Hello,
i need to have access to the nodes yuml page from a script (wget or
powershell webclient). But it doesn't work.
If i'm logged in and point by browser to the page
https://foreman/hosts/nodename/externalNodes?name=<https://mgtpup001.a41mgt.local/hosts/a4tmwo002.a41mgt.local/externalNodes?name=a4tmwo002.a41mgt.local>nodename
it works fine.
But if i logout and do a reload of the page i get an error
We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it shortly
I assume the externalNodes page does not request authentication if no
coockie ist sent with the request and throws an unauthorized instead.
This prevents using wget or webclient with credentials.
Anyone else with this issue. Can i unprotect the externalNodes Page for
anonymous access?
regrads
See "No security: disable authentication" in this section of the manual:
http://theforeman.org/manuals/1.3/index.html#5.4.1SecuringPuppetMasterRequests
···
On 18/11/13 09:34, Michael W�rz wrote:
> Hello,
> i need to have access to the nodes yuml page from a script (wget or
> powershell webclient). But it doesn't work.
>
> If i'm logged in and point by browser to the
> page https://foreman/hosts/nodename/externalNodes?name=
> nodename
> it works fine.
>
> But if i logout and do a reload of the page i get an error
>
>
> We're sorry, but something went wrong.
>
> We've been notified about this issue and we'll take a look at it shortly
>
> I assume the externalNodes page does not request authentication if no
> coockie ist sent with the request and throws an unauthorized instead.
> This prevents using wget or webclient with credentials.
>
> Anyone else with this issue. Can i unprotect the externalNodes Page for
> anonymous access?
–
Dominic Cleal
Red Hat Engineering
Thanks,
but this entirely disables security. No way to do so on an specific page?.
Is the described behavior a known bug or something dependend to our setup?
···
Am Dienstag, 19. November 2013 13:02:33 UTC+1 schrieb Dominic Cleal:
>
> On 18/11/13 09:34, Michael W�rz wrote:
> > Hello,
> > i need to have access to the nodes yuml page from a script (wget or
> > powershell webclient). But it doesn't work.
> >
> > If i'm logged in and point by browser to the
> > page https://foreman/hosts/nodename/externalNodes?name=
> > <
> https://mgtpup001.a41mgt.local/hosts/a4tmwo002.a41mgt.local/externalNodes?name=a4tmwo002.a41mgt.local>nodename
>
> > it works fine.
> >
> > But if i logout and do a reload of the page i get an error
> >
> >
> > We're sorry, but something went wrong.
> >
> > We've been notified about this issue and we'll take a look at it shortly
> >
> > I assume the externalNodes page does not request authentication if no
> > coockie ist sent with the request and throws an unauthorized instead.
> > This prevents using wget or webclient with credentials.
> >
> > Anyone else with this issue. Can i unprotect the externalNodes Page for
> > anonymous access?
>
> See "No security: disable authentication" in this section of the manual:
>
>
> http://theforeman.org/manuals/1.3/index.html#5.4.1SecuringPuppetMasterRequests
>
> --
> Dominic Cleal
> Red Hat Engineering
>
It disables security on the three puppetmaster interfaces (YAML, reports
and facts), but as you say, not the YAML/ENC interface by itself.
This is by design, it's not meant to be world readable, so what you're
trying to do is pretty unique. You could use the
trusted_puppetmaster_hosts setting to open up access to a single
hostname, but this still controls all three interfaces and not just that
one.
You could also open it up using one of these two settings and then use
an Apache auth config to restrict it in a different way.
···
On 20/11/13 10:03, Michael W�rz wrote:
> Thanks,
>
> but this entirely disables security. No way to do so on an specific
> page?. Is the described behavior a known bug or something dependend to
> our setup?
–
Dominic Cleal
Red Hat Engineering
Am Dienstag, 19. November 2013 13:02:33 UTC+1 schrieb Dominic Cleal:
On 18/11/13 09:34, Michael W�rz wrote:
> Hello,
> i need to have access to the nodes yuml page from a script (wget or
> powershell webclient). But it doesn't work.
>
> If i'm logged in and point by browser to the
> page https://foreman/hosts/nodename/externalNodes?name=
<https://foreman/hosts/nodename/externalNodes?name=>
>
<https://mgtpup001.a41mgt.local/hosts/a4tmwo002.a41mgt.local/externalNodes?name=a4tmwo002.a41mgt.local
<https://mgtpup001.a41mgt.local/hosts/a4tmwo002.a41mgt.local/externalNodes?name=a4tmwo002.a41mgt.local>>nodename
> it works fine.
>
> But if i logout and do a reload of the page i get an error
>
>
> We're sorry, but something went wrong.
>
> We've been notified about this issue and we'll take a look at it
shortly
>
> I assume the externalNodes page does not request authentication if no
> coockie ist sent with the request and throws an unauthorized instead.
> This prevents using wget or webclient with credentials.
>
> Anyone else with this issue. Can i unprotect the externalNodes
Page for
> anonymous access?
See "No security: disable authentication" in this section of the
manual:
http://theforeman.org/manuals/1.3/index.html#5.4.1SecuringPuppetMasterRequests
<http://theforeman.org/manuals/1.3/index.html#5.4.1SecuringPuppetMasterRequests>
--
Dominic Cleal
Red Hat Engineering
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/groups/opt_out.
