On May 9, 2011, at 9:37 AM, Ohad Levy wrote: > > > On Mon, May 9, 2011 at 7:30 PM, Patrick <kc7...@gmail.com> wrote: > > On May 9, 2011, at 9:10 AM, Ohad Levy wrote: > >> >> >> On Mon, May 9, 2011 at 5:54 PM, Antony Mayi <antonym...@yahoo.com> wrote: >> >> >> From: Ohad Levy <ohadl...@gmail.com> >> To: puppet-users@googlegroups.com >> Sent: Fri, 15 April, 2011 19:42:10 >> Subject: Re: [Puppet Users] multimaster architecture with central report >> server >> >> >> >> On Fri, Apr 15, 2011 at 2:44 PM, Antony Mayi <antonym...@yahoo.com> wrote: >> Hi, >> >> is there a way how to instruct the master to forward the obtained reports to >> another master server so we can have one central report server that would be >> receiving all reports from other masters in individual collocations? the >> report_server works fine for the master itself but not for the forwarded >> reports. >> >> If you use a tool such as foreman or dashboard, you can simply forward the >> reports to it. >> >> AM: not that simply - how about security? the puppet 8140 traffic is >> encrypted and mutually authenticated between the agent and master the puppet >> dashboard - how will you achieve the mutual X509 based authentication >> between the master and remote dashboard? >> >> simply ensure that https is turned on and ssl verify mode is enforced? >> or if you dont have common ca between all of your masters, just turn on ssl, >> and filter down the allowed hosts to send reports (i.e only your puppet >> masters can communicate with foreman/dashboard. > > Last I checked, puppet can't send reports to an https server. Only to a http > server. Has this changed? > not if you use something like: > > https://github.com/ohadlevy/puppet-foreman/blob/master/foreman/files/foreman-report.rb
That's better than what I've seen, still, it looks like he client isn't verifying the server's certificate, and the client's not sending one either, meaning many of the benefits of SSL are gone. Do you know of a way (with code or a link to the right API) that would help with either of those? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
