You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected Puppet, Ruby, OS and module versions/distributions
I'm running Puppet Enterprise 2021.7.1 on CentOS. I'm trying to implement this module to handle certificate renewal. I've set it up in our code repo with this on the agents:
I've played around with the sort_order, but there's an existing authorization rule in Puppet Enterprise ('puppetlabs certificate status') which is on the same match_request_path, and, depending on whether I supply a sort_order value that's lower or higher than the existing rule, the client either gets a HTTP/403 "denied by rule" message, or the server appears to break itself because it's not permitted to access the certificate_status URL.
Is there a code recipe example which can be supplied which should make this module work on Puppet Enterprise? (Or is there a problem with applying these authorization rules on PE?)
The text was updated successfully, but these errors were encountered:
@ciranor according to the README, you'll need to patch /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp. I use a patch module to help automate that.
Affected Puppet, Ruby, OS and module versions/distributions
I'm running Puppet Enterprise 2021.7.1 on CentOS. I'm trying to implement this module to handle certificate renewal. I've set it up in our code repo with this on the agents:
And this puppet code to apply on to the puppet master servers, based on example in the README:
I've played around with the sort_order, but there's an existing authorization rule in Puppet Enterprise ('puppetlabs certificate status') which is on the same match_request_path, and, depending on whether I supply a
sort_order
value that's lower or higher than the existing rule, the client either gets a HTTP/403 "denied by rule" message, or the server appears to break itself because it's not permitted to access the certificate_status URL.Is there a code recipe example which can be supplied which should make this module work on Puppet Enterprise? (Or is there a problem with applying these authorization rules on PE?)
The text was updated successfully, but these errors were encountered: