[Puppet Users] Puppet Dashboard HTTP Basic Authentication Issues

Thu, 31 Jul 2014 09:28:35 -0700 

Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
Basic Authentication. I followed this document's "Security" section:
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html

Basically, in Dashboard’s vhost configuration, I added those lines:

<Location "/">
    Order allow,deny
    Allow from 192.168.240.110 # your puppet master's IP
    Satisfy any
    AuthName "Puppet Dashboard"
    AuthType Basic
    AuthUserFile /etc/httpd/webaccess
    Require valid-user
</Location>

Then I also created a user/password combination:
htpasswd -c /etc/httpd/webaccess myusername

Restart httpd service and Web access to the interface works fine. It 
prompts me for username/password.
However, when I ran "puppet agent --test", it failed. Puppet cannot get 
nodes from the dashboard.

Questions:

1. I googled and found this issue: 
https://projects.puppetlabs.com/issues/4890. It points to another two 
issues. Should I follow those two issues to fix my problem?

    issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
out of the reporturl configuration option. 
    issue #5126  -- Puppet cannot get nodes from the dashboard. Modify the 
external node script to properly parse usernames and passwords out of its 
URL 

2. In the document, it has a notice

    Notice that you need to leave an access exception for your puppet 
master. Although it’s possible to configure Puppet to use a password when 
connecting to Dashboard (by adding a username and password to Puppet’s 
reporturl and         the URL used by the external_nodes script), this 
currently requires patching Puppet’s http report handler; see issue 7173 
for more details.

I am a little confused here. "you need to leave an access exception for 
your puppet master", does this refer to those two lines in the vhost config:

Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP

If yes, does that mean if I have those two lines to leave an access 
exception for puppet master, I don't need to apply those two patches? But 
now with those two lines, I still can't get puppet agent to get node from 
dashboard. Maybe I should go ahead and apply those two patches?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6b064326-2502-4576-a928-a3dda5370b6c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to