Displaying 20 results from an estimated 53 matches for "ssl_client_s_dn".
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
...----------------------------------------------
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = loadbalancer01
listen = true
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
ca = false
-------------
Nginx.conf
---------------
user nginx;
worker_processes 10;
worker_rlimit_nofile 100000;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {...
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
...classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is ''$confdir/localconfig''.
localconfig = $vardir/localconfig
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
## /etc/http/conf.d/puppetmasterd.conf
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...erver, i''ve the following content:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
pluginsync = true
[master]
autosign = true
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
My apache vhost is configured like this:
<VirtualHost 192.168.1.60:8140>
SSLEngine on
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/c...
2010 Jun 09
12
Foreman -- Reporting
...see them
in /var/lib/puppet/reports. I just don''t seem to be able to display
them on Foreman. Here''s my puppet.conf:
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
reports= log, foreman
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
modulepath = $confdir/modules
#reports=log, foreman
storeconfigs = true
dbadapter = mysql
dbuser = app_puppet
dbpassword = password
dbserver = localhost
dbsocket = /sql/mysql/mysql.sock
rrddir=/var/lib/puppet/rrd...
2012 Jun 14
15
Problem with Load Balancing Puppet masters with Apache mod_proxy
...ChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
<Location />
SetHandler balancer-manager
Order allow,deny
Allow from all
</Location>
Prox...
2013 Oct 18
1
'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
...files, but maybe i m missing something.
Could you help me, thank.
*## Client config*
*- hosts*
.....
*192.168.0.112 doforte.geofusion doforte
192.168.0.107 gfn-puppetmaster*
.....
*-puppet.config*
*[agent]
certname = generic-gfn-puppetmaster.pem
certificate_revocation = false
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
server = gfn-puppetmaster
report = true
pluginsync = true
certname = doforte.geofusion*
*### Server config*
*-host*
...
*192.168.0.107 gfn-puppetmaster
192.168.0.112 doforte.geofusion doforte*
...
*-puppet.config*
*[main]
logdir=/var/log/puppet
vard...
2012 Jun 14
2
Forbidden request: puppetagent1.example.com(192.168.1.101) access to /certificate_revocation_list/ca [find] at line 99
Puppet version: 2.7.14
Puppet master behind apache with mod_proxy load balancer.
I am able to authenticate with the cert as per these headers:
Accept: s
X-SSL-Subject: /CN=puppetagent1.example.com
X-Client-DN: /CN=puppetagent1.example.com
X-Client-Verify: SUCCESS
Any idea what this error means ?
I share my ssl dir on the load balancer and the puppet master.
--
You received this message
2013 Aug 22
1
ssl ofloading on amazon ELB for puppetmasters
...puppetmaster_8141/public/
RackBaseURI /
<Directory /etc/puppet/rack/puppetmaster_8141/>
PassengerEnabled on
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
SetEnvIf X-SSL-Subject "(.*)" SSL_CLIENT_S_DN=$1
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
SetEnvIf X-Forwarded-For "(.*)" REMOTE_ADDR=$1
SetEnvIf X-Forwarded-Proto "https" HTTPS=1
SSLProxyEngine On
# Proxy all requests that start with things like /production/certificate to
the CA
ProxyPassMatch ^/([...
2013 Feb 13
2
SSL config in puppet.conf in v3.0x
Hi,
Does this still apply in puppet 3.0.2 in the puppet.conf file on the puppet
master?
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
If yes, is puppetmasterd correct or should it be something else, like
[main] or [master]?
Cheers,
Oli
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group...
2013 Oct 30
4
Warning: Local environment: "42A" doesn't match server specified node environment "production", switching agent to "production"
...puppet/environments/modules/production
manifest = /etc/puppet/environments/manifests/production/site.pp
[42A]
modulepath = /etc/puppet/environments/modules/install/42A
manifest = /etc/puppet/environments/manifests/install/site.pp
[agent]
server = puppet
report = true
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs = true
storeconfigs_backend = puppetdb
reports=log,puppetdb,foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec*
-----------------------------------------------------------
If i comment the last two lines (external_nodes...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
All...
2012 Dec 17
1
multiple puppet masters
...l
SSLVerifyDepth 1
# The `ExportCertData` option is needed for agent certificate expiration warnings
SSLOptions +StdEnvVars +ExportCertData
# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,de...
2010 Jun 08
4
Nginx/Mongrel Could not retrieve catalog from remote server: Error 403 on SERVER
It works well when I use webrick. The config of nginx is from puppet
wiki, some logs is below, what''s wrong?
puppet version:0.25.4
client:
...
...
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/state/state.yaml]: Changing mode
debug: /File[/var/lib/puppet/state/state.yaml]: 1 change(s)
debug:
2012 Jun 12
6
Trying to get tagmail to work
...local configuration. An
# extension indicating the cache format is added automatically.
# The default value is ''$confdir/localconfig''.
localconfig = $vardir/localconfig
# Turn on Reporting
report = true
[master]
reports = tagmail
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
And my /etc/puppet/tagmail.conf:
all: my@email.com
On the slave, I have this setup in my puppet.conf:
[main]
# The Puppet log directory.
# The default value is ''$vardir/log''.
logdir = /var/log/puppet
# Where Puppe...
puppet master REST API returns 403 when running under passenger works when running from command line
2012 Dec 10
2
puppet master REST API returns 403 when running under passenger works when running from command line
Hi! Everyone,
puppet agent is not able to fetch any files, plugins or post catalog,
reports to the master. both puppet agent and master are on version 3.0.l,
passenger version 3.0.18 ,
nginx version: nginx/1.3.9
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx
--conf-path=/apps/nginx/nginx.conf
2011 Mar 14
1
slight security problem
...proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 65;
location / {
proxy_pass http://puppet-production;
}
}
</code>
and here is how i start puppetmas...
2012 Jun 12
1
Dashboard with RackbaseURI / and RailsAutoDetect off
...ErrorLog logs/puppet_error_log
> TransferLog logs/puppet_access_log
> LogLevel warn
> # This header needs to be set if using a loadbalancer or proxy
> #RequestHeader unset X-Forwarded-For
>
> #RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> #RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> #RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> DocumentRoot /etc/puppet/rack/public/
> RackBaseURI /
> <Directory /etc/puppet/rack/>
> Options No...
2014 Aug 29
0
Using puppet with Apache mod_disk_cache and passenger over SSL
....pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options Indexes
AllowO...
2009 Sep 07
2
passenger-status error messages
...disabling
# CRL checking by commenting the next line.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,den...
2010 Jul 22
8
Foreman / External Nodes -- Node Not found
...= /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
reports= log,foreman,rrdgraph,store
clientyamldir = /var/lib/puppet/yaml/node
pluginsync = true
external_nodes = /etc/puppet/external_node.rb
node_terminus = exec
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
modulepath = $confdir/modules
templatedir = /etc/puppet/manifests/templates
#clientyamldir = /var/lib/puppet/yaml/node
reportdir = /var/lib/puppet/reports
storeconfigs = true
dbadapter = mysql
dbuser = app_puppet
dbpas...