Puppet Dashboard behind HTTPS
31 views
Skip to first unread message
henrique...@notonthehighstreet.com
Feb 28, 2014, 12:05:08 PM2/28/14
to puppet...@googlegroups.com
Hi,
Can Puppet Master send the reports to Puppet Dashboard via HTTPS?
My Puppet Dashboard is protected with a certificate signed by another CA and this seems to break the sending of reports because Puppet doesn't have the necessary certificate to connect securely and I can't seem to make it work.
Thank you,
Henrique Rodrigues
Can Puppet Master send the reports to Puppet Dashboard via HTTPS?
My Puppet Dashboard is protected with a certificate signed by another CA and this seems to break the sending of reports because Puppet doesn't have the necessary certificate to connect securely and I can't seem to make it work.
Thank you,
Henrique Rodrigues
Andreas Zuber
Jun 20, 2014, 8:14:05 AM6/20/14
to puppet...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello
I just came across the same problem and did some reading of the code of
the http report plugin and the classes it uses to understand what the
problem is. It seams that (at least in the puppet version I use here) it
uses the same classes to get a HTTP connection puppet usually uses to
talk to the master, configured with puppets own cert store.
I am not sure if I interpreted everything correctly, but I don't think
that using the puppet cert store for validation is a good idea in this
case. The Dashboard most likely uses another CA which is also installed
on the browser and in the systems CA store.
I copied and renamed the http plugin (I renamed it to https and deliver
it with pluginsync) and simply use the default cert locations, which
lets puppet successfully report over HTTPS now:
|git remote add origin
https://github.com/ZeroPointEnergy/puppet-https-reports.git|
I am not sure if there is an easier or cleaner way and I just did not
see it.
Sincerely
Andreas
> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/25e293bd-41b0-4eda-b65b-bb0d82caeff3%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
- --
Andreas Zuber
Linux System-Ingenieur
Puzzle ITC GmbH
www.puzzle.ch
Telefon +41 31 370 22 00
Direkt +41 31 370 22 49
Mobile +41 79 766 25 51
Fax +41 31 370 22 01
Werfen Sie einen Blick in unseren Blog:
<http://www.puzzle.ch/blog>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlOkJXIACgkQc2hfmdKpdfWmkQCfTpQyW+lvBDEuHTVufVDy6Rrj
eUoAnjDcWSYdPsERV/v2HL7TjFPW3Voq
=VW+u
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages