As per https://github.com/voxpupuli/puppet-puppetboard/pull/280 here are some alternative instructions for CentOS 7 and RHEL 7 users to utlilse Python 3 with Apache (httpd).
<!--
Thank you for contributing to this project!
-->
Pull Request (PR) description
<!--
Replace this comment with a description of your pull request.
-->
This Pull Request (PR) fixes the following issues
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
Pull Request (PR) description
This should fix issues with SELinux and allow usage in enforcing mode. It works, but as I am not a SELinux expert, permissions for puppetboard and venv files should be reviewed to check if something is missing/permissions should be more restrictive.
Another issue is best practice for certificate path in single node mode - with SELinux enforcing mode Puppetboard can't read files with context puppet_etc_t (and it should be like this) . In my environment I fixed with this snippet
puppet
file {
default:
require => Class['puppet'],
notify => Service['httpd'],
;
'/etc/pki/tls/certs/puppet_server_ca.pem':
mode => '0644',
source => 'file:///etc/puppetlabs/puppet/ssl/certs/ca.pem',
;
'/etc/pki/tls/certs/puppet_server_cert.pem':
mode => '0644',
source => "file:///etc/puppetlabs/puppet/ssl/certs/${networking['fqdn']}.pem",
;
'/etc/pki/tls/private/puppet_server_key.pem':
owner => 'puppetboard',
mode => '0400',
source => "file:///etc/puppetlabs/puppet/ssl/private_keys/${networking['fqdn']}.pem",
;
}
But probably it is not the best solution, so where should certificates go? /etc/puppetboard/ssl?
This Pull Request (PR) fixes the following issues
Fixes #336
Fixes #365
<!--
Thank you for contributing to this project!
-->
Pull Request (PR) description
<!--
Replace this comment with a description of your pull request.
-->
This Pull Request (PR) fixes the following issues
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
Pull Request (PR) description
This fixes the wsgi parameters passed to apache::vhost as currently they don't match what the module accepts.
This Pull Request (PR) fixes the following issues
n/a
Pull Request (PR) description
the vcsrepo resource which checks out puppetboard uses $group (which it already required in previous versions) instead of the default group (usually root)
<!--
Thank you for contributing to this project!
-->
Pull Request (PR) description
<!--
Replace this comment with a description of your pull request.
-->
This Pull Request (PR) fixes the following issues
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
Pull Request (PR) description
We are running Puppetboard under CentOS 7 and were experiencing the Python 3.6 / WSGI troubles described in the README. As part of the solution we needed a way to either switch off the management of apache::mod::wsgi by puppetboard::apache::vhost or be able to pass custom configuration settings to make Apache load a different module, linked to Python 3.
This PR adds both functions, not just for CentOS 7 as other people might be interested in using other ways to set up mod_wsgi.
This Pull Request (PR) fixes the following issues
n/a
<!--
Thank you for contributing to this project!
-->
Pull Request (PR) description
<!--
Adds the graph_facts array/variable to enable the creating of a pie/bar chart of the desired facts.
-->
The extra_settings is somewhat cumbersome to use for GRAPHFACTS in the settings.py file because it necessitates escaping the single quote character around the facts to be graphed. This PR adds the graphfacts variable as an array, sorts and unique-ifies the array and wraps the result in a set of single quotes:
GRAPH_FACTS = 'kernel,operatingsystem,operatingsystemmajrelease'
Pull Request (PR) description
As inspired by issue mentioned, this fix the install of wsgi for python 3.8 and 3.9 on rhel.
There is no need to set to specific mod_path as the packages provides the file in httpd/modules
```bash
yum provides /usr/lib64/httpd/modules/modwsgipython3.so
python3-modwsgi-4.6.4-4.el8.x8664 : A WSGI interface for Python web applications in Apache
Repo : appstream
Matched from:
Filename : /usr/lib64/httpd/modules/modwsgipython3.so
python38-modwsgi-4.6.8-3.module+el8.4.0+570+c2eaf144.x8664 : A WSGI interface for Python web applications in Apache
Repo : appstream
Matched from:
Filename : /usr/lib64/httpd/modules/modwsgipython3.so
python39-modwsgi-4.7.1-4.module+el8.4.0+574+843c4898.x8664 : A WSGI interface for Python web applications in Apache
Repo : appstream
Matched from:
Filename : /usr/lib64/httpd/modules/modwsgipython3.so
```
I’m not a very confident test writer, but I did my best to test the changes I made. Please suggest what could be done better if you think it is required.
This Pull Request (PR) fixes the following issues
Fixes #369
The module configure PuppetBoard, but also has classes to setup Apache
configuration to serve it. Unfortunately, such configuration is very
site specific, and providing it in the module confuse users who discover
that their setup is exposed to the internet without authentication.
At some point, LDAP authentication was added which partially fix the
issue, but only for users who can authenticate their users with LDAP.
It is also quite common to use the Puppet CA to authenticate clients,
or use Passenger instead of wsgi, or use another web server than apache,
and any combination of this, making a generic solution not viable.
Remove all these apache-specific examples from the module classes, and
provide examples configuration for different setups. It will be easier
to add new integration examples by just dropping more files in the
example directory, without cluttering the module with complex mostly
private code.
