Puppet

puppet-server-0.25.1-0.2.rc2.el5 puppet-0.25.1-0.2.rc2.el5 fastthread (1.0.7) passenger (2.2.9) rack (1.1.0) rake (0.8.7)

My first host runs fine under passenger:

On the puppetmaster:

# /etc/init.d/httpd restart

On the first client:

# /usr/sbin/puppetd --test --report --ignorecache --noop
info: Caching catalog for 01.first.client.foo          
info: Applying configuration version '1297117508'
notice: Finished catalog run in 9.10 seconds

My second client, however, fails:

# /usr/sbin/puppetd --test --report --ignorecache
err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 01.first.client.foo(ip.addresss.is.here) access to /catalog/01.second.client.foo [find] authenticated  at line 0
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Note that the puppetmaster seems to think that it is still responding to the first client (01.first.client.foo), even though the IP address it reports matches the second client (01.second.client.foo)!

If I restart apache in between runs, the first client that runs, runs fine.

If I use webrick, everything is fine, too, with no restarts in between necessary.

If I put an auth.conf in place to allow permissions to the catalog, then when I run puppet, puppet runs, but it thinks the second client is the first client, and runs the rules for the first client! Yikes, that’s not good.

What is odd is that my old puppetmaster is working fine with no problems, which makes me think I’ve either got a slight difference in configuration or there’s some sort of weird certificate error. But it seems a misconfiguration or a cert problem should not make puppetmaster serve incorrect manifests up to a client.

I’m not sure how to throw passenger into debug mode so that I can provide more information, if the above doesn’t trigger an a-ha moment in someone.

Thanks, Pete