Feature #4688

External Node Classifier should support SSL authentication.

Added by Teyo Tyree over 1 year ago. Updated 10 months ago.

Status:Closed Start date:09/02/2010
Priority:Normal Due date:
Assignee:- % Done:

0%
Category:-
Target version:1.1.0
Keywords:ENC, ssl, external nodes, roadmapped Affected URL:
Branch:https://github.com/jes5199/puppet-dashboard/tree/ticket/next/4688 Affected Dashboard version:
Votes: 0

Description

The current external node classification script does not take advantage of Puppet’s ssl certificate authentication framework. I have written a external node script that supports ssl certificate authentication. This will allow the dashboard to securely serve as an ENC for any number of remote Puppetmasters by taking advantage of the already present ssl certificates.

Related issues

related to Puppet Dashboard - Bug #5186: Bug Fixes for 1.0.5 Closed 11/02/2010
related to Puppet Dashboard - Bug #5269: There should be a Node terminus that speaks HTTP and HTTP... Accepted 11/12/2010

History

#1
Updated by Teyo Tyree over 1 year ago

Here is the script. I have sent a pull request from my git repo.

#! /usr/bin/ruby
#
# Sample External Node script for Puppet Dashboard
#
# == puppet.conf Configuration
#
#  [main]
#  external_nodes = /path/to/external_node
#  node_terminus = exec

require 'puppet'
require 'yaml'
require 'puppet/sslcertificates/support'
require 'uri'
require 'net/https'

#
# Required settings
#

Puppet[:config] = "/etc/puppet/puppet.conf"
Puppet.parse_config

#
# 
#

DASHBOARD = "https://puppet.puppetlabs.lan"
PORT = '4430'
NODE = ARGV.first

cert = File.read(Puppet[:hostcert])
pem = File.read(Puppetcommit::hostprivkey])
ca = Puppet[:localcacert

uri = URI.parse("#{DASHBOARD}/nodes/#{NODE}")
puts uri.host
puts uri.path
http = Net::HTTP.new(uri.host, PORT)
http.use_ssl = true
http.cert = OpenSSL::X509::Certificate.new(cert)
http.key = OpenSSL::PKey::RSA.new(pem)
http.ca_file = ca
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
res = http.start { http.request_get(uri.path, 'Accept' => 'text/yaml') }

case res
when Net::HTTPSuccess; puts res.body; exit 0
else; STDERR.puts "Error: #{res.code} #{res.message}"; exit 1
end

#2
Updated by James Turnbull over 1 year ago

  • Status changed from Unreviewed to Needs Decision
  • Assignee set to Igal Koshevoy

#3
Updated by Anonymous over 1 year ago

  • Target version set to 1.0.5

#4
Updated by Nigel Kersten over 1 year ago

  • Status changed from Needs Decision to Accepted

#5
Updated by Nigel Kersten over 1 year ago

  • Keywords changed from ENC, ssl, external nodes to ENC, ssl, external nodes, roadmapped

#6
Updated by Igal Koshevoy over 1 year ago

  • Assignee deleted (Igal Koshevoy)

#7
Updated by Paul Berry over 1 year ago

  • Status changed from Accepted to Merged - Pending Release
  • Branch set to https://github.com/jes5199/puppet-dashboard/tree/ticket/next/4688

#8
Updated by Matt Robinson about 1 year ago

  • Status changed from Merged - Pending Release to Closed

Merged into master at the end of iteration.

#9
Updated by James Turnbull 10 months ago

  • Target version changed from 1.0.5 to 1.1.0

Also available in: Atom PDF