Class: Puppetserver::Ca::Action::Enable
- Inherits:
-
Object
- Object
- Puppetserver::Ca::Action::Enable
- Includes:
- Utils
- Defined in:
- lib/puppetserver/ca/action/enable.rb
Constant Summary collapse
- SUMMARY =
"Setup infrastructure CRL based on a node inventory."
- BANNER =
<<-BANNER Usage: puppetserver ca enable [--help] puppetserver ca enable [--infracrl] Description: Performs actions necessary to enable certain CA modes. --infracrl Creates auxiliary files necessary to use the infrastructure-only CRL. Assumes the existence of an `infra_inventory.txt` file in the CA directory listing the certnames of the infrastructure nodes in the Puppet installation. Generates the the empty CRL to be populated with revoked infrastructure nodes. Options: BANNER
Class Method Summary collapse
Instance Method Summary collapse
- #check_for_existing_infra_files(files) ⇒ Object
- #create_infra_crl_chain(settings) ⇒ Object
- #enable_infra_crl(settings) ⇒ Object
-
#initialize(logger) ⇒ Enable
constructor
A new instance of Enable.
- #parse(cli_args) ⇒ Object
- #run(input) ⇒ Object
Constructor Details
#initialize(logger) ⇒ Enable
Returns a new instance of Enable.
35 36 37 |
# File 'lib/puppetserver/ca/action/enable.rb', line 35 def initialize(logger) @logger = logger end |
Class Method Details
.parser(parsed = {}) ⇒ Object
123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/puppetserver/ca/action/enable.rb', line 123 def self.parser(parsed = {}) OptionParser.new do |opts| opts. = BANNER opts.on('--help', 'Display this command-specific help output') do |help| parsed['help'] = true end opts.on('--config CONF', 'Path to puppet.conf') do |conf| parsed['config'] = conf end opts.on('--infracrl', "Create auxiliary files for the infrastructure-only CRL.") do |infracrl| parsed['infracrl'] = true end end end |
Instance Method Details
#check_for_existing_infra_files(files) ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/puppetserver/ca/action/enable.rb', line 82 def check_for_existing_infra_files(files) file_errors = FileSystem.check_for_existing_files(files) if !file_errors.empty? notice = <<-MSG If you would really like to reinitialize your infrastructure CRL, please delete the existing files and run this command again. MSG file_errors << notice end return file_errors end |
#create_infra_crl_chain(settings) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/puppetserver/ca/action/enable.rb', line 94 def create_infra_crl_chain(settings) # Load most secure signing digest we can for cers/crl/csr signing. signer = SigningDigest.new return signer.errors if signer.errors.any? ca = LocalCertificateAuthority.new(signer.digest, settings) return ca.errors if ca.errors.any? infra_crl = ca.create_crl_for(ca.cert, ca.key) # Drop the full leaf CRL from the chain crl_chain = ca.crl_chain.drop(1) # Add the new clean CRL, that will be populated with infra nodes only # as they are revoked crl_chain.unshift(infra_crl) FileSystem.write_file(File.join(settings[:cadir], 'infra_crl.pem'), crl_chain, 0644) [] end |
#enable_infra_crl(settings) ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/puppetserver/ca/action/enable.rb', line 60 def enable_infra_crl(settings) inventory_file = File.join(settings[:cadir], 'infra_inventory.txt') if !File.exist?(inventory_file) error = <<-ERR Please create an inventory file at '#{inventory_file}' with the certnames of your infrastructure nodes before proceeding with infra CRL setup!" ERR return [error] end infra_crl = File.join(settings[:cadir], 'infra_crl.pem') file_errors = check_for_existing_infra_files(infra_crl) return file_errors if !file_errors.empty? errors = create_infra_crl_chain(settings) return errors if !errors.empty? @logger.inform "Infra CRL files created." return [] end |
#parse(cli_args) ⇒ Object
114 115 116 117 118 119 120 121 |
# File 'lib/puppetserver/ca/action/enable.rb', line 114 def parse(cli_args) results = {} parser = self.class.parser(results) errors = CliParsing.parse_with_errors(parser, cli_args) errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help) exit_code = errors_were_handled ? 1 : nil return results, exit_code end |
#run(input) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/puppetserver/ca/action/enable.rb', line 39 def run(input) # Validate config_path provided config_path = input['config'] if config_path errors = FileSystem.validate_file_paths(config_path) return 1 if Errors.handle_with_usage(@logger, errors) end puppet = Config::Puppet.new(config_path) puppet.load({}, @logger) settings = puppet.settings return 1 if Errors.handle_with_usage(@logger, puppet.errors) if input['infracrl'] errors = enable_infra_crl(settings) return 1 if Errors.handle_with_usage(@logger, errors) end return 0 end |