Ask Your Question
0

Puppet Dashboard signed with self signed certificate

asked 2014-12-11 11:08:08 -0600

Tomasz Olszewski gravatar image

updated 2014-12-11 12:37:29 -0600

Hello,

How do you guys use Puppet Dashboard with HTTPs?

My puppet dashboard is accessible through HTTPs, with SSL certificate sign by my own internal CA. I would like to use it in puppet.conf as reporturl:

reports = store,http,tagmail
reporturl = https://address/reports/upload
report = true

My problem is simple, from puppet agent point of view, certificate is self signed:

Dec 11 11:52:51 nfs-1 puppet-user[29292]: Report processor failed: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in
certificate chain for /C=PL/ST=x/L=x/O=x /OU=x/CN=x/emailAddress=x]

What can I do to make it work? I would like to tell puppet that my CA is trusted - but I have no idea how to do that. What is funny, I tried to use GeoTrust SSL certificate, which is trusted by each browser, and it was same situation. Looks like puppet ignore CAs installed by ca-certificates package (It's debian)

Alternative option, which is also fine for me - is to disable veryfing of SSL certs, but I couldn't find any option that can do that. I found on google couple of similar (old) redmine tickets, but everything is outdated now.

I'll appreciate any help, because creating my own reporting module is the worst scenarion, and I would like to do it in other way.

I'm using:

  • puppet 3.7.3 from apt.puppetlabs.com
  • Debian Wheezy
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-12-12 00:58:18 -0600

Tomasz Olszewski gravatar image

Hi,

As noone replied, I helped myself by modifying /usr/lib/ruby/vendor_ruby/puppet/reports/http.rb. If anyone knows better way of doing that, please do not hesitate to help :-)

--- http.rb 2014-12-12 06:53:58.588397385 +0000
+++ http_new.rb 2014-12-12 06:54:13.940629767 +0000
@@ -22,7 +22,7 @@
       }
     end
     use_ssl = url.scheme == 'https'
-    conn = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl)
+    conn = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl, false)
     response = conn.post(url.path, self.to_yaml, headers, options)
     unless response.kind_of?(Net::HTTPSuccess)
       Puppet.err "Unable to submit report to #{Puppet[:reporturl].to_s} [#{response.code}] #{response.msg}"
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-12-11 11:08:08 -0600

Seen: 352 times

Last updated: Dec 12 '14