Hi all, I have a problem trying to configure puppet-dashboard when using the inventory search, and I'm running out of ideas.
I have configured puppet-dashboard to run under apache passenger and following the instructions on http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html I have created the certificates as per the instructions and configured auth.conf such that it has: ----------------- path /facts auth yes method find, search allow dashboard ----------------- However, if I try to search the inventory, I get a access denied error. If I change the auth.conf file to allow everything, then everything works. I believe it's because puppet-passenger is not sending the right certificate when it's connecting to the master, and then it gets denied. This is what I get running puppet master in debug mode: ... info: access[/certificate_request]: allowing * access info: access[/facts]: adding authentication yes info: access[/facts]: allowing 'method' find info: access[/facts]: allowing 'method' search info: access[/facts]: allowing internalname.int access info: access[/facts]: allowing puppet-dashboard access info: access[/facts]: allowing dashboard access info: access[/facts]: allowing 10.0.1.114 access info: access[/]: adding authentication any info: Inserting default '/status' (auth true) ACL because none were found in '/etc/puppet/auth.conf' info: access[/]: defaulting to no access for internalname.int warning: Denying access: Forbidden request: internalname.int(10.0.1.129) access to /facts/search [search] at /etc/puppet/auth.conf:107 err: Forbidden request: internalname.int(10.0.1.129) access to /facts/search [search] at /etc/puppet/auth.conf:107 ... internalname.int is the name the IP resolves to in /etc/hosts So, it seems to me that all the puppetmaster sees is the request coming from internal name and not from a certname called 'dashboard', which is what it's configured with in /etc/puppet-dashboard/settings.yaml (the files in /usr/share/puppet-dashboard/certs exist and are readable by www-data). What makes me think that there's no cert being sent is that if I run: openssl s_server -accept 8140 to see what certificate gets presented, none appear coming from puppet-dashboard, whereas a normal puppet run does actually send a certificate that openssl can see: ACCEPT ERROR 140723219195560:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate:s3_srvr.c:3274: shutting down SSL CONNECTION CLOSED ACCEPT Any ideas what might be wrong here? Thanks. -- Jesús Roncero Jesus Roncero Principal IT Ops Engineer t: +44 20 7092 8700 m: blinkbox music - the easiest way to listen to the music you love, for free www.blinkboxmusic.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140210145336.GA7922%40pleuron.we7.local. For more options, visit https://groups.google.com/groups/opt_out.
