ncio 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +5 -4
- data/lib/ncio/http_client.rb +4 -4
- data/lib/ncio/support/option_parsing.rb +24 -6
- data/lib/ncio/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a2052b10003c3a63395281ac33811900acf2f9a
|
4
|
+
data.tar.gz: 63c12430435b5780d06deb55ccedf58c8d0a8c44
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9c1f4d189022e00370658084a5b8f818d6d36e0fa4e8b7a597559d41e3d8ef17403f7c7925ab8b04c2cbc0daaf07f07da7526d372cbfc28974b97fe5ed101ec1
|
7
|
+
data.tar.gz: 20691eaf4dc7c983536a69ab4aaef28994be31e12f86cad8ecde2916c9381da1843fe8cadc92ee96d8aa6441d9d37a7966bfff885863c62960ac2e4b98068a1b
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -64,10 +64,11 @@ Install this tool on the same node running the node classification service:
|
|
64
64
|
|
65
65
|
## Usage
|
66
66
|
|
67
|
-
|
68
|
-
exists on the same node as
|
69
|
-
|
70
|
-
|
67
|
+
Ncio will attempt to use the host certificate from
|
68
|
+
`/etc/puppetlabs/puppet/ssl/certs/$FQDN.pem` if it exists on the same node as
|
69
|
+
the Node Classifier. If this certificate has sufficient access then no
|
70
|
+
configuration is necessary. The default options will work to backup and restore
|
71
|
+
node classification data.
|
71
72
|
|
72
73
|
sudo -H -u pe-puppet /opt/puppetlabs/puppet/bin/ncio backup > /var/tmp/backup.json
|
73
74
|
I, [2016-06-28T19:25:55.507684 #2992] INFO -- : Backup completed successfully!
|
data/lib/ncio/http_client.rb
CHANGED
@@ -27,8 +27,8 @@ module Ncio
|
|
27
27
|
host: Socket.gethostname,
|
28
28
|
port: 4433,
|
29
29
|
use_ssl: true,
|
30
|
-
cert: ssldir
|
31
|
-
key: ssldir
|
30
|
+
cert: "#{ssldir}/certs/#{Socket.gethostname}.pem",
|
31
|
+
key: "#{ssldir}/private_keys/#{Socket.gethostname}.pem",
|
32
32
|
cacert: ssldir + '/certs/ca.pem'
|
33
33
|
}.freeze
|
34
34
|
|
@@ -44,11 +44,11 @@ module Ncio
|
|
44
44
|
#
|
45
45
|
# @option opts [String] :cert The path to the PEM encoded client
|
46
46
|
# certificate. Defaults to
|
47
|
-
# `"/etc/puppetlabs/puppet/ssl/certs
|
47
|
+
# `"/etc/puppetlabs/puppet/ssl/certs/$FQDN.pem"`
|
48
48
|
#
|
49
49
|
# @option opts [String] :key The path to the PEM encoded RSA private key
|
50
50
|
# used for the SSL client connection. Defaults to
|
51
|
-
# `"/etc/puppetlabs/puppet/ssl/private_keys
|
51
|
+
# `"/etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem"`
|
52
52
|
#
|
53
53
|
# @option opts [String] :cacert The path to the PEM encoded CA certificate
|
54
54
|
# used to authenticate the service URL. Defaults to
|
@@ -59,6 +59,8 @@ module Ncio
|
|
59
59
|
def parse_global_options!(argv, env)
|
60
60
|
semver = Ncio::VERSION
|
61
61
|
host = Socket.gethostname
|
62
|
+
cert_default = self.cert_default
|
63
|
+
key_default = self.key_default
|
62
64
|
Ncio::Trollop.options(argv) do
|
63
65
|
stop_on_unknown
|
64
66
|
version "ncio #{semver} (c) 2016 Jeff McCune"
|
@@ -66,8 +68,8 @@ module Ncio
|
|
66
68
|
uri_dfl = env['NCIO_URI'] || "https://#{host}:4433/classifier-api/v1"
|
67
69
|
opt :uri, 'Node Classifier service uri '\
|
68
70
|
'{NCIO_URI}', default: uri_dfl
|
69
|
-
opt :cert, CERT_MSG, default: env['NCIO_CERT'] ||
|
70
|
-
opt :key, KEY_MSG, default: env['NCIO_KEY'] ||
|
71
|
+
opt :cert, CERT_MSG, default: env['NCIO_CERT'] || cert_default
|
72
|
+
opt :key, KEY_MSG, default: env['NCIO_KEY'] || key_default
|
71
73
|
opt :cacert, CACERT_MSG, default: env['NCIO_CACERT'] || CACERT_DEFAULT
|
72
74
|
log_msg = 'Log file to write to or keywords '\
|
73
75
|
'STDOUT, STDERR {NCIO_LOGTO}'
|
@@ -167,6 +169,22 @@ module Ncio
|
|
167
169
|
end
|
168
170
|
end
|
169
171
|
|
172
|
+
def self.pem_exists?(name)
|
173
|
+
File.exist?(SSLDIR + "/certs/#{name}.pem")
|
174
|
+
end
|
175
|
+
|
176
|
+
def certname
|
177
|
+
NAMES.find { |n| Ncio::Support::OptionParsing.pem_exists?(n) } || NAMES.last
|
178
|
+
end
|
179
|
+
|
180
|
+
def cert_default
|
181
|
+
SSLDIR + "/certs/#{certname}.pem"
|
182
|
+
end
|
183
|
+
|
184
|
+
def key_default
|
185
|
+
SSLDIR + "/private_keys/#{certname}.pem"
|
186
|
+
end
|
187
|
+
|
170
188
|
BANNER = <<-'EOBANNER'.freeze
|
171
189
|
usage: ncio [GLOBAL OPTIONS] SUBCOMMAND [ARGS]
|
172
190
|
Sub Commands:
|
@@ -190,15 +208,15 @@ Transformation:
|
|
190
208
|
Global options: (Note, command line arguments supersede ENV vars in {}'s)
|
191
209
|
EOBANNER
|
192
210
|
|
211
|
+
# Names used to look for the default client certificate
|
212
|
+
NAMES = ['pe-internal-orchestrator', Socket.gethostname.downcase]
|
213
|
+
|
193
214
|
SSLDIR = '/etc/puppetlabs/puppet/ssl'.freeze
|
215
|
+
|
194
216
|
CERT_MSG = 'White listed client SSL cert {NCIO_CERT} '\
|
195
217
|
'See: https://goo.gl/zCjncC'.freeze
|
196
|
-
CERT_DEFAULT = (SSLDIR + '/certs/'\
|
197
|
-
'pe-internal-orchestrator.pem').freeze
|
198
218
|
KEY_MSG = 'Client RSA key, must match certificate '\
|
199
219
|
'{NCIO_KEY}'.freeze
|
200
|
-
KEY_DEFAULT = (SSLDIR + '/private_keys/'\
|
201
|
-
'pe-internal-orchestrator.pem').freeze
|
202
220
|
CACERT_MSG = 'CA Cert to authenticate the service uri '\
|
203
221
|
'{NCIO_CACERT}'.freeze
|
204
222
|
CACERT_DEFAULT = (SSLDIR + '/certs/ca.pem').freeze
|
data/lib/ncio/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ncio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeff McCune
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|