Hi
>> hmm I do that running nginx on 2 different ports: one with
>> ssl_verification on and on the other not. See
>> http://reductivelabs.com/trac/puppet/wiki/UsingMongrelNginx for the
>> setup (port 8140 and 8141). So I can run puppet with caport set to 8141
>> and do the ca stuff on that port. this works fine.
>> apache has another solution for that where you don't need to run apache
>> on 2 different ports.
>
> Hmm? I must have missed that solution for apache.
Isn't the apache version already doing that by setting the request
header according to its verification? I never tried it with apache so I
can't say. But what is done on NginX is that on one vhost we set:
proxy_set_header X-Client-Verify SUCCESS;
and on the other:
proxy_set_header X-Client-Verify FAILURE;
which is what make the signing request imho.
as on apache it is:
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
which sets imho the X-Client-Verify either to SUCCESS or FAILURE, not?
>> I think this could be done, if you still need it: patches?
>
> Well, if I find the time tomorrow, I will prepare patches which add that
> and fix the puppetd init script so that it does not affect puppetd
> instances which were started manually ("puppetd --test"), using the pid
> from $pidfile to access the process instead of using killproc.
> IMHO, the init script should only kill processes it started.
hmm what has the puppetd init script to do with your actual problem? or
is this another problem?
However a note: While writing the multiport patch I discovered that
older RHEL or CENTOS versions than 5 or versions of Fedora prior to 8
aren't supporting the pidfile option. See
http://projects.reductivelabs.com/issues/show/1460#note-7 for more infos.
As we have discussed in the bug ticket, it isn't really a problem if
only the multiport option isn't supported on systems prior to 5 or
fedora 8, however the puppetd script should run for sure on systems
prior to RHEL/CENTOS 5 or F8, if you find a way of how to address this
problem I think we could even use it for the multiport option.
greets pete
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
