module Puppet::Acceptance::CAUtils
Public Instance Methods
clean_cert(host, cn, check = true)
click to toggle source
# File acceptance/lib/puppet/acceptance/common_utils.rb 70 def clean_cert(host, cn, check = true) 71 if host == master && master[:is_puppetserver] 72 on master, puppet_resource("service", master['puppetservice'], "ensure=stopped") 73 end 74 75 on(host, puppet('cert', 'clean', cn), :acceptable_exit_codes => check ? [0] : [0, 24]) 76 if check 77 assert_match(/remov.*Certificate.*#{cn}/i, stdout, "Should see a log message that certificate request was removed.") 78 on(host, puppet('cert', 'list', '--all')) 79 assert_no_match(/#{cn}/, stdout, "Should not see certificate in list anymore.") 80 end 81 end
clear_agent_ssl()
click to toggle source
# File acceptance/lib/puppet/acceptance/common_utils.rb 83 def clear_agent_ssl 84 return if master.is_pe? 85 step "All: Clear agent only ssl settings (do not clear master)" 86 hosts.each do |host| 87 next if host == master 88 ssldir = on(host, puppet('agent --configprint ssldir')).stdout.chomp 89 on( host, host_command("rm -rf '#{ssldir}'") ) 90 end 91 end
initialize_ssl()
click to toggle source
# File acceptance/lib/puppet/acceptance/common_utils.rb 23 def initialize_ssl 24 hostname = on(master, 'facter hostname').stdout.strip 25 fqdn = on(master, 'facter fqdn').stdout.strip 26 27 if master.use_service_scripts? 28 step "Ensure puppet is stopped" 29 # Passenger, in particular, must be shutdown for the cert setup steps to work, 30 # but any running puppet master will interfere with webrick starting up and 31 # potentially ignore the puppet.conf changes. 32 on(master, puppet('resource', 'service', master['puppetservice'], "ensure=stopped")) 33 end 34 35 step "Clear SSL on all hosts" 36 hosts.each do |host| 37 ssldir = on(host, puppet('agent --configprint ssldir')).stdout.chomp 38 on(host, "rm -rf '#{ssldir}'") 39 end 40 41 step "Master: Start Puppet Master" do 42 master_opts = { 43 :main => { 44 :dns_alt_names => "puppet,#{hostname},#{fqdn}", 45 }, 46 :__service_args__ => { 47 # apache2 service scripts can't restart if we've removed the ssl dir 48 :bypass_service_script => true, 49 }, 50 } 51 with_puppet_running_on(master, master_opts) do 52 53 hosts.each do |host| 54 next if host['roles'].include? 'master' 55 56 step "Agents: Run agent --test first time to gen CSR" 57 on host, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [1] 58 end 59 60 # Sign all waiting certs 61 step "Master: sign all certs" 62 on master, puppet("cert --sign --all"), :acceptable_exit_codes => [0,24] 63 64 step "Agents: Run agent --test second time to obtain signed cert" 65 on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2] 66 end 67 end 68 end
reset_agent_ssl(resign = true)
click to toggle source
# File acceptance/lib/puppet/acceptance/common_utils.rb 93 def reset_agent_ssl(resign = true) 94 return if master.is_pe? 95 clear_agent_ssl 96 97 hostname = master.execute('facter hostname') 98 fqdn = master.execute('facter fqdn') 99 100 step "Clear old agent certificates from master" do 101 agents.each do |agent| 102 next if agent == master && agent.is_using_passenger? 103 agent_cn = on(agent, puppet('agent --configprint certname')).stdout.chomp 104 clean_cert(master, agent_cn, false) if agent_cn 105 end 106 end 107 108 if resign 109 step "Master: Ensure the master is listening and autosigning" 110 with_puppet_running_on(master, 111 :master => { 112 :dns_alt_names => "puppet,#{hostname},#{fqdn}", 113 :autosign => true, 114 } 115 ) do 116 117 agents.each do |agent| 118 next if agent == master && agent.is_using_passenger? 119 step "Agents: Run agent --test once to obtain auto-signed cert" do 120 on agent, puppet('agent', "--test --server #{master}"), :acceptable_exit_codes => [0,2] 121 end 122 end 123 end 124 end 125 end