1. 10 Jun, 2020 1 commit
    • Thore Bödecker's avatar
      also allow whitelisted admin clients to clean certs · f63fdaa5
      Thore Bödecker authored
      During #728 a regression was introduced, denying the other whitelisted
      admin clients cleaning/deletion of certificates:
      
      ```
      2020-06-02T16:30:47.856+02:00 ERROR [qtp1105504743-114201] [p.t.a.rules] Forbidden request: puppetserver01.[...] access to /puppet-ca/v1/certificate_status/my.fancy.hostname (method :delete) (authenticated: true) denied by rule 'Allow nodes to delete their own certificates'.
      ```
      
      The solution is to re-allow the entries within
      `@server_admin_api_whitelist`, which usually contain "localhost" and the
      fqdn of the puppetserver CA system.
      f63fdaa5
  2. 27 May, 2020 1 commit
    • Stefan Goethals's avatar
      Check CA path when creating the CA cert · 34d53f78
      Stefan Goethals authored
      When starting a new puppetserver as CA with existing CA files, the current code
      tries to perform 'puppetserver ca setup' because the puppetserver's cert does
      not exist yet. However, that command fails because the CA cert files exist and
      can, correctly, not be overwritten.
      
      This change checks for the CA cert, instead of the server's own cert.
      34d53f78
  3. 14 May, 2020 1 commit
  4. 13 May, 2020 2 commits
  5. 12 May, 2020 1 commit
  6. 05 May, 2020 1 commit
  7. 04 May, 2020 3 commits
  8. 01 May, 2020 1 commit
  9. 30 Apr, 2020 2 commits
  10. 24 Apr, 2020 5 commits
  11. 17 Apr, 2020 1 commit
  12. 14 Apr, 2020 2 commits
  13. 13 Apr, 2020 1 commit
  14. 02 Apr, 2020 2 commits
  15. 01 Apr, 2020 1 commit
  16. 23 Mar, 2020 1 commit
  17. 21 Mar, 2020 1 commit
  18. 12 Feb, 2020 2 commits
  19. 21 Jan, 2020 1 commit
    • fschaer's avatar
      Update cipher suites · 8cc4e309
      fschaer authored
      This change is needed as puppetlabs is allowing only (non ?)-DH ciphers in puppetdb6, which in turn causes connectivity failures between puppet server and puppetdb if no common cipher is found. Unfortunately, changing the puppet server ciphers is not enough, setting the puppetdb ciphers is also necessary to make sure all communications are ok - this was added in the README in the puppetdb integration section as this change has to be done outside this module.
      
      Fixes GH-714
      8cc4e309
  20. 15 Jan, 2020 1 commit
    • Alexander Fisher's avatar
      Add server_multithreaded parameter · 0de3202b
      Alexander Fisher authored
      Puppet Server 6.8 has just been released with an experimental new
      feature.
      
      > This release adds a new JRuby pool architecture that maintains a
      > single JRuby instance through which requests to Puppet Server are run
      > concurrently. In this mode, the server's memory footprint is
      > significantly lighter, because it no longer needs to run multiple JRuby
      > instances. Toggle this behavior by setting the
      > `jruby-puppet.multithreaded` to `true`.
      
      This commit adds support for this new setting.
      0de3202b
  21. 13 Dec, 2019 1 commit
  22. 04 Dec, 2019 2 commits
  23. 26 Nov, 2019 1 commit
  24. 12 Nov, 2019 1 commit
  25. 05 Nov, 2019 1 commit
  26. 25 Oct, 2019 1 commit
  27. 24 Oct, 2019 1 commit
  28. 22 Jun, 2019 1 commit