jonuwz/proxying puppetmaster api

## proxying puppetmaster api
This is so we can do puppet cert clean remotely.

on the puppet box :

puppet cert generate pe-api
cat /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private_keys/pe-api.pem > cat /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private/pe-api.pem

cat <<'EOF' > /etc/puppetlabs/httpd/console_apps.d/api.conf
SSLProxyEngine on
SSLProxyCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSLProxyMachineCertificateFile /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private/pe-api.pem

ProxyPassMatch ^/api/(.*)$ https://localhost:8140/$1
EOF

Now add pe-api to the allow list in auth.conf for the endpoints you want to hit.  i.e.

path  /certificate_status
method find, search, save, destroy
auth yes
allow pe-internal-dashboard, pe-api


/etc/init.d/pe-httpd restart

now you can hit :

curl -k  -H "Accept: pson" https://puppet.domain/api/production/certificate_status/<certname>
	This is so we can do puppet cert clean remotely.

	on the puppet box :

	puppet cert generate pe-api
	cat /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private_keys/pe-api.pem > cat /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private/pe-api.pem

	cat <<'EOF' > /etc/puppetlabs/httpd/console_apps.d/api.conf
	SSLProxyEngine on
	SSLProxyCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
	SSLProxyMachineCertificateFile /etc/puppetlabs/puppet/ssl/certs/pe-api.pem /etc/puppetlabs/puppet/ssl/private/pe-api.pem

	ProxyPassMatch ^/api/(.*)$ https://localhost:8140/$1
	EOF

	Now add pe-api to the allow list in auth.conf for the endpoints you want to hit. i.e.

	path /certificate_status
	method find, search, save, destroy
	auth yes
	allow pe-internal-dashboard, pe-api


	/etc/init.d/pe-httpd restart

	now you can hit :

	curl -k -H "Accept: pson" https://puppet.domain/api/production/certificate_status/<certname>