Class: ACE::PuppetUtil

Inherits:
Object
  • Object
show all
Defined in:
lib/ace/puppet_util.rb

Class Method Summary collapse

Class Method Details

.certificate_revocationObject 



7
8
9
10
11
12
13
14
 
# File 'lib/ace/puppet_util.rb', line 7

def self.certificate_revocation
  @certificate_revocation ||= begin
    Puppet.initialize_settings
    result = Puppet[:certificate_revocation]
    Puppet.clear
    result
  end
end

.init_global_settings(ca_cert_path, ca_crls_path, private_key_path, client_cert_path, cachedir, uri) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/ace/puppet_util.rb', line 16

def self.init_global_settings(ca_cert_path, ca_crls_path, private_key_path, client_cert_path, cachedir, uri)
  revocation = certificate_revocation

  Puppet::Util::Log.destinations.clear
  Puppet::Util::Log.newdestination(:console)
  Puppet.settings[:log_level] = 'notice'
  Puppet.settings[:trace] = true
  Puppet.settings[:catalog_terminus] = :certless
  Puppet.settings[:node_terminus] = :memory
  Puppet.settings[:catalog_cache_terminus] = :json
  Puppet.settings[:facts_terminus] = :network_device
  # the following settings are just to make base_context
  # happy, these will not be the final values,
  # as per request settings will be set later on
  # to satisfy multi-environments
  Puppet.settings[:vardir] = cachedir
  Puppet.settings[:confdir] = File.join(cachedir, 'conf_x')
  Puppet.settings[:rundir] = File.join(cachedir, 'run_x')
  Puppet.settings[:logdir] = File.join(cachedir, 'log_x')
  Puppet.settings[:codedir] = File.join(cachedir, 'code_x')
  Puppet.settings[:plugindest] = File.join(cachedir, 'plugin_x')

  # ssl_context will be a persistent context
  cert_provider = Puppet::X509::CertProvider.new(
    capath: ca_cert_path,
    crlpath: ca_crls_path
  )
  ssl_context = Puppet::SSL::SSLProvider.new.create_context(
    cacerts: cert_provider.load_cacerts(required: true),
    crls: cert_provider.load_crls(required: true),
    private_key: OpenSSL::PKey::RSA.new(File.read(private_key_path, encoding: 'utf-8')),
    client_cert: OpenSSL::X509::Certificate.new(File.read(client_cert_path, encoding: 'utf-8')),
    revocation: revocation
  )
  # Store SSL settings for reuse in isolated process
  @ssl_settings = {
    ssl_context: ssl_context,
    server: uri.host,
    serverport: uri.port
  }
end

.isolated_puppet_settings(certname, environment, enforce_environment, environment_dir) ⇒ Object 



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/ace/puppet_util.rb', line 58

def self.isolated_puppet_settings(certname, environment, enforce_environment, environment_dir)
  Puppet.settings[:certname] = certname
  Puppet.settings[:environment] = environment
  Puppet.settings[:strict_environment_mode] = enforce_environment

  Puppet.settings[:vardir] = File.join(environment_dir)
  Puppet.settings[:confdir] = File.join(environment_dir, 'conf')
  Puppet.settings[:rundir] = File.join(environment_dir, 'run')
  Puppet.settings[:logdir] = File.join(environment_dir, 'log')
  Puppet.settings[:codedir] = File.join(environment_dir, 'code')
  Puppet.settings[:plugindest] = File.join(environment_dir, 'plugins')

  # establish a base_context. This needs to be the first context on the stack, but must not be created
  # before all settings have been set. For example, this will create a Puppet::Environments::Directories
  # instance copying the :environmentpath setting and never updating this.
  Puppet.push_context(Puppet.base_context(Puppet.settings), "Puppet Initialization")
  Puppet.push_context(@ssl_settings, "PuppetServer connection information to be used")

  # finalise settings initialisation
  Puppet.settings.use :main, :agent, :ssl

  # special override
  Puppet::Transaction::Report.indirection.terminus_class = :rest

  # configure the requested environment, and deploy new loaders
  env = Puppet::Node::Environment.remote(environment)
  Puppet.push_context({
                        configured_environment: environment,
                        loaders: Puppet::Pops::Loaders.new(env)
                      }, "Isolated settings to be used")
end