puppet module repository w/ self signed ssl?
71 views
Skip to first unread message
Sean
Jun 5, 2018, 11:52:59 AM6/5/18
to Puppet Users
Hello,
I'm wanting to use the module_repository setting in puppet.conf on my puppet5 master. The local repo mirror we've setup requires SSL, but has a self-signed cert. Is there a way to make puppet trust that cert?
Mostly, I want to be able to use puppet module search as a convenience since the environment is not internet connected. We use control repos and r10k to deploy from the same repo and it works well.
Thanks.
Josh Cooper
Jun 5, 2018, 12:05:23 PM6/5/18
to puppet...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0e37e66d-469e-4a61-a6da-46e546ec62d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You should be able to follow the workaround in https://tickets.puppetlabs.com/browse/PUP-8889, but longer term we want to make it easier to support third-party CA certs for things like file sources, etc.
Thomas Müller
Jun 6, 2018, 7:31:19 AM6/6/18
to Puppet Users
Am Dienstag, 5. Juni 2018 18:05:23 UTC+2 schrieb Josh Cooper:
On Tue, Jun 5, 2018 at 8:52 AM, Sean <smal...@gmail.com> wrote:
Hello,I'm wanting to use the module_repository setting in puppet.conf on my puppet5 master. The local repo mirror we've setup requires SSL, but has a self-signed cert. Is there a way to make puppet trust that cert?Mostly, I want to be able to use puppet module search as a convenience since the environment is not internet connected. We use control repos and r10k to deploy from the same repo and it works well.Thanks.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0e37e66d-469e-4a61-a6da-46e546ec62d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You should be able to follow the workaround in https://tickets.puppetlabs.com/browse/PUP-8889, but longer term we want to make it easier to support third-party CA certs for things like file sources, etc.
reading the Ticket, you'll need to:
1) copy your trusted cert to /opt/puppetlabs/puppet/ssl/certs/
2) run c_rehash /opt/puppetlabs/puppet/ssl/certs/ to create symlinks compatible with OpenSSL
- Thomas
Reply all
Reply to author
Forward
0 new messages