I wanted to configure the puppet dashboard to require authentication of
client certs and had to modify the previous script to get it to send the
client certificate. I also adjusted it to use the puppet CA cert to verify
the remote server as well. Simple changes, but providing it in case anyone
else wants to lock down their dashboard (or other report collector).
It uses the cert settings as configured in puppet.conf.
require 'puppet'
require 'net/http'
require 'net/https'
require 'uri'
Puppet::Reports.register_report(:https) do
desc <<-DESC
Send report information via HTTPS to the `reporturl`. Each host sends
its report as a YAML dump and this sends this YAML to a client via HTTPS
POST.
The YAML is the `report` parameter of the request."
DESC
def process
url = URI.parse(Puppet[:reporturl].to_s)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.cert =
OpenSSL::X509::Certificate.new(File.read(Puppet[:hostcert].to_s))
http.key = OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey].to_s))
http.ca_file = Puppet[:localcacert].to_s
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
req = Net::HTTP::Post.new(url.path)
req.body = self.to_yaml
req.content_type = "application/x-yaml"
http.start do |http|
response = http.request(req)
unless response.code == "200"
Puppet.err "Unable to submit report to #{Puppet[:reporturl].to_s}
[#{response.code}] #{response.msg}"
end
end
end
end
On Wednesday, July 4, 2012 9:13:49 AM UTC-4, Julien wrote:
>
> Hi,
>
> In your puppet.conf, change :
>
> [master]
> reports = log, store, http*s*
> reporturl =
> https://puppet-test.uis.example.com:443/reports/upload<https://puppet-test.uis.example.com/reports/upload>
>
> Then add in your reports folder (under debian with puppetlabs packets) ;
>
> /usr/lib/ruby/1.8/puppet/reports/https.rb :
>
> require 'puppet'
> require 'net/http'
> require 'net/https'
> require 'uri'
>
> Puppet::Reports.register_report(:https) do
>
> desc <<-DESC
> Send report information via HTTPS to the `reporturl`. Each host sends
> its report as a YAML dump and this sends this YAML to a client via HTTPS
> POST.
> The YAML is the `report` parameter of the request."
> DESC
>
> def process
> url = URI.parse(Puppet[:reporturl].to_s)
> http = Net::HTTP.new(url.host, url.port)
> http.use_ssl = true
> http.verify_mode = OpenSSL::SSL::VERIFY_NONE
>
> req = Net::HTTP::Post.new(url.path)
> req.body = self.to_yaml
> req.content_type = "application/x-yaml"
>
> http.start do |http|
> response = http.request(req)
> unless response.code == "200"
> Puppet.err "Unable to submit report to #{Puppet[:reporturl].to_s}
> [#{response.code}] #{response.msg}"
> end
> end
>
> end
> end
>
> Found in the VM Labs shipped by puppetlabs.
>
> Julien
>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/QRlDKyvE3VUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
