search for: ssl_client_s_dn

Displaying 20 results from an estimated 53 matches for "ssl_client_s_dn".

2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
...---------------------------------------------- [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = loadbalancer01 listen = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY ca = false ------------- Nginx.conf --------------- user nginx; worker_processes 10; worker_rlimit_nofile 100000; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; use epoll; } http {...
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
...classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY ## /etc/http/conf.d/puppetmasterd.conf PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...erver, i''ve the following content: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig pluginsync = true [master] autosign = true ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY My apache vhost is configured like this: <VirtualHost 192.168.1.60:8140> SSLEngine on SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/c...
2010 Jun 09
12
Foreman -- Reporting
...see them in /var/lib/puppet/reports. I just don''t seem to be able to display them on Foreman. Here''s my puppet.conf: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet reports= log, foreman [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath = $confdir/modules #reports=log, foreman storeconfigs = true dbadapter = mysql dbuser = app_puppet dbpassword = password dbserver = localhost dbsocket = /sql/mysql/mysql.sock rrddir=/var/lib/puppet/rrd...
2012 Jun 14
15
Problem with Load Balancing Puppet masters with Apache mod_proxy
...ChainFile /var/lib/puppet/ssl/certs/ca.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e <Location /> SetHandler balancer-manager Order allow,deny Allow from all </Location> Prox...
2013 Oct 18
1
'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
...files, but maybe i m missing something. Could you help me, thank. *## Client config* *- hosts* ..... *192.168.0.112 doforte.geofusion doforte 192.168.0.107 gfn-puppetmaster* ..... *-puppet.config* *[agent] certname = generic-gfn-puppetmaster.pem certificate_revocation = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY server = gfn-puppetmaster report = true pluginsync = true certname = doforte.geofusion* *### Server config* *-host* ... *192.168.0.107 gfn-puppetmaster 192.168.0.112 doforte.geofusion doforte* ... *-puppet.config* *[main] logdir=/var/log/puppet vard...
2012 Jun 14
2
Forbidden request: puppetagent1.example.com(192.168.1.101) access to /certificate_revocation_list/ca [find] at line 99
Puppet version: 2.7.14 Puppet master behind apache with mod_proxy load balancer. I am able to authenticate with the cert as per these headers: Accept: s X-SSL-Subject: /CN=puppetagent1.example.com X-Client-DN: /CN=puppetagent1.example.com X-Client-Verify: SUCCESS Any idea what this error means ? I share my ssl dir on the load balancer and the puppet master. -- You received this message
2013 Aug 22
1
ssl ofloading on amazon ELB for puppetmasters
...puppetmaster_8141/public/ RackBaseURI / <Directory /etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on Options None AllowOverride None Order allow,deny allow from all </Directory> SetEnvIf X-SSL-Subject "(.*)" SSL_CLIENT_S_DN=$1 SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 SetEnvIf X-Forwarded-For "(.*)" REMOTE_ADDR=$1 SetEnvIf X-Forwarded-Proto "https" HTTPS=1 SSLProxyEngine On # Proxy all requests that start with things like /production/certificate to the CA ProxyPassMatch ^/([...
2013 Feb 13
2
SSL config in puppet.conf in v3.0x
Hi, Does this still apply in puppet 3.0.2 in the puppet.conf file on the puppet master? [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY If yes, is puppetmasterd correct or should it be something else, like [main] or [master]? Cheers, Oli -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group...
2013 Oct 30
4
Warning: Local environment: "42A" doesn't match server specified node environment "production", switching agent to "production"
...puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* ----------------------------------------------------------- If i comment the last two lines (external_nodes...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None All...
2012 Dec 17
1
multiple puppet masters
...l SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,de...
2010 Jun 08
4
Nginx/Mongrel Could not retrieve catalog from remote server: Error 403 on SERVER
It works well when I use webrick. The config of nginx is from puppet wiki, some logs is below, what''s wrong? puppet version:0.25.4 client: ... ... debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/state.yaml]: Changing mode debug: /File[/var/lib/puppet/state/state.yaml]: 1 change(s) debug:
2012 Jun 12
6
Trying to get tagmail to work
...local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig # Turn on Reporting report = true [master] reports = tagmail ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY And my /etc/puppet/tagmail.conf: all: my@email.com On the slave, I have this setup in my puppet.conf: [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppe...
2012 Dec 10
2
puppet master REST API returns 403 when running under passenger works when running from command line
Hi! Everyone, puppet agent is not able to fetch any files, plugins or post catalog, reports to the master. both puppet agent and master are on version 3.0.l, passenger version 3.0.18 , nginx version: nginx/1.3.9 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/apps/nginx --conf-path=/apps/nginx/nginx.conf
2011 Mar 14
1
slight security problem
...proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify SUCCESS; proxy_set_header X-Client-DN $ssl_client_s_dn; proxy_set_header X-SSL-Subject $ssl_client_s_dn; proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_read_timeout 65; location / { proxy_pass http://puppet-production; } } </code> and here is how i start puppetmas...
2012 Jun 12
1
Dashboard with RackbaseURI / and RailsAutoDetect off
...ErrorLog logs/puppet_error_log > TransferLog logs/puppet_access_log > LogLevel warn > # This header needs to be set if using a loadbalancer or proxy > #RequestHeader unset X-Forwarded-For > > #RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e > #RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e > #RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e > > DocumentRoot /etc/puppet/rack/public/ > RackBaseURI / > <Directory /etc/puppet/rack/> > Options No...
2014 Aug 29
0
Using puppet with Apache mod_disk_cache and passenger over SSL
....pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options Indexes AllowO...
2009 Sep 07
2
passenger-status error messages
...disabling # CRL checking by commenting the next line. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,den...
2010 Jul 22
8
Foreman / External Nodes -- Node Not found
...= /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet reports= log,foreman,rrdgraph,store clientyamldir = /var/lib/puppet/yaml/node pluginsync = true external_nodes = /etc/puppet/external_node.rb node_terminus = exec [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath = $confdir/modules templatedir = /etc/puppet/manifests/templates #clientyamldir = /var/lib/puppet/yaml/node reportdir = /var/lib/puppet/reports storeconfigs = true dbadapter = mysql dbuser = app_puppet dbpas...