Issue #1379 has been updated by lludwig.
luke wrote:
> The variables I'm referring to are those that you have to configure your http
> proxy to use, such as HTTP_X_CLIENT_DN.
I have these per the wiki setup:
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
I also just noticed using mysql to store configs and in the hosts table I show
the 'name' to be the private name, yet the ip address is the public IP?
----------------------------------------
Bug #1379: puppetrun/puppetd with private network
http://reductivelabs.com/redmine/issues/show/1379
Author: lludwig
Status: Needs more information
Priority: Low
Assigned to:
Category:
Target version:
Keywords: puppetrun puppetmaster puppetd private network
Complexity: Unknown
Patch: None
Affected version: 0.24.4
If using a two networks (one public facing, the other private) on both the
puppetmaster and puppetd, puppetrun appears to run on the second specified
network but the puppetd gives this odd error.
puppetd[10522]: Denying authenticated client puppet.network.net(192.168.15.2)
access to puppetrunner.run
It should show puppet.private.network.net (reverse and forward dns work
properly)
Config info.
namespaceauth.conf (on puppetd)
[puppetrunner]
allow puppet.private.network.net
puppet.conf (on puppetmaster)
[puppetmasterd]
bindaddress=192.168.15.2
certname=puppet.private.network.net
The work around is to either specify the public facing name, or just use IP
address (which is safer). I don't have this issue occur with any other puppet
item, so I assume it's something to do specifically with puppetrun. Oh also
puppetrun is running on puppetmaster as root user (so it's accessing the certs
like puppetmaster does)
----------------------------------------
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
