that 2.2.4+ is currently unsupported.

#9 Updated by James Turnbull over 4 years ago

  • Status changed from Tests Insufficient to Needs More Information

Christian – I am going to do RC1 RSN – any ETA on a patch?

#10 Updated by James Turnbull over 4 years ago

  • Status changed from Needs More Information to Needs Decision

#11 Updated by James Turnbull over 4 years ago

  • Status changed from Needs Decision to Re-opened

Pushed in commit:c702f76b271515e9c42dcb923d379fbfac4c83cd in branch master.

#12 Updated by James Turnbull over 4 years ago

  • Status changed from Re-opened to Closed

#13 Updated by Christian Hofstaedtler over 4 years ago

Note: Passenger 2.2.5 has been released, now supporting both the old and the new way of passing ENV vars. We’ll see what that means.

#14 Updated by Avi Miller over 4 years ago

Christian Hofstaedtler wrote:

Note: Passenger 2.2.5 has been released, now supporting both the old and the new way of passing ENV vars. We’ll see what that means.

2.2.5 seems work fine on RHEL/OEL5. Just FYI.

#15 Updated by Christian Hofstaedtler over 4 years ago

  • Status changed from Closed to Re-opened
  • Priority changed from Normal to High

The fix did more bad than good combined with Passenger 2.2.5, which appears to still do weird stuff with ENV, but supporting request.env properly.

#16 Updated by James Turnbull over 4 years ago

  • Target version changed from 0.25.0 to 0.25.2
  • Affected Puppet version changed from 0.25.0beta2 to 0.25.1

#17 Updated by Christian Hofstaedtler over 4 years ago

Patch: http://groups.google.com/group/puppet-dev/browse_thread/thread/68fa1ca6cc5147e4

Paul Lathrop confirms that the patch fixes his problem. NigelK reports that it works fine without the patch. On my test setup it only works with the patch.

Please, everyone who can test this patch with Passenger 2.2.5.

#18 Updated by John Barbuto over 4 years ago

Just upgraded to 2.2.5 with the patch and it’s working for me as well.

#19 Updated by Tobias Kirschstein over 4 years ago

the patch (or reverting the commit) didn’t work for me under nginx (0.8.22), passenger (2.2.5) and puppet 0.25.1 (debian unstable pkg). i still get errors like:

err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: Error 403 on SERVER: Forbidden request: some.puppet.client.host.name(X.X.X.X) access to /certificate_revocation_list/ca [find] at line 93

i updated from 0.24.8 and replaced webrick with passanger and nginx.

#20 Updated by Christian Hofstaedtler over 4 years ago

I think we don’t even have any docs or known working installations of Nginx+Passenger … Has this ever worked? What are the required settings?

#21 Updated by Christian Hofstaedtler over 4 years ago

  • Status changed from Re-opened to Ready For Checkin
  • Assignee changed from Christian Hofstaedtler to James Turnbull

Branch with the patch, against 0.25.x: http://github.com/zeha/puppet/tree/tickets/2386

#22 Updated by James Turnbull over 4 years ago

  • Status changed from Ready For Checkin to Closed

Pushed in commit:5ed2e2619fc366a9ea1e1b9866da055ba0cd57aa in branch 0.25.x

Also available in: Atom PDF