Class: Puppetserver::Ca::Config::Puppet
- Inherits:
-
Object
- Object
- Puppetserver::Ca::Config::Puppet
- Defined in:
- lib/puppetserver/ca/config/puppet.rb
Overview
Provides an interface for asking for Puppet settings w/o loading Puppet. Includes a simple ini parser that will ignore Puppet’s more complicated conventions.
Constant Summary collapse
- TTL_UNITMAP =
How we convert from various units to seconds.
{ # 365 days isn't technically a year, but is sufficient for most purposes "y" => 365 * 24 * 60 * 60, "d" => 24 * 60 * 60, "h" => 60 * 60, "m" => 60, "s" => 1 }
- TTL_FORMAT =
A regex describing valid formats with groups for capturing the value and units
/^(\d+)(y|d|h|m|s)?$/
Instance Attribute Summary collapse
-
#errors ⇒ Object
readonly
Returns the value of attribute errors.
-
#settings ⇒ Object
readonly
Returns the value of attribute settings.
Class Method Summary collapse
Instance Method Summary collapse
- #default_certname ⇒ Object
-
#initialize(supplied_config_path = nil) ⇒ Puppet
constructor
A new instance of Puppet.
- #load(cli_overrides = {}) ⇒ Object
-
#parse_text(text) ⇒ Object
Parse an inifile formatted String.
-
#resolve_settings(overrides = {}) ⇒ Object
Resolve settings from default values, with any overrides for the specific settings or their dependent settings (ssldir, cadir) taken into account.
-
#user_specific_conf_dir ⇒ Object
Return the correct confdir.
- #user_specific_conf_file ⇒ Object
Constructor Details
#initialize(supplied_config_path = nil) ⇒ Puppet
Returns a new instance of Puppet.
34 35 36 37 38 39 40 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 34 def initialize(supplied_config_path = nil) @using_default_location = !supplied_config_path @config_path = supplied_config_path || user_specific_conf_file @settings = nil @errors = [] end |
Instance Attribute Details
#errors ⇒ Object (readonly)
Returns the value of attribute errors.
32 33 34 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 32 def errors @errors end |
#settings ⇒ Object (readonly)
Returns the value of attribute settings.
32 33 34 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 32 def settings @settings end |
Class Method Details
.parse(config_path) ⇒ Object
25 26 27 28 29 30 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 25 def self.parse(config_path) instance = new(config_path) instance.load return instance end |
Instance Method Details
#default_certname ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 76 def default_certname @certname ||= hostname = Facter.value(:hostname) domain = Facter.value(:domain) if domain and domain != '' fqdn = [hostname, domain].join('.') else fqdn = hostname end fqdn.chomp('.') end |
#load(cli_overrides = {}) ⇒ Object
61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 61 def load(cli_overrides = {}) if explicitly_given_config_file_or_default_config_exists? results = parse_text(File.read(@config_path)) end results ||= {} results[:main] ||= {} results[:master] ||= {} overrides = results[:main].merge(results[:master]) overrides.merge!(cli_overrides) @settings = resolve_settings(overrides).freeze end |
#parse_text(text) ⇒ Object
Parse an inifile formatted String. Only captures word character class keys/section names but nearly any character values (excluding leading whitespace) up to one of whitespace, opening curly brace, or hash sign (Our concern being to capture filesystem path values). Put values without a section into :main.
Return Hash of Symbol section names with Symbol setting keys and String values.
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 186 def parse_text(text) res = {} current_section = :main text.each_line do |line| case line when /^\s*\[(\w+)\].*/ current_section = $1.to_sym when /^\s*(\w+)\s*=\s*([^\s{#]+).*$/ # Using a Hash with a default key breaks RSpec expectations. res[current_section] ||= {} res[current_section][$1.to_sym] = $2 end end res end |
#resolve_settings(overrides = {}) ⇒ Object
Resolve settings from default values, with any overrides for the specific settings or their dependent settings (ssldir, cadir) taken into account.
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 90 def resolve_settings(overrides = {}) unresolved_setting = /\$[a-z_]+/ # Returning the key for unknown keys (rather than nil) is required to # keep unknown settings in the string for later verification. substitutions = Hash.new {|h, k| k } settings = {} # Order for base settings here matters! # These need to be evaluated before we can construct their dependent # defaults below base_defaults = [ [:confdir, user_specific_conf_dir], [:ssldir,'$confdir/ssl'], [:cadir, '$ssldir/ca'], [:certdir, '$ssldir/certs'], [:certname, default_certname], [:server, '$certname'], [:masterport, '8140'], [:privatekeydir, '$ssldir/private_keys'], [:publickeydir, '$ssldir/public_keys'], ] dependent_defaults = { :ca_name => 'Puppet CA: $certname', :root_ca_name => "Puppet Root CA: #{SecureRandom.hex(7)}", :keylength => 4096, :cacert => '$cadir/ca_crt.pem', :cakey => '$cadir/ca_key.pem', :capub => '$cadir/ca_pub.pem', :csr_attributes => '$confdir/csr_attributes.yaml', :rootkey => '$cadir/root_key.pem', :cacrl => '$cadir/ca_crl.pem', :serial => '$cadir/serial', :cert_inventory => '$cadir/inventory.txt', :ca_server => '$server', :ca_port => '$masterport', :localcacert => '$certdir/ca.pem', :hostcrl => '$ssldir/crl.pem', :hostcert => '$certdir/$certname.pem', :hostprivkey => '$privatekeydir/$certname.pem', :hostpubkey => '$publickeydir/$certname.pem', :ca_ttl => '15y', :certificate_revocation => 'true', :signeddir => '$cadir/signed', } # This loops through the base defaults and gives each setting a # default if the value isn't specified in the config file. Default # values given may depend upon the value of a previous base setting, # thus the creation of the substitution hash. base_defaults.each do |setting_name, default_value| substitution_name = '$' + setting_name.to_s setting_value = overrides.fetch(setting_name, default_value) subbed_value = setting_value.sub(unresolved_setting, substitutions) settings[setting_name] = substitutions[substitution_name] = subbed_value end dependent_defaults.each do |setting_name, default_value| setting_value = overrides.fetch(setting_name, default_value) settings[setting_name] = setting_value end # If subject-alt-names are provided, we need to add the certname in addition overrides[:dns_alt_names] << ',$certname' if overrides[:dns_alt_names] # rename dns_alt_names to subject_alt_names now that we support IP alt names settings[:subject_alt_names] = overrides.fetch(:dns_alt_names, "") # Some special cases where we need to manipulate config settings: settings[:ca_ttl] = munge_ttl_setting(settings[:ca_ttl]) settings[:certificate_revocation] = parse_crl_usage(settings[:certificate_revocation]) settings[:subject_alt_names] = Puppetserver::Ca::Utils::Config.munge_alt_names(settings[:subject_alt_names]) settings[:keylength] = settings[:keylength].to_i settings.each do |key, value| next unless value.is_a? String settings[key] = value.gsub(unresolved_setting, substitutions) if match = settings[key].match(unresolved_setting) @errors << "Could not parse #{match[0]} in #{value}, " + 'valid settings to be interpolated are ' + '$ssldir, $certdir, $cadir, $certname, $server, or $masterport' end end return settings end |
#user_specific_conf_dir ⇒ Object
Return the correct confdir. We check for being root on *nix, else the user path. We do not include a check for running as Adminstrator since non-development scenarios for Puppet Server on Windows are unsupported. Note that Puppet Server runs as the [pe-]puppet user but to start/stop it you must be root.
48 49 50 51 52 53 54 55 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 48 def user_specific_conf_dir @user_specific_conf_dir ||= if Puppetserver::Ca::Utils::Config.running_as_root? '/etc/puppetlabs/puppet' else "#{ENV['HOME']}/.puppetlabs/etc/puppet" end end |
#user_specific_conf_file ⇒ Object
57 58 59 |
# File 'lib/puppetserver/ca/config/puppet.rb', line 57 def user_specific_conf_file user_specific_conf_dir + '/puppet.conf' end |