search for: ssl_client_verify

...--------------------------- [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = loadbalancer01 listen = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY ca = false ------------- Nginx.conf --------------- user nginx; worker_processes 10; worker_rlimit_nofile 100000; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; use epoll; } http { passenger_root /usr/l...

...b/puppet/reports. I just don''t seem to be able to display them on Foreman. Here''s my puppet.conf: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet reports= log, foreman [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath = $confdir/modules #reports=log, foreman storeconfigs = true dbadapter = mysql dbuser = app_puppet dbpassword = password dbserver = localhost dbsocket = /sql/mysql/mysql.sock rrddir=/var/lib/puppet/rrd rrdinterval=$runint...

...e i m missing something. Could you help me, thank. *## Client config* *- hosts* ..... *192.168.0.112 doforte.geofusion doforte 192.168.0.107 gfn-puppetmaster* ..... *-puppet.config* *[agent] certname = generic-gfn-puppetmaster.pem certificate_revocation = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY server = gfn-puppetmaster report = true pluginsync = true certname = doforte.geofusion* *### Server config* *-host* ... *192.168.0.107 gfn-puppetmaster 192.168.0.112 doforte.geofusion doforte* ... *-puppet.config* *[main] logdir=/var/log/puppet vardir=/var/lib/puppet...

...etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on Options None AllowOverride None Order allow,deny allow from all </Directory> SetEnvIf X-SSL-Subject "(.*)" SSL_CLIENT_S_DN=$1 SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 SetEnvIf X-Forwarded-For "(.*)" REMOTE_ADDR=$1 SetEnvIf X-Forwarded-Proto "https" HTTPS=1 SSLProxyEngine On # Proxy all requests that start with things like /production/certificate to the CA ProxyPassMatch ^/([^/]+/certificate.*)$ https://puppetlb.aws.*.co.nz:8141/$1 E...

Hi, Does this still apply in puppet 3.0.2 in the puppet.conf file on the puppet master? [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY If yes, is puppetmasterd correct or should it be something else, like [main] or [master]? Cheers, Oli -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emai...

...nts/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* ----------------------------------------------------------- If i comment the last two lines (external_nodes and node_terminus)...

...r/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY ## /etc/http/conf.d/puppetmasterd.conf PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> ServerN...

...evocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e <Location /> SetHandler balancer-manager Order allow,deny Allow from all </Location> ProxyPass / balancer://puppetmaster/ ProxyPassReverse / balancer://puppetmaster/ ProxyPreserveHost On </Vi...

...the following content: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig pluginsync = true [master] autosign = true ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY My apache vhost is configured like this: <VirtualHost 192.168.1.60:8140> SSLEngine on SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/medion.chatillon....

It works well when I use webrick. The config of nginx is from puppet wiki, some logs is below, what''s wrong? puppet version:0.25.4 client: ... ... debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/state.yaml]: Changing mode debug: /File[/var/lib/puppet/state/state.yaml]: 1 change(s) debug:

.... An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig # Turn on Reporting report = true [master] reports = tagmail ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY And my /etc/puppet/tagmail.conf: all: my@email.com On the slave, I have this setup in my puppet.conf: [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept....

...on; listen 8140 default ssl; server_name bangvmpllda02.XXXXX.com; passenger_enabled on; passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /etc/puppet/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXX...

...SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> I have commented out the #SSLCertifi...

...logdir = /var/log/puppet rundir = /var/run/puppet reports= log,foreman,rrdgraph,store clientyamldir = /var/lib/puppet/yaml/node pluginsync = true external_nodes = /etc/puppet/external_node.rb node_terminus = exec [puppetmasterd] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath = $confdir/modules templatedir = /etc/puppet/manifests/templates #clientyamldir = /var/lib/puppet/yaml/node reportdir = /var/lib/puppet/reports storeconfigs = true dbadapter = mysql dbuser = app_puppet dbpassword = xxxxxxxxxxxxxx...

Hi! Everyone, puppet agent is not able to fetch any files, plugins or post catalog, reports to the master. both puppet agent and master are on version 3.0.l, passenger version 3.0.18 , nginx version: nginx/1.3.9 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/apps/nginx --conf-path=/apps/nginx/nginx.conf

.../log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY Clearly these values of the ''''--configprint -all" command are coming from somewhere else and I can''t seem to find the answer. I''ve read that puppet will read values from a users home directory if the puppet service is not run...

...tedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post server=puppetmaster [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY And so in this MASTER [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeepe...

..._DN /C=CH/ST=Switzerland/L=Zurich/O=ETH Zurich/OU=Seminar for Statistics/CN=stat.ethz.ch/emailAddress=webmaster@math.ethz.ch SSL_CIPHER RC4-MD5 SSL_SERVER_V_START Jan 9 12:56:05 2004 GMT SSL_SESSION_ID 210587E0DB04D2F7DAF67D64B4E9DDBA2F059B4E0671DD165F319D9EB1BB2057 CONTENT_LENGTH 83 SSL_CLIENT_VERIFY NONE SSL_SERVER_I_DN_ST Switzerland SSL_SERVER_S_DN_O ETH Zurich HTTP_REFERER https://stat.ethz.ch/mailman/listinfo/r-help, https://stat.ethz.ch/mailman/listinfo/r-help SERVER_NAME stat.ethz.ch REMOTE_ADDR 155.140.122.227 SSL_CIPHER_ALGKEYSIZE 128 SSL_SERVER_I_DN /C=CH/ST=Swit...

I''m not sure at all what''s going on here, but I''ve spent a lot of time reading over the puppet hiera docs and setting everything up, but when I run puppet agent it just seems to ignore the hiera setup completely. Both the puppet master and agent nodes have exactly the same versions of puppet and hiera (installed via the official puppet APT repository). I''ve

...# These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory> </VirtualHost&gt...