puppetmaster thinks second host is host from a previous run
|Affected Puppet version:||0.25.1||Branch:|
puppet-server-0.25.1-0.2.rc2.el5 puppet-0.25.1-0.2.rc2.el5 fastthread (1.0.7) passenger (2.2.9) rack (1.1.0) rake (0.8.7)
My first host runs fine under passenger:
On the puppetmaster:
# /etc/init.d/httpd restart
On the first client:
# /usr/sbin/puppetd --test --report --ignorecache --noop info: Caching catalog for 01.first.client.foo info: Applying configuration version '1297117508' notice: Finished catalog run in 9.10 seconds
My second client, however, fails:
# /usr/sbin/puppetd --test --report --ignorecache err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 01.first.client.foo(ip.addresss.is.here) access to /catalog/01.second.client.foo [find] authenticated at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run
Note that the puppetmaster seems to think that it is still responding to the first client (01.first.client.foo), even though the IP address it reports matches the second client (01.second.client.foo)!
If I restart apache in between runs, the first client that runs, runs fine.
If I use webrick, everything is fine, too, with no restarts in between necessary.
If I put an auth.conf in place to allow permissions to the catalog, then when I run puppet, puppet runs, but it thinks the second client is the first client, and runs the rules for the first client! Yikes, that’s not good.
What is odd is that my old puppetmaster is working fine with no problems, which makes me think I’ve either got a slight difference in configuration or there’s some sort of weird certificate error. But it seems a misconfiguration or a cert problem should not make puppetmaster serve incorrect manifests up to a client.
I’m not sure how to throw passenger into debug mode so that I can provide more information, if the above doesn’t trigger an a-ha moment in someone.