Revision 11e65ebd
Added by Ewoud Kohl van Wijngaarden about 10 years ago
manifests/init.pp | ||
---|---|---|
# the apache vhost to set up a proxy for all
|
||
# certificates pointing to the value.
|
||
#
|
||
# $allow_any_crl_auth:: Allow any authentication for the CRL. This
|
||
# is needed on the puppet CA to accept clients
|
||
# from a the puppet CA proxy.
|
||
# type:boolean
|
||
#
|
||
# === Usage:
|
||
#
|
||
# * Simple usage:
|
||
... | ... | |
$agent_template = $puppet::params::agent_template,
|
||
$auth_template = $puppet::params::auth_template,
|
||
$nsauth_template = $puppet::params::nsauth_template,
|
||
$allow_any_crl_auth = $puppet::params::allow_any_crl_auth,
|
||
$client_package = $puppet::params::client_package,
|
||
$agent = $puppet::params::agent,
|
||
$server = $puppet::params::server,
|
||
... | ... | |
validate_bool($agent_noop)
|
||
validate_bool($agent)
|
||
validate_bool($server)
|
||
validate_bool($allow_any_crl_auth)
|
||
validate_bool($server_ca)
|
||
validate_bool($server_passenger)
|
||
validate_bool($server_git_repo)
|
Also available in: Unified diff
Issue #4345: Add an allow_any_crl parameter
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-proxy-certificate-traffic
states the following should be present in auth.conf if using a puppet ca
proxy:
path /certificate_revocation_list
auth any
method find
allow *
In my testing /certificate_revocation_list/ca was sufficient.