Use the Icinga 2 API action /v1/actions/generate-ticket to retrieve a client's ticket
#365
Labels
Comments
|
dnsmichi described a problem: The same must be done when we use the icinga ca and a ticket to authentificate the cert request. |
|
We wanna implement api requests authenticated by basic auth und cert validation (refs #360) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
The Puppet master should query the Icinga 2 Master for a client's ticket.
Current Behavior
The Puppet module uses its own hashing function which might break if the Icinga 2's hashing algorithm is changed for tickets.
https://github.com/Icinga/puppet-icinga2/blob/master/lib/puppet/parser/functions/icinga2_ticket_id.rb
Possible Solution
Use the API action implemented in Icinga/icinga2#4485
https://www.icinga.com/docs/icinga2/latest/doc/12-icinga2-api/#generate-ticket
This requires to have a fully provisioned Icinga 2 master before any client deployments, which might be a problem with Puppet here.
Context
We've discussed this in a meeting yesterday. I though I had opened this issue, but this happened for the Director module in Icinga/icingaweb2-module-director#401 (where it hasn't been implemented yet to my knowledge).
https://github.com/Icinga/icingaweb2-module-director/blob/da2968a6d3657e20a5695823a80f9f29e6c13e56/library/Director/Util.php#L89 uses their own hashing algorithm, we should take care about it when changing the Puppet module then too.
The text was updated successfully, but these errors were encountered: