puppet 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +0 -0
- data/COPYING +340 -0
- data/LICENSE +17 -0
- data/README +24 -0
- data/Rakefile +294 -0
- data/TODO +4 -0
- data/bin/cf2puppet +186 -0
- data/bin/puppet +176 -0
- data/bin/puppetca +213 -0
- data/bin/puppetd +246 -0
- data/bin/puppetdoc +184 -0
- data/bin/puppetmasterd +258 -0
- data/examples/code/allatonce +13 -0
- data/examples/code/assignments +11 -0
- data/examples/code/classing +35 -0
- data/examples/code/components +73 -0
- data/examples/code/execs +16 -0
- data/examples/code/failers/badclassnoparam +10 -0
- data/examples/code/failers/badclassparam +10 -0
- data/examples/code/failers/badcompnoparam +9 -0
- data/examples/code/failers/badcompparam +9 -0
- data/examples/code/failers/badtypeparam +3 -0
- data/examples/code/file.bl +11 -0
- data/examples/code/filedefaults +10 -0
- data/examples/code/fileparsing +116 -0
- data/examples/code/filerecursion +15 -0
- data/examples/code/functions +3 -0
- data/examples/code/groups +7 -0
- data/examples/code/head +30 -0
- data/examples/code/importing +8 -0
- data/examples/code/nodes +20 -0
- data/examples/code/one +8 -0
- data/examples/code/relationships +34 -0
- data/examples/code/selectors +28 -0
- data/examples/code/simpletests +11 -0
- data/examples/code/snippets/argumentdefaults +14 -0
- data/examples/code/snippets/casestatement +39 -0
- data/examples/code/snippets/classheirarchy.pp +15 -0
- data/examples/code/snippets/classincludes.pp +17 -0
- data/examples/code/snippets/classpathtest +11 -0
- data/examples/code/snippets/dirchmod +19 -0
- data/examples/code/snippets/failmissingexecpath.pp +13 -0
- data/examples/code/snippets/falsevalues.pp +3 -0
- data/examples/code/snippets/filecreate +11 -0
- data/examples/code/snippets/implicititeration +15 -0
- data/examples/code/snippets/multipleinstances +7 -0
- data/examples/code/snippets/namevartest +9 -0
- data/examples/code/snippets/scopetest +13 -0
- data/examples/code/snippets/selectorvalues.pp +22 -0
- data/examples/code/snippets/simpledefaults +5 -0
- data/examples/code/snippets/simpleselector +38 -0
- data/examples/code/svncommit +13 -0
- data/examples/root/bin/sleeper +69 -0
- data/examples/root/etc/configfile +0 -0
- data/examples/root/etc/debian-passwd +29 -0
- data/examples/root/etc/debian-syslog.conf +71 -0
- data/examples/root/etc/init.d/sleeper +65 -0
- data/examples/root/etc/otherfile +0 -0
- data/examples/root/etc/puppet/fileserver.conf +3 -0
- data/examples/root/etc/puppet/puppetmasterd.conf +10 -0
- data/ext/module:puppet +195 -0
- data/install.rb +270 -0
- data/lib/puppet.rb +249 -0
- data/lib/puppet/base64.rb +19 -0
- data/lib/puppet/client.rb +519 -0
- data/lib/puppet/config.rb +49 -0
- data/lib/puppet/daemon.rb +208 -0
- data/lib/puppet/element.rb +71 -0
- data/lib/puppet/event.rb +259 -0
- data/lib/puppet/log.rb +321 -0
- data/lib/puppet/metric.rb +250 -0
- data/lib/puppet/parsedfile.rb +38 -0
- data/lib/puppet/parser/ast.rb +1560 -0
- data/lib/puppet/parser/interpreter.rb +150 -0
- data/lib/puppet/parser/lexer.rb +226 -0
- data/lib/puppet/parser/parser.rb +1354 -0
- data/lib/puppet/parser/scope.rb +755 -0
- data/lib/puppet/server.rb +170 -0
- data/lib/puppet/server/authstore.rb +227 -0
- data/lib/puppet/server/ca.rb +140 -0
- data/lib/puppet/server/filebucket.rb +147 -0
- data/lib/puppet/server/fileserver.rb +477 -0
- data/lib/puppet/server/logger.rb +43 -0
- data/lib/puppet/server/master.rb +103 -0
- data/lib/puppet/server/servlet.rb +247 -0
- data/lib/puppet/sslcertificates.rb +737 -0
- data/lib/puppet/statechange.rb +150 -0
- data/lib/puppet/storage.rb +95 -0
- data/lib/puppet/transaction.rb +179 -0
- data/lib/puppet/transportable.rb +151 -0
- data/lib/puppet/type.rb +1354 -0
- data/lib/puppet/type/component.rb +141 -0
- data/lib/puppet/type/cron.rb +543 -0
- data/lib/puppet/type/exec.rb +316 -0
- data/lib/puppet/type/group.rb +152 -0
- data/lib/puppet/type/nameservice.rb +3 -0
- data/lib/puppet/type/nameservice/netinfo.rb +173 -0
- data/lib/puppet/type/nameservice/objectadd.rb +146 -0
- data/lib/puppet/type/nameservice/posix.rb +200 -0
- data/lib/puppet/type/package.rb +420 -0
- data/lib/puppet/type/package/apt.rb +70 -0
- data/lib/puppet/type/package/dpkg.rb +108 -0
- data/lib/puppet/type/package/rpm.rb +81 -0
- data/lib/puppet/type/package/sun.rb +117 -0
- data/lib/puppet/type/package/yum.rb +58 -0
- data/lib/puppet/type/pfile.rb +569 -0
- data/lib/puppet/type/pfile/checksum.rb +219 -0
- data/lib/puppet/type/pfile/create.rb +108 -0
- data/lib/puppet/type/pfile/group.rb +129 -0
- data/lib/puppet/type/pfile/mode.rb +131 -0
- data/lib/puppet/type/pfile/source.rb +264 -0
- data/lib/puppet/type/pfile/type.rb +31 -0
- data/lib/puppet/type/pfile/uid.rb +166 -0
- data/lib/puppet/type/pfilebucket.rb +80 -0
- data/lib/puppet/type/pprocess.rb +97 -0
- data/lib/puppet/type/service.rb +347 -0
- data/lib/puppet/type/service/base.rb +17 -0
- data/lib/puppet/type/service/debian.rb +50 -0
- data/lib/puppet/type/service/init.rb +145 -0
- data/lib/puppet/type/service/smf.rb +29 -0
- data/lib/puppet/type/state.rb +182 -0
- data/lib/puppet/type/symlink.rb +183 -0
- data/lib/puppet/type/tidy.rb +183 -0
- data/lib/puppet/type/typegen.rb +149 -0
- data/lib/puppet/type/typegen/filerecord.rb +243 -0
- data/lib/puppet/type/typegen/filetype.rb +316 -0
- data/lib/puppet/type/user.rb +290 -0
- data/lib/puppet/util.rb +138 -0
- data/test/certmgr/certmgr.rb +265 -0
- data/test/client/client.rb +203 -0
- data/test/executables/puppetbin.rb +53 -0
- data/test/executables/puppetca.rb +79 -0
- data/test/executables/puppetd.rb +71 -0
- data/test/executables/puppetmasterd.rb +153 -0
- data/test/executables/puppetmodule.rb +60 -0
- data/test/language/ast.rb +412 -0
- data/test/language/interpreter.rb +71 -0
- data/test/language/scope.rb +412 -0
- data/test/language/snippets.rb +445 -0
- data/test/other/events.rb +111 -0
- data/test/other/log.rb +195 -0
- data/test/other/metrics.rb +92 -0
- data/test/other/overrides.rb +115 -0
- data/test/other/parsedfile.rb +31 -0
- data/test/other/relationships.rb +113 -0
- data/test/other/state.rb +106 -0
- data/test/other/storage.rb +39 -0
- data/test/other/transactions.rb +235 -0
- data/test/parser/lexer.rb +120 -0
- data/test/parser/parser.rb +180 -0
- data/test/puppet/conffiles.rb +104 -0
- data/test/puppet/defaults.rb +100 -0
- data/test/puppet/error.rb +23 -0
- data/test/puppet/utiltest.rb +120 -0
- data/test/puppettest.rb +774 -0
- data/test/server/authstore.rb +209 -0
- data/test/server/bucket.rb +227 -0
- data/test/server/ca.rb +201 -0
- data/test/server/fileserver.rb +710 -0
- data/test/server/logger.rb +175 -0
- data/test/server/master.rb +150 -0
- data/test/server/server.rb +130 -0
- data/test/tagging/tagging.rb +80 -0
- data/test/test +51 -0
- data/test/types/basic.rb +119 -0
- data/test/types/component.rb +272 -0
- data/test/types/cron.rb +261 -0
- data/test/types/exec.rb +273 -0
- data/test/types/file.rb +616 -0
- data/test/types/filebucket.rb +167 -0
- data/test/types/fileignoresource.rb +287 -0
- data/test/types/filesources.rb +587 -0
- data/test/types/filetype.rb +162 -0
- data/test/types/group.rb +271 -0
- data/test/types/package.rb +205 -0
- data/test/types/query.rb +101 -0
- data/test/types/service.rb +100 -0
- data/test/types/symlink.rb +93 -0
- data/test/types/tidy.rb +124 -0
- data/test/types/type.rb +135 -0
- data/test/types/user.rb +371 -0
- metadata +243 -0
data/TODO
ADDED
data/bin/cf2puppet
ADDED
@@ -0,0 +1,186 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
#
|
4
|
+
# = Synopsis
|
5
|
+
#
|
6
|
+
# Convert cfengine code to puppet code.
|
7
|
+
#
|
8
|
+
# = Usage
|
9
|
+
#
|
10
|
+
# cf2puppet [-h|--help] -o|--out <dir> <cfengine file>
|
11
|
+
#
|
12
|
+
# = Description
|
13
|
+
#
|
14
|
+
# This script reads in an entire cfengine configuration set, including
|
15
|
+
# importing necessary files, and converts it to a puppet configuration.
|
16
|
+
#
|
17
|
+
# = Options
|
18
|
+
#
|
19
|
+
# help::
|
20
|
+
# Print this help message
|
21
|
+
#
|
22
|
+
# out::
|
23
|
+
# Print this help message
|
24
|
+
#
|
25
|
+
# = Example
|
26
|
+
#
|
27
|
+
# $ puppetdoc > /tmp/reference.rst
|
28
|
+
#
|
29
|
+
# = Author
|
30
|
+
#
|
31
|
+
# Luke Kanies
|
32
|
+
#
|
33
|
+
# = Copyright
|
34
|
+
#
|
35
|
+
# Copyright (c) 2005 Reductive Labs, LLC
|
36
|
+
# Licensed under the GNU Public License
|
37
|
+
|
38
|
+
require 'puppet'
|
39
|
+
require 'getoptlong'
|
40
|
+
|
41
|
+
|
42
|
+
module Cf2Puppet
|
43
|
+
class CfClass < Array
|
44
|
+
attr_accessor :name
|
45
|
+
end
|
46
|
+
|
47
|
+
class CfAction
|
48
|
+
attr_accessor :name, :type
|
49
|
+
|
50
|
+
def []=(param, value)
|
51
|
+
@params[param] = value
|
52
|
+
end
|
53
|
+
|
54
|
+
def initialize
|
55
|
+
@params = {}
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
class Parser
|
60
|
+
def initialize(file)
|
61
|
+
@file = file
|
62
|
+
@dir = File.dirname(file)
|
63
|
+
|
64
|
+
unless FileTest.exists?(file)
|
65
|
+
$stderr.puts "%s does not exist" % file
|
66
|
+
exit(18)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def parse
|
71
|
+
begin
|
72
|
+
File.open(@file) { |f|
|
73
|
+
str = f.read
|
74
|
+
|
75
|
+
# get rid of comments
|
76
|
+
str.gsub(/#.+\n/)
|
77
|
+
str.gsub(/^\s*$/, '') # and blank lines
|
78
|
+
|
79
|
+
while str do
|
80
|
+
case str
|
81
|
+
when /\A(\w+):[^:]/n:
|
82
|
+
action = $1
|
83
|
+
end
|
84
|
+
end
|
85
|
+
f.foreach { |line|
|
86
|
+
case line.chomp
|
87
|
+
when /(\w+):\s*\n/:
|
88
|
+
$action = $1
|
89
|
+
when /(\w+):\s*\n/:
|
90
|
+
$action = $1
|
91
|
+
end
|
92
|
+
}
|
93
|
+
}
|
94
|
+
rescue Errno::ENOENT => detail
|
95
|
+
$stderr.puts "File %s not found" % file
|
96
|
+
return
|
97
|
+
rescue Errno::EACCES => detail
|
98
|
+
$stderr.puts "Could not open file %s" % file
|
99
|
+
return
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
module Actions
|
104
|
+
def import
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
$haveusage = true
|
111
|
+
|
112
|
+
begin
|
113
|
+
require 'rdoc/usage'
|
114
|
+
rescue LoadError
|
115
|
+
$haveusage = false
|
116
|
+
end
|
117
|
+
|
118
|
+
result = GetoptLong.new(
|
119
|
+
[ "--help", "-h", GetoptLong::NO_ARGUMENT ]
|
120
|
+
)
|
121
|
+
|
122
|
+
out = nil
|
123
|
+
|
124
|
+
begin
|
125
|
+
result.each { |opt,arg|
|
126
|
+
case opt
|
127
|
+
when "--out"
|
128
|
+
out = arg
|
129
|
+
when "--help"
|
130
|
+
if $haveusage
|
131
|
+
RDoc::usage && exit
|
132
|
+
else
|
133
|
+
puts "No help available unless you have RDoc::usage installed"
|
134
|
+
exit
|
135
|
+
end
|
136
|
+
end
|
137
|
+
}
|
138
|
+
rescue GetoptLong::InvalidOption => detail
|
139
|
+
$stderr.puts "Try '#{$0} --help'"
|
140
|
+
#if $haveusage
|
141
|
+
# RDoc::usage_no_exit('usage')
|
142
|
+
#end
|
143
|
+
exit(1)
|
144
|
+
end
|
145
|
+
|
146
|
+
unless out
|
147
|
+
puts "You must specify an output directory using '-o'."
|
148
|
+
exit(12)
|
149
|
+
end
|
150
|
+
|
151
|
+
if FileTest.exists?(out)
|
152
|
+
unless FileTest.directory?(out)
|
153
|
+
puts "%s is not a directory" % out
|
154
|
+
exit(14)
|
155
|
+
end
|
156
|
+
else
|
157
|
+
basedir = File.dirname(out)
|
158
|
+
|
159
|
+
unless FileTest.directory?(basedir)
|
160
|
+
puts "Parent directory %s does not exist" % basedir
|
161
|
+
exit(16)
|
162
|
+
end
|
163
|
+
|
164
|
+
Dir.mkdir(out)
|
165
|
+
end
|
166
|
+
|
167
|
+
files = []
|
168
|
+
if ARGV.length > 0
|
169
|
+
files += ARGV
|
170
|
+
else
|
171
|
+
$stderr.puts "Defaulting to cfagent.conf"
|
172
|
+
files << "/var/cfengine/inputs/cfagent.conf"
|
173
|
+
end
|
174
|
+
|
175
|
+
$stderr.puts "****WARNING****
|
176
|
+
I can absolutely guarantee you that this script will not yet produce
|
177
|
+
an exact copy of your cfengine configuration. You _must_not_ just run
|
178
|
+
the generated configuration; check the entire configuration before
|
179
|
+
executing. This is meant as a tool for simplifying migration, not
|
180
|
+
entirely performing it.
|
181
|
+
****WARNING****"
|
182
|
+
|
183
|
+
files.each { |file|
|
184
|
+
handle(file)
|
185
|
+
}
|
186
|
+
# $Id: cf2puppet 643 2005-09-10 18:47:44Z luke $
|
data/bin/puppet
ADDED
@@ -0,0 +1,176 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
#
|
4
|
+
# = Synopsis
|
5
|
+
#
|
6
|
+
# Run a stand-alone +puppet+ script.
|
7
|
+
#
|
8
|
+
# = Usage
|
9
|
+
#
|
10
|
+
# puppet [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
|
11
|
+
# [-l|--logfile <file>] [-p|--parse-only] <file>
|
12
|
+
# [-c|--confdir <configuration directory>] [--vardir <var directory>]
|
13
|
+
#
|
14
|
+
# = Description
|
15
|
+
#
|
16
|
+
# This is the standalone puppet execution script; use it to execute
|
17
|
+
# individual scripts that you write. If you need to execute site-wide
|
18
|
+
# scripts, use +puppetd+ and +puppetmasterd+.
|
19
|
+
#
|
20
|
+
# = Options
|
21
|
+
#
|
22
|
+
# confdir::
|
23
|
+
# The configuration root directory, where +puppetmasterd+ defaults to looking
|
24
|
+
# for all of its configuration files. Defaults to +/etc/puppet+.
|
25
|
+
#
|
26
|
+
# debug::
|
27
|
+
# Enable full debugging.
|
28
|
+
#
|
29
|
+
# help::
|
30
|
+
# Print this help message
|
31
|
+
#
|
32
|
+
# logfile::
|
33
|
+
# Where to send messages. Choose between syslog, the console, and a log file.
|
34
|
+
# Defaults to sending messages to the console.
|
35
|
+
#
|
36
|
+
# parse-only::
|
37
|
+
# Just verify syntax, do not apply anything.
|
38
|
+
#
|
39
|
+
# vardir::
|
40
|
+
# The variable-size directory, used for storing state. Defaults to
|
41
|
+
# /var/puppet.
|
42
|
+
#
|
43
|
+
# verbose::
|
44
|
+
# Print extra information.
|
45
|
+
#
|
46
|
+
# = Example
|
47
|
+
#
|
48
|
+
# puppet -l /tmp/script.log script.pp
|
49
|
+
#
|
50
|
+
# = Author
|
51
|
+
#
|
52
|
+
# Luke Kanies
|
53
|
+
#
|
54
|
+
# = Copyright
|
55
|
+
#
|
56
|
+
# Copyright (c) 2005 Reductive Labs, LLC
|
57
|
+
# Licensed under the GNU Public License
|
58
|
+
|
59
|
+
require 'puppet'
|
60
|
+
require 'puppet/server'
|
61
|
+
require 'puppet/client'
|
62
|
+
require 'getoptlong'
|
63
|
+
|
64
|
+
$haveusage = true
|
65
|
+
|
66
|
+
begin
|
67
|
+
require 'rdoc/usage'
|
68
|
+
rescue LoadError
|
69
|
+
$haveusage = false
|
70
|
+
end
|
71
|
+
|
72
|
+
result = GetoptLong.new(
|
73
|
+
[ "--confdir", "-c", GetoptLong::REQUIRED_ARGUMENT ],
|
74
|
+
[ "--debug", "-d", GetoptLong::NO_ARGUMENT ],
|
75
|
+
[ "--help", "-h", GetoptLong::NO_ARGUMENT ],
|
76
|
+
[ "--logdest", "-l", GetoptLong::REQUIRED_ARGUMENT ],
|
77
|
+
[ "--verbose", "-v", GetoptLong::NO_ARGUMENT ],
|
78
|
+
[ "--noop", "-n", GetoptLong::NO_ARGUMENT ],
|
79
|
+
[ "--use-nodes", GetoptLong::NO_ARGUMENT ],
|
80
|
+
[ "--parse-only", "-p", GetoptLong::NO_ARGUMENT ],
|
81
|
+
[ "--vardir", GetoptLong::REQUIRED_ARGUMENT ],
|
82
|
+
[ "--version", "-V", GetoptLong::NO_ARGUMENT ]
|
83
|
+
)
|
84
|
+
|
85
|
+
debug = false
|
86
|
+
verbose = false
|
87
|
+
noop = false
|
88
|
+
logfile = false
|
89
|
+
parseonly = false
|
90
|
+
|
91
|
+
master = {
|
92
|
+
:Local => true
|
93
|
+
}
|
94
|
+
|
95
|
+
Puppet[:logdest] = :console
|
96
|
+
|
97
|
+
begin
|
98
|
+
result.each { |opt,arg|
|
99
|
+
case opt
|
100
|
+
when "--confdir"
|
101
|
+
Puppet[:puppetconf] = arg
|
102
|
+
when "--version"
|
103
|
+
puts "%s" % Puppet.version
|
104
|
+
exit
|
105
|
+
when "--help"
|
106
|
+
if $haveusage
|
107
|
+
RDoc::usage && exit
|
108
|
+
else
|
109
|
+
puts "No help available unless you have RDoc::usage installed"
|
110
|
+
exit
|
111
|
+
end
|
112
|
+
when "--noop"
|
113
|
+
Puppet[:noop] = true
|
114
|
+
when "--use-nodes"
|
115
|
+
master[:UseNodes] = true
|
116
|
+
when "--verbose"
|
117
|
+
verbose = true
|
118
|
+
when "--parse-only"
|
119
|
+
parseonly = true
|
120
|
+
when "--debug"
|
121
|
+
debug = true
|
122
|
+
when "--logdest"
|
123
|
+
begin
|
124
|
+
Puppet[:logdest] = arg
|
125
|
+
rescue => detail
|
126
|
+
$stderr.puts detail.to_s
|
127
|
+
end
|
128
|
+
when "--vardir"
|
129
|
+
Puppet[:puppetvar] = arg
|
130
|
+
end
|
131
|
+
}
|
132
|
+
rescue GetoptLong::InvalidOption => detail
|
133
|
+
$stderr.puts "Try '#{$0} --help'"
|
134
|
+
#if $haveusage
|
135
|
+
# RDoc::usage(1,'usage')
|
136
|
+
#end
|
137
|
+
exit(1)
|
138
|
+
end
|
139
|
+
|
140
|
+
if debug
|
141
|
+
Puppet[:loglevel] = :debug
|
142
|
+
elsif verbose
|
143
|
+
Puppet[:loglevel] = :info
|
144
|
+
end
|
145
|
+
|
146
|
+
master[:File] = ARGV.shift
|
147
|
+
|
148
|
+
begin
|
149
|
+
server = Puppet::Server::Master.new(master)
|
150
|
+
rescue => detail
|
151
|
+
$stderr.puts detail
|
152
|
+
exit(1)
|
153
|
+
end
|
154
|
+
|
155
|
+
begin
|
156
|
+
client = Puppet::Client::MasterClient.new(
|
157
|
+
:Master => server,
|
158
|
+
:Cache => false
|
159
|
+
)
|
160
|
+
rescue => detail
|
161
|
+
$stderr.puts detail
|
162
|
+
exit(1)
|
163
|
+
end
|
164
|
+
|
165
|
+
|
166
|
+
if parseonly
|
167
|
+
exit(0)
|
168
|
+
end
|
169
|
+
|
170
|
+
begin
|
171
|
+
client.getconfig
|
172
|
+
client.apply
|
173
|
+
rescue => detail
|
174
|
+
Puppet.err detail
|
175
|
+
exit(1)
|
176
|
+
end
|
data/bin/puppetca
ADDED
@@ -0,0 +1,213 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
#
|
4
|
+
# = Synopsis
|
5
|
+
#
|
6
|
+
# Stand-alone certificate authority. Capable of generating certificates
|
7
|
+
# but mostly meant for signing certificate requests from puppet clients.
|
8
|
+
#
|
9
|
+
# = Usage
|
10
|
+
#
|
11
|
+
# puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
|
12
|
+
# [--cadir <ca directory>] [-g|--generate] [-l|--list]
|
13
|
+
# [-s|--sign] [--ssldir <cert directory>]
|
14
|
+
# [-c|--confdir <configuration directory>]
|
15
|
+
#
|
16
|
+
# = Description
|
17
|
+
#
|
18
|
+
# Because the puppetmasterd daemon defaults to not signing client certificate
|
19
|
+
# requests, this script is available for signing outstanding requests. It
|
20
|
+
# can be used to list outstanding requests and then either sign them individually
|
21
|
+
# or sign all of them.
|
22
|
+
#
|
23
|
+
# = Options
|
24
|
+
#
|
25
|
+
# all::
|
26
|
+
# Operate on all outstanding requests. Only makes sense with '--sign'.
|
27
|
+
#
|
28
|
+
# cadir::
|
29
|
+
# Where to look for the ca directory. Defaults to /etc/puppet/ssl/ca.
|
30
|
+
#
|
31
|
+
# confdir::
|
32
|
+
# The configuration root directory, where +puppetmasterd+ defaults to looking
|
33
|
+
# for all of its configuration files. Defaults to +/etc/puppet+.
|
34
|
+
#
|
35
|
+
# debug::
|
36
|
+
# Enable full debugging.
|
37
|
+
#
|
38
|
+
# generate::
|
39
|
+
# Generate a certificate for a named client. A certificate/keypair will be
|
40
|
+
# generated for each client named on the command line.
|
41
|
+
#
|
42
|
+
# help::
|
43
|
+
# Print this help message
|
44
|
+
#
|
45
|
+
# list::
|
46
|
+
# List outstanding certificate requests.
|
47
|
+
#
|
48
|
+
# sign::
|
49
|
+
# Sign an outstanding certificate request. Unless '--all' is specified,
|
50
|
+
# hosts must be listed after all flags.
|
51
|
+
#
|
52
|
+
# ssldir::
|
53
|
+
# The directory in which to store certificates. Defaults to /etc/puppet/ssl.
|
54
|
+
#
|
55
|
+
# verbose::
|
56
|
+
# Enable verbosity.
|
57
|
+
#
|
58
|
+
# = Example
|
59
|
+
#
|
60
|
+
# $ puppetca -l
|
61
|
+
# culain.madstop.com
|
62
|
+
# $ puppetca -s culain.madstop.com
|
63
|
+
#
|
64
|
+
# = Author
|
65
|
+
#
|
66
|
+
# Luke Kanies
|
67
|
+
#
|
68
|
+
# = Copyright
|
69
|
+
#
|
70
|
+
# Copyright (c) 2005 Reductive Labs, LLC
|
71
|
+
# Licensed under the GNU Public License
|
72
|
+
|
73
|
+
require 'puppet'
|
74
|
+
require 'puppet/sslcertificates'
|
75
|
+
require 'getoptlong'
|
76
|
+
|
77
|
+
$haveusage = true
|
78
|
+
|
79
|
+
begin
|
80
|
+
require 'rdoc/usage'
|
81
|
+
rescue LoadError
|
82
|
+
$haveusage = false
|
83
|
+
end
|
84
|
+
|
85
|
+
result = GetoptLong.new(
|
86
|
+
[ "--all", "-a", GetoptLong::NO_ARGUMENT ],
|
87
|
+
[ "--cadir", GetoptLong::REQUIRED_ARGUMENT ],
|
88
|
+
[ "--confdir", "-c", GetoptLong::REQUIRED_ARGUMENT ],
|
89
|
+
[ "--debug", "-d", GetoptLong::NO_ARGUMENT ],
|
90
|
+
[ "--generate", "-g", GetoptLong::NO_ARGUMENT ],
|
91
|
+
[ "--help", "-h", GetoptLong::NO_ARGUMENT ],
|
92
|
+
[ "--list", "-l", GetoptLong::NO_ARGUMENT ],
|
93
|
+
[ "--sign", "-s", GetoptLong::NO_ARGUMENT ],
|
94
|
+
[ "--ssldir", GetoptLong::REQUIRED_ARGUMENT ],
|
95
|
+
[ "--verbose", "-v", GetoptLong::NO_ARGUMENT ]
|
96
|
+
)
|
97
|
+
|
98
|
+
mode = nil
|
99
|
+
all = false
|
100
|
+
generate = nil
|
101
|
+
|
102
|
+
begin
|
103
|
+
result.each { |opt,arg|
|
104
|
+
case opt
|
105
|
+
when "--all"
|
106
|
+
all = true
|
107
|
+
when "--cadir"
|
108
|
+
Puppet[:cadir] = arg
|
109
|
+
when "--confdir"
|
110
|
+
Puppet[:puppetconf] = arg
|
111
|
+
when "--debug"
|
112
|
+
Puppet[:loglevel] = :debug
|
113
|
+
when "--generate"
|
114
|
+
generate = arg
|
115
|
+
mode = :generate
|
116
|
+
when "--help"
|
117
|
+
if $haveusage
|
118
|
+
RDoc::usage && exit
|
119
|
+
else
|
120
|
+
puts "No help available unless you have RDoc::usage installed"
|
121
|
+
exit
|
122
|
+
end
|
123
|
+
when "--list"
|
124
|
+
mode = :list
|
125
|
+
when "--sign"
|
126
|
+
mode = :sign
|
127
|
+
when "--ssldir"
|
128
|
+
Puppet[:ssldir] = arg
|
129
|
+
when "--verbose"
|
130
|
+
Puppet[:loglevel] = :info
|
131
|
+
end
|
132
|
+
}
|
133
|
+
rescue GetoptLong::InvalidOption => detail
|
134
|
+
$stderr.puts "Try '#{$0} --help'"
|
135
|
+
#if $haveusage
|
136
|
+
# RDoc::usage_no_exit('usage')
|
137
|
+
#end
|
138
|
+
exit(1)
|
139
|
+
end
|
140
|
+
|
141
|
+
ca = Puppet::SSLCertificates::CA.new()
|
142
|
+
|
143
|
+
unless mode
|
144
|
+
$stderr.puts "You must specify --list or --sign"
|
145
|
+
exit(12)
|
146
|
+
end
|
147
|
+
|
148
|
+
hosts = ca.list
|
149
|
+
unless hosts.length > 0 or mode == :generate
|
150
|
+
Puppet.info "No waiting requests"
|
151
|
+
exit(0)
|
152
|
+
end
|
153
|
+
|
154
|
+
case mode
|
155
|
+
when :list
|
156
|
+
puts hosts.join("\n")
|
157
|
+
when :sign
|
158
|
+
unless ARGV.length > 0 or all
|
159
|
+
$stderr.puts(
|
160
|
+
"You must specify to sign all certificates or you must specify hostnames"
|
161
|
+
)
|
162
|
+
exit(24)
|
163
|
+
end
|
164
|
+
|
165
|
+
unless all
|
166
|
+
hosts = hosts.find_all { |host|
|
167
|
+
ARGV.include?(host)
|
168
|
+
}
|
169
|
+
end
|
170
|
+
|
171
|
+
hosts.each { |host|
|
172
|
+
begin
|
173
|
+
csr = ca.getclientcsr(host)
|
174
|
+
rescue => detail
|
175
|
+
$stderr.puts "Could not retrieve request for %s: %s" % [host, detail]
|
176
|
+
end
|
177
|
+
|
178
|
+
begin
|
179
|
+
ca.sign(csr)
|
180
|
+
rescue => detail
|
181
|
+
$stderr.puts "Could not sign request for %s: %s" % [host, detail]
|
182
|
+
end
|
183
|
+
|
184
|
+
begin
|
185
|
+
ca.removeclientcsr(host)
|
186
|
+
rescue => detail
|
187
|
+
$stderr.puts "Could not remove request for %s: %s" % [host, detail]
|
188
|
+
end
|
189
|
+
}
|
190
|
+
when :generate
|
191
|
+
# we need to generate a certificate for a host
|
192
|
+
unless ARGV.length > 0
|
193
|
+
$stderr.puts "You must specify hosts to generate certs for"
|
194
|
+
exit(84)
|
195
|
+
end
|
196
|
+
ARGV.each { |host|
|
197
|
+
puts "Generating certificate for %s" % host
|
198
|
+
cert = Puppet::SSLCertificates::Certificate.new(
|
199
|
+
:name => host
|
200
|
+
)
|
201
|
+
cert.mkcsr
|
202
|
+
signedcert, cacert = ca.sign(cert.csr)
|
203
|
+
|
204
|
+
cert.cert = signedcert
|
205
|
+
cert.cacert = cacert
|
206
|
+
cert.write
|
207
|
+
}
|
208
|
+
else
|
209
|
+
$stderr.puts "Invalid mode %s" % mode
|
210
|
+
exit(42)
|
211
|
+
end
|
212
|
+
|
213
|
+
# $Id: puppetca 720 2005-10-21 06:16:43Z luke $
|