I wanted to configure the puppet dashboard to require authentication of client certs and had to modify the previous script to get it to send the client certificate. I also adjusted it to use the puppet CA cert to verify the remote server as well. Simple changes, but providing it in case anyone else wants to lock down their dashboard (or other report collector). It uses the cert settings as configured in puppet.conf.
require 'puppet' require 'net/http' require 'net/https' require 'uri' Puppet::Reports.register_report(:https) do desc <<-DESC Send report information via HTTPS to the `reporturl`. Each host sends its report as a YAML dump and this sends this YAML to a client via HTTPS POST. The YAML is the `report` parameter of the request." DESC def process url = URI.parse(Puppet[:reporturl].to_s) http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.cert = OpenSSL::X509::Certificate.new(File.read(Puppet[:hostcert].to_s)) http.key = OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey].to_s)) http.ca_file = Puppet[:localcacert].to_s http.verify_mode = OpenSSL::SSL::VERIFY_PEER req = Net::HTTP::Post.new(url.path) req.body = self.to_yaml req.content_type = "application/x-yaml" http.start do |http| response = http.request(req) unless response.code == "200" Puppet.err "Unable to submit report to #{Puppet[:reporturl].to_s} [#{response.code}] #{response.msg}" end end end end On Wednesday, July 4, 2012 9:13:49 AM UTC-4, Julien wrote: > > Hi, > > In your puppet.conf, change : > > [master] > reports = log, store, http*s* > reporturl = > https://puppet-test.uis.example.com:443/reports/upload<https://puppet-test.uis.example.com/reports/upload> > > Then add in your reports folder (under debian with puppetlabs packets) ; > > /usr/lib/ruby/1.8/puppet/reports/https.rb : > > require 'puppet' > require 'net/http' > require 'net/https' > require 'uri' > > Puppet::Reports.register_report(:https) do > > desc <<-DESC > Send report information via HTTPS to the `reporturl`. Each host sends > its report as a YAML dump and this sends this YAML to a client via HTTPS > POST. > The YAML is the `report` parameter of the request." > DESC > > def process > url = URI.parse(Puppet[:reporturl].to_s) > http = Net::HTTP.new(url.host, url.port) > http.use_ssl = true > http.verify_mode = OpenSSL::SSL::VERIFY_NONE > > req = Net::HTTP::Post.new(url.path) > req.body = self.to_yaml > req.content_type = "application/x-yaml" > > http.start do |http| > response = http.request(req) > unless response.code == "200" > Puppet.err "Unable to submit report to #{Puppet[:reporturl].to_s} > [#{response.code}] #{response.msg}" > end > end > > end > end > > Found in the VM Labs shipped by puppetlabs. > > Julien > >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QRlDKyvE3VUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.