On Wed, Aug 28, 2013 at 11:56 PM, Stephen Wallace < [email protected]> wrote: > Hi All, > > I posted this to puppet-users a few days back without feedback. I'm feeling > guilty for not allowing the hard core dev boys an opportunity to shine :)
And girls :). > > I'm looking to prepend a string to all (RHEL based) PE3 console URLs. I'm > trying to proxy the console thru an Oracle web server (Apache under the > hood), and for security we need to make all URLs easily identifiable as > having originated from Puppet in the web log files. A PCI requirement I > believe. I don't know anything about Oracle web servers, but I can give some information about how PE is configured, and hopefully that will help. > > So, the question is how to change https://console.puppet.net into > https://mypuppetlabel/console.puppet.net....and hopefully still keep PE > happy and functioning as an ENC / report processor :) `https://mypuppetlabel/console.puppet.net`<https://mypuppetlabel/console.puppet.net>would be actually changing the hostname to `mypuppetlabel`, which I don't think you want to do. I think you have two options: 1. have the Console at a subdomain (e.g. https://mypuppetabel.console.puppet.net) 2. have the Console at a subdirectory (e.g. https://console.puppet.net/mypuppetlabel) > > Having had a dig around, by best guess would be to modify > RAILS_RELATIVE_URL_ROOT which seems to be set in a few different > configuration.rb files only. Doesn't seem to be set in > httpd/conf.d/*passenger* which I would have expected. > The Apache config file for the PE Console can be found at /etc/puppetlabs/httpd/conf.d/puppetdashboard.conf. RAILS_RELATIVE_URL_ROOT isn't set by default. > Can anybody confirm that it a) is possible, and b) how to do this? To achieve (1): on a test vm with PE 3.0.1 installed I added the line `ServerName mypuppetlabel.console.localdomain` to /etc/puppetlabs/httpd/conf.d/puppetdashboard.conf and ensured that I had DNS set up properly so I could resolve `mypuppetlabel.console.localdomain`. I was then able to reach the Console at this subdomain. Achieving (2) is much more complicated/not supported at all/totally hacky (proceed with caution, there be dragons here!) and I couldn't get it to work fully. Based on https://gist.github.com/ebeigarts/5450422 and https://github.com/rails/rails/issues/5122 it sounds like just modifying RAILS_RELATIVE_URL_ROOT will only change where static files from the Rails asset pipeline are served. I confirmed this by adding the line "SetEnv RAILS_RELATIVE_URL_ROOT /test" to puppetdashboard.conf - all this seemed to do was try to look for all of the static files from '/test', which got a 404. After doing some testing, what I discovered was that in order for this to work, I needed to edit `/opt/puppet/share/puppet-dashboard/config.ru` so that it looked like require ::File.expand_path('../config/environment', __FILE__) map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do run PuppetDashboard::Application end (make sure this file is owned by user puppet-dashboard and group puppet-dashboard after you edit it, otherwise the Console will fail to load) However, while this got me the main pages of the Console loaded at `/test`, the Rack applications that are mounted as plugins to the main Rails app (Live Management, Request Manager, and Console Auth) weren't getting routed properly. Right now I'm still trying to figure out how to do this and haven't had much luck. As far as I can tell, the Rails options for doing this are, well, uncertain, in that as far as I can tell there seem to be many config options, none of which I could get to fix this issue ( https://github.com/rails/rails/issues/4308#issuecomment-14293248). I'm also not at all familiar with Apache and Passenger, so it's very possible there's a way to do it with these that I don't know about. > > Regs, > > Stephen > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-dev. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev. For more options, visit https://groups.google.com/groups/opt_out.
