Jira (BOLT-924) Support kerberos puppetdb endpoint

[Steve Traylen (JIRA)]

Steve Traylen created an issue

Puppet Task Runner / BOLT-924 Support kerberos puppetdb endpoint Issue Type: New Feature Affects Versions: BOLT 0.21.8 Assignee: Unassigned Components: CLI Created: 2018/10/12 5:09 AM Priority: Normal Reporter: Steve Traylen We expose our puppetdb via a kerberos endpoint. Looks like: https://github.com/zenchild/gssapi/wiki may offer a solution. Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Steve Traylen (JIRA)]

Steve Traylen commented on BOLT-924

Re: Support kerberos puppetdb endpoint We got something working but only by switching to httpi https://its.cern.ch/jira/browse/AI-5303

Add Comment

[Michael Smith (JIRA)]

Michael Smith updated an issue

Puppet Task Runner / BOLT-924 Support kerberos puppetdb endpoint

Change By: Michael Smith Component/s: Kerberos

Add Comment

[Steve Traylen (JIRA)]

Steve Traylen commented on BOLT-924

Re: Support kerberos puppetdb endpoint

Got a bit further with this , now with a configuration. puppetdb: krb: true server_urls: ["https://constable.example.ch:9081"] then bolt command run uptime -q 'facts[certname] { name = "hostgroup" and value = "aiadm/nodes/login" }' works as expected and queries puppetdb with a kerberos token. This is still using rubygem-curb, httpi and socksify as extra gem dependencies. There is probably a lighter way to do it. https://github.com/cernops/bolt/commit/addeb4fd2decddd3e59b3ee09bf1e74de4bfd291 and deps. https://github.com/cernops/puppet-runtime/commit/71ff7c0c94202436c8fab350bde8c2d01c3a8b7f https://github.com/cernops/puppet-runtime/commit/28fc46338b9f6bb5fca5a9359b3cc73d83028da3 I'll deploy this tommorow for for some user feedback.

Add Comment