diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-02-28 14:50:16 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-02-28 14:50:16 +0100 |
commit | 7ccece9b033bb2b2715793ff082e156bd0c8d63b (patch) | |
tree | 3cf8b333ade1e359df16388fcd57b1b7d257c402 | |
parent | puppetdb whitelist server. (diff) | |
download | profiles-7ccece9b033bb2b2715793ff082e156bd0c8d63b.tar.gz profiles-7ccece9b033bb2b2715793ff082e156bd0c8d63b.tar.xz |
Puppetdb document auth workaround.
-rw-r--r-- | manifests/puppetdb.pp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/manifests/puppetdb.pp b/manifests/puppetdb.pp index a5054d4..7f6cc89 100644 --- a/manifests/puppetdb.pp +++ b/manifests/puppetdb.pp @@ -6,9 +6,18 @@ class profiles::puppetdb { class { 'puppetdb': listen_address => '::', # Just accept insecure connections disable_ssl => false, + # This sohuld in theory allow full access to the database, but it + # doesn't seem to do that. See [AUTH] certificate_whitelist => [ $::servername, ], } + # [AUTH] Innstead, in /etc/puppetlabs/puppetdb/conf.d/auth.conf + # i changed the rule + # match-request: /metrics + # to allow anything: + # - allow: "*" + # + allow-unauthenticated: true + # This is "requried", and is recommended to be included in this way # (presumably to later allow setting parameters) class { 'puppetdb::master::config': |