Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP
Basic Authentication. I followed this document's "Security"
section:
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html
Basically, in Dashboard’s vhost configuration, I added those lines:
<Location "/">
Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP
Satisfy any
AuthName "Puppet Dashboard"
AuthType Basic
AuthUserFile /etc/httpd/webaccess
Require valid-user
</Location>
Then I also created a user/password combination:
htpasswd -c /etc/httpd/webaccess myusername
Restart httpd service and Web access to the interface works fine. It
prompts me for username/password.
However, when I ran "puppet agent --test", it failed. Puppet cannot
get
nodes from the dashboard.
Questions:
1. I googled and found this issue:
https://projects.puppetlabs.com/issues/4890. It points to another two
issues. Should I follow those two issues to fix my problem?
issue #7173 -- Puppet cannot submit reports to dashboard. Modify
puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords
out of the reporturl configuration option.
issue #5126 -- Puppet cannot get nodes from the dashboard. Modify the
external node script to properly parse usernames and passwords out of its
URL
2. In the document, it has a notice
Notice that you need to leave an access exception for your puppet
master. Although it’s possible to configure Puppet to use a password when
connecting to Dashboard (by adding a username and password to Puppet’s
reporturl and the URL used by the external_nodes script), this currently
requires patching Puppet’s http report handler; see issue 7173 for more
details.
I am a little confused here. "you need to leave an access exception for
your puppet master", does this refer to those two lines in the vhost
config:
Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP
If yes, does that mean if I have those two lines to leave an access
exception for puppet master, I don't need to apply those two patches? But
now with those two lines, I still can't get puppet agent to get node from
dashboard. Maybe I should go ahead and apply those two patches?
Thanks a lot!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2cde8ded-302c-45b9-9aa2-4b9b118bfc63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.