On 31 August 2016 at 11:45, Lukas Zapletal <[email protected]> wrote: > > BTW I also tried to work with the API of "Free IP" but couldn't managed > to > > authenticate properly, can you give me an example of how to use it? > > that way we could use the workaround I spoke of before... > > The proxy API directly? That's not possible, unless you use HTTP client > certificate. Sign it with your puppet ca and use it if you want. >
Well, it is possible - but you have to make some changes to the proxy :) The proxy, by default, sets: :trusted_hosts: - foreman.domain.org This means 2 things - one, API calls need to be wrapped with a certificate signed by the proxy's CA, and 2, the cert's name has to be in the trusted_hosts. So, you have three options, from most to least-secure: 1) If only a few machines will need to call the free_ip endpoint, you can generate new certs from the same CA, give them to the clients, and add them to trusted_hosts (i.e what Lukas said) 2) disable trusted_hosts entirely, at which point any valid SSL request can access the API 3) Allow non-ssl requests to that proxy module Hope that helps! Greg -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
