On Tue, 14 Sep 2010 08:19:24 +0200, Kenneth Holter wrote: > > Hello all, > > > Is it possible at the moment to set up access control for Puppet Dashboard? > As of now anyone within our organization will have full access to the > dashboard. I thought I'd set up regular Apache access control, but this will > probably not work well with dashboard as an external node tool. I found > http://projects.puppetlabs.com/issues/3459 which suggest running dashboard > unsecurily on localhost, but I'm hoping that there are other ways. > > Best regards, > Kenneth >
Currently, the Dashboard doesn't have any built-in authentication, or authorization (this isn't _quite_ true, but it's close enough to make no difference). There is a ticket generally about this[1], but (as far as I'm aware) it's a bit hand-wavey, since there hasn't been much speced out (but, again, I could be wrong about this). If you know what granularity of access-control you'd like/need/actually-use, I'd love to hear what that is (especially if you would be kind enough to take some time to comment in the ticket I mentioned earlier). As far as getting access control right now, it's pretty much what you mentioned: Putting Dashboard behind something like Apache access controls. You should still be able to use the dashboard as an external node tool, but I'd imagine that you'd either need to allow public access to GET at http://dashboard-host/nodes/* (specifically for requests accepting 'text/yaml'), or modify the external_node script to pass along auth credentials. I haven't actually done this myself, so I'd love it if someone with more experience doing this could chime in. Hope this helps. [1] http://projects.puppetlabs.com/issues/4168 -- Jacob Helwig
signature.asc
Description: Digital signature
