Method: Puppet::SSL::StateMachine#initialize

Defined in:

lib/puppet/ssl/state_machine.rb

#initialize(waitforcert: , maxwaitforcert: , waitforlock: , maxwaitforlock: , onetime: , cert_provider: Puppet::X509::CertProvider.new, ssl_provider: Puppet::SSL::SSLProvider.new, lockfile: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]), digest: 'SHA256', ca_fingerprint: ) ⇒ StateMachine

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Construct a state machine to manage the SSL initialization process. By default, if the state machine encounters an exception, it will log the exception and wait for waitforcert seconds and retry, restarting from the beginning of the state machine.

However, if onetime is true, then the state machine will raise the first error it encounters, instead of waiting. Otherwise, if waitforcert is 0, then then state machine will exit instead of wait.

Parameters:

• waitforcert (Integer) (defaults to: ) —

  how many seconds to wait between attempts

• maxwaitforcert (Integer) (defaults to: ) —

  maximum amount of seconds to wait for the server to sign the certificate request

• waitforlock (Integer) (defaults to: ) —

  how many seconds to wait between attempts for acquiring the ssl lock

• maxwaitforlock (Integer) (defaults to: ) —

  maximum amount of seconds to wait for an already running process to release the ssl lock

• onetime (Boolean) (defaults to: ) —

  whether to run onetime

• lockfile (Puppet::Util::Pidlock) (defaults to: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile])) —

  lockfile to protect against concurrent modification by multiple processes

• cert_provider (Puppet::X509::CertProvider) (defaults to: Puppet::X509::CertProvider.new) —

  cert provider to use to load and save X509 objects.

• ssl_provider (Puppet::SSL::SSLProvider) (defaults to: Puppet::SSL::SSLProvider.new) —

  ssl provider to use to construct ssl contexts.

• digest (String) (defaults to: 'SHA256') —

  digest algorithm to use for certificate fingerprinting

• ca_fingerprint (String) (defaults to: ) —

  optional fingerprint to verify the downloaded CA bundle

# File 'lib/puppet/ssl/state_machine.rb', line 517

def initialize(waitforcert: Puppet[:waitforcert],
               maxwaitforcert: Puppet[:maxwaitforcert],
               waitforlock: Puppet[:waitforlock],
               maxwaitforlock: Puppet[:maxwaitforlock],
               onetime: Puppet[:onetime],
               cert_provider: Puppet::X509::CertProvider.new,
               ssl_provider: Puppet::SSL::SSLProvider.new,
               lockfile: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]),
               digest: 'SHA256',
               ca_fingerprint: Puppet[:ca_fingerprint])
  @waitforcert = waitforcert
  @wait_deadline = Time.now.to_i + maxwaitforcert
  @waitforlock = waitforlock
  @waitlock_deadline = Time.now.to_i + maxwaitforlock
  @onetime = onetime
  @cert_provider = cert_provider
  @ssl_provider = ssl_provider
  @lockfile = lockfile
  @digest = digest
  @ca_fingerprint = ca_fingerprint
  @session = Puppet.runtime[:http].create_session
end