puppetserver-ca 1.7.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c28c8d7be542d749738c32b848b4bb318498a949fb52e4bf6d44a5da878583a7
4
- data.tar.gz: c6e09079aa3463da55cc0c185c7bddad22ff1967cd57c0d687dc000072748749
3
+ metadata.gz: 33d0c2bbf4e4efae9ed5ee88619f47bfbd850b24b0e7fff02bf7e6a106d40d18
4
+ data.tar.gz: 70542df4956703b70b73ab3aa8e5cb4ef8c007925fb47dc1e2197d762e1a3269
5
5
  SHA512:
6
- metadata.gz: 46f81f6b946a37380c520c9611aaf4ba89155fcdaa6eefa1500cece3a57c946498ce959862e99645cc9dfcbedd8667157abf0b03fcfb37068ce27c9819b3088a
7
- data.tar.gz: 1e37edeee98389efa59e82f2d041337ca4ba72e9a82b2fdf053e40d0f02139454d0e8d547f070dfcde9a639aba19181cbd464f61e29351a4bee30cf2aff4f37a
6
+ metadata.gz: 399ef8c2fecd89f42db48d848685f61ac9efaffa1039a8e726b4c1b60dda3d82c996c4fff2cec8d315a35bcf5643a46233ae0647a5f79e2f730055e41b404e6f
7
+ data.tar.gz: 342d56b051591b0fbf2211e3f75dd7249ff934f087f1ad2b0005cbdc4dbb0d5d6228e22b248ab22d9a4bb90dd21026daa0ac7fc363937652b5887fe971b29079
data/README.md CHANGED
@@ -73,8 +73,26 @@ interactive prompt that will allow you to experiment.
73
73
 
74
74
  To install this gem onto your local machine, run `bundle exec rake install`.
75
75
 
76
- To release a new version, update the version number in `version.rb`, and then
77
- speak with Release Engineering.
76
+ ### Testing
77
+ To test your changes on a VM:
78
+ 1. Build the gem with your changes: `gem build puppetserver-ca.gemspec`
79
+ 1. Copy the gem to your VM: `scp puppetserver-ca-<version>.gem <your-vm>:.`
80
+ 1. Install puppetserver (FOSS) by installing the relevant release package and then installing the puppetserver package. For example:
81
+ ```
82
+ $ wget http://nightlies.puppet.com/yum/puppet-nightly-release-el-7.noarch.rpm
83
+ $ rpm -i puppet-nightly-release-el-7.noarch.rpm
84
+ $ yum update
85
+ $ yum install -y puppetserver
86
+ ```
87
+ 1. Restart your shell so that puppet's bin dir is on your $PATH: `exec bash`
88
+ 1. Install the gem into puppet's gem directory using puppet's gem command:
89
+ ```
90
+ $ /opt/puppetlabs/puppet/bin/gem install --install-dir "/opt/puppetlabs/puppet/lib/ruby/vendor_gems" puppetserver-ca-<version>.gem
91
+ ```
92
+ 1. To confirm that installation was successful, run `puppetserver ca --help`
93
+
94
+ ### Releasing
95
+ To release a new version, run the [release pipeline](https://jenkins-master-prod-1.delivery.puppetlabs.net/job/platform_puppetserver-ca_init-multijob_main/), which will bump the version, tag, build, and release the gem.
78
96
 
79
97
 
80
98
  ## Contributing & Support
@@ -85,7 +85,7 @@ BANNER
85
85
  return 1 if Errors.handle_with_usage(@logger, errors)
86
86
  end
87
87
 
88
- puppet = Config::Puppet.parse(config)
88
+ puppet = Config::Puppet.parse(config, @logger)
89
89
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
90
90
 
91
91
  result = clean_certs(certnames, puppet.settings)
@@ -45,7 +45,7 @@ BANNER
45
45
  end
46
46
 
47
47
  puppet = Config::Puppet.new(config_path)
48
- puppet.load
48
+ puppet.load(logger: @logger)
49
49
  settings = puppet.settings
50
50
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
51
51
 
@@ -126,7 +126,7 @@ BANNER
126
126
  # Load, resolve, and validate puppet config settings
127
127
  settings_overrides = {}
128
128
  puppet = Config::Puppet.new(config_path)
129
- puppet.load(settings_overrides)
129
+ puppet.load(cli_overrides: settings_overrides, logger: @logger)
130
130
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
131
131
 
132
132
  # We don't want generate to respect the alt names setting, since it is usually
@@ -140,7 +140,7 @@ BANNER
140
140
  # Generate and save certs and associated keys
141
141
  if input['ca-client']
142
142
  # Refused to generate certs offfline if the CA service is running
143
- return 1 if check_server_online(puppet.settings)
143
+ return 1 if HttpClient.check_server_online(puppet.settings, @logger)
144
144
  all_passed = generate_authorized_certs(certnames, alt_names, puppet.settings, signer.digest)
145
145
  else
146
146
  all_passed = generate_certs(certnames, alt_names, puppet.settings, signer.digest, input['ttl'])
@@ -148,34 +148,6 @@ BANNER
148
148
  return all_passed ? 0 : 1
149
149
  end
150
150
 
151
- # Queries the simple status endpoint for the status of the CA service.
152
- # Returns true if it receives back a response of "running", and false if
153
- # no connection can be made, or a different response is received.
154
- def check_server_online(settings)
155
- status_url = HttpClient::URL.new('https', settings[:ca_server], settings[:ca_port], 'status', 'v1', 'simple', 'ca')
156
- begin
157
- # Generating certs offline is necessary if the master cert has been destroyed
158
- # or compromised. Since querying the status endpoint does not require a client cert, and
159
- # we commonly won't have one, don't require one for creating the connection.
160
- HttpClient.new(settings, with_client_cert: false).with_connection(status_url) do |conn|
161
- result = conn.get
162
- if result.body == "running"
163
- @logger.err "CA service is running. Please stop it before attempting to generate certs offline."
164
- true
165
- else
166
- false
167
- end
168
- end
169
- true
170
- rescue Puppetserver::Ca::ConnectionFailed => e
171
- if e.wrapped.is_a? Errno::ECONNREFUSED
172
- return false
173
- else
174
- raise e
175
- end
176
- end
177
- end
178
-
179
151
  # Certs authorized to talk to the CA API need to be signed offline,
180
152
  # in order to securely add the special auth extension.
181
153
  def generate_authorized_certs(certnames, alt_names, settings, digest)
@@ -4,6 +4,7 @@ require 'puppetserver/ca/config/puppet'
4
4
  require 'puppetserver/ca/errors'
5
5
  require 'puppetserver/ca/local_certificate_authority'
6
6
  require 'puppetserver/ca/utils/cli_parsing'
7
+ require 'puppetserver/ca/utils/config'
7
8
  require 'puppetserver/ca/utils/file_system'
8
9
  require 'puppetserver/ca/utils/signing_digest'
9
10
  require 'puppetserver/ca/x509_loader'
@@ -55,7 +56,7 @@ BANNER
55
56
  settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
56
57
 
57
58
  puppet = Config::Puppet.new(config_path)
58
- puppet.load(settings_overrides)
59
+ puppet.load(cli_overrides: settings_overrides, logger: @logger)
59
60
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
60
61
 
61
62
  # Load most secure signing digest we can for cers/crl/csr signing.
@@ -130,6 +131,8 @@ ERR
130
131
  FileSystem.write_file(location, content, 0640)
131
132
  end
132
133
 
134
+ Puppetserver::Ca::Utils::Config.symlink_to_old_cadir(settings[:cadir], settings[:confdir])
135
+
133
136
  return []
134
137
  end
135
138
 
@@ -68,7 +68,7 @@ Options:
68
68
  return 1 if Errors.handle_with_usage(@logger, errors)
69
69
  end
70
70
 
71
- puppet = Config::Puppet.parse(config)
71
+ puppet = Config::Puppet.parse(config, @logger)
72
72
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
73
73
 
74
74
  filter_names = certnames.any? \
@@ -0,0 +1,96 @@
1
+ require 'puppetserver/ca/utils/cli_parsing'
2
+ require 'puppetserver/ca/utils/file_system'
3
+ require 'puppetserver/ca/utils/http_client'
4
+ require 'puppetserver/ca/utils/config'
5
+
6
+ module Puppetserver
7
+ module Ca
8
+ module Action
9
+ class Migrate
10
+ include Puppetserver::Ca::Utils
11
+ PUPPETSERVER_CA_DIR = Puppetserver::Ca::Utils::Config.new_default_cadir
12
+
13
+ SUMMARY = "Migrate the existing CA directory to #{PUPPETSERVER_CA_DIR}"
14
+ BANNER = <<-BANNER
15
+ Usage:
16
+ puppetserver ca migrate [--help]
17
+ puppetserver ca migrate [--config PATH]
18
+
19
+ Description:
20
+ Migrate an existing CA directory to #{PUPPETSERVER_CA_DIR}. This is for
21
+ upgrading from Puppet Platform 6.x to Puppet 7. Use the currently configured
22
+ puppet.conf file in your installation, or supply one using the `--config` flag.
23
+ Options:
24
+ BANNER
25
+
26
+ def initialize(logger)
27
+ @logger = logger
28
+ end
29
+
30
+ def run(input)
31
+ config_path = input['config']
32
+ puppet = Config::Puppet.new(config_path)
33
+ puppet.load(logger: @logger, ca_dir_warn: false)
34
+ return 1 if HttpClient.check_server_online(puppet.settings, @logger)
35
+
36
+ errors = FileSystem.check_for_existing_files(PUPPETSERVER_CA_DIR)
37
+ if !errors.empty?
38
+ instructions = <<-ERR
39
+ Migration will not overwrite the directory at #{PUPPETSERVER_CA_DIR}. Have you already
40
+ run this migration tool? Is this a puppet 7 installation? It is likely that you have
41
+ already successfully run the migration or do not need to run it.
42
+ ERR
43
+ errors << instructions
44
+ Errors.handle_with_usage(@logger, errors)
45
+ return 1
46
+ end
47
+
48
+ current_cadir = puppet.settings[:cadir]
49
+ if FileSystem.check_for_existing_files(current_cadir).empty?
50
+ error_message = <<-ERR
51
+ No CA dir found at #{current_cadir}. Please check the configured cadir setting in your
52
+ puppet.conf file and verify its contents.
53
+ ERR
54
+ Errors.handle_with_usage(@logger, [error_message])
55
+ return 1
56
+ end
57
+
58
+ migrate(current_cadir)
59
+
60
+ @logger.inform <<-SUCCESS_MESSAGE
61
+ CA dir successfully migrated to #{PUPPETSERVER_CA_DIR}. Symlink placed at #{current_cadir}
62
+ for backwards compatibility. The puppetserver can be safely restarted now.
63
+ SUCCESS_MESSAGE
64
+ return 0
65
+ end
66
+
67
+ def migrate(old_cadir, new_cadir=PUPPETSERVER_CA_DIR)
68
+ FileUtils.mv(old_cadir, new_cadir)
69
+ FileSystem.forcibly_symlink(new_cadir, old_cadir)
70
+ end
71
+
72
+ def parse(args)
73
+ results = {}
74
+ parser = self.class.parser(results)
75
+ errors = CliParsing.parse_with_errors(parser, args)
76
+ errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help)
77
+ exit_code = errors_were_handled ? 1 : nil
78
+ return results, exit_code
79
+ end
80
+
81
+ def self.parser(parsed = {})
82
+ OptionParser.new do |opts|
83
+ opts.banner = BANNER
84
+ opts.on('--help', 'Display this command-specific help output') do |help|
85
+ parsed['help'] = true
86
+ end
87
+ opts.on('--config CONF', 'Path to puppet.conf') do |conf|
88
+ parsed['config'] = conf
89
+ end
90
+ end
91
+ end
92
+
93
+ end
94
+ end
95
+ end
96
+ end
@@ -83,7 +83,7 @@ BANNER
83
83
  return 1 if Errors.handle_with_usage(@logger, errors)
84
84
  end
85
85
 
86
- puppet = Config::Puppet.parse(config)
86
+ puppet = Config::Puppet.parse(config, @logger)
87
87
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
88
88
 
89
89
  result = revoke_certs(certnames, puppet.settings)
@@ -3,6 +3,7 @@ require 'optparse'
3
3
  require 'puppetserver/ca/config/puppet'
4
4
  require 'puppetserver/ca/errors'
5
5
  require 'puppetserver/ca/local_certificate_authority'
6
+ require 'puppetserver/ca/utils/config'
6
7
  require 'puppetserver/ca/utils/cli_parsing'
7
8
  require 'puppetserver/ca/utils/file_system'
8
9
  require 'puppetserver/ca/utils/signing_digest'
@@ -55,7 +56,7 @@ BANNER
55
56
  settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
56
57
 
57
58
  puppet = Config::Puppet.new(config_path)
58
- puppet.load(settings_overrides)
59
+ puppet.load(cli_overrides: settings_overrides, logger: @logger)
59
60
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
60
61
 
61
62
  # Load most secure signing digest we can for cers/crl/csr signing.
@@ -135,6 +136,8 @@ ERR
135
136
  FileSystem.write_file(location, content, 0640)
136
137
  end
137
138
 
139
+ Puppetserver::Ca::Utils::Config.symlink_to_old_cadir(settings[:cadir], settings[:confdir])
140
+
138
141
  return []
139
142
  end
140
143
 
@@ -62,7 +62,7 @@ Options:
62
62
  return 1 if Errors.handle_with_usage(@logger, errors)
63
63
  end
64
64
 
65
- puppet = Config::Puppet.parse(config)
65
+ puppet = Config::Puppet.parse(config, @logger)
66
66
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)
67
67
 
68
68
  ca = Puppetserver::Ca::CertificateAuthority.new(@logger, puppet.settings)
@@ -8,6 +8,7 @@ require 'puppetserver/ca/action/list'
8
8
  require 'puppetserver/ca/action/revoke'
9
9
  require 'puppetserver/ca/action/setup'
10
10
  require 'puppetserver/ca/action/sign'
11
+ require 'puppetserver/ca/action/migrate'
11
12
  require 'puppetserver/ca/errors'
12
13
  require 'puppetserver/ca/logger'
13
14
  require 'puppetserver/ca/utils/cli_parsing'
@@ -28,6 +29,7 @@ BANNER
28
29
  'import' => Action::Import,
29
30
  'setup' => Action::Setup,
30
31
  'enable' => Action::Enable,
32
+ 'migrate' => Action::Migrate,
31
33
  }
32
34
 
33
35
  MAINT_ACTIONS = {
@@ -23,9 +23,9 @@ module Puppetserver
23
23
  # A regex describing valid formats with groups for capturing the value and units
24
24
  TTL_FORMAT = /^(\d+)(y|d|h|m|s)?$/
25
25
 
26
- def self.parse(config_path)
26
+ def self.parse(config_path, logger)
27
27
  instance = new(config_path)
28
- instance.load
28
+ instance.load(logger: logger)
29
29
 
30
30
  return instance
31
31
  end
@@ -34,7 +34,7 @@ module Puppetserver
34
34
 
35
35
  def initialize(supplied_config_path = nil)
36
36
  @using_default_location = !supplied_config_path
37
- @config_path = supplied_config_path || user_specific_conf_file
37
+ @config_path = supplied_config_path || user_specific_puppet_config
38
38
 
39
39
  @settings = nil
40
40
  @errors = []
@@ -46,33 +46,31 @@ module Puppetserver
46
46
  # on Windows are unsupported.
47
47
  # Note that Puppet Server runs as the [pe-]puppet user but to
48
48
  # start/stop it you must be root.
49
- def user_specific_conf_dir
50
- @user_specific_conf_dir ||=
51
- if Puppetserver::Ca::Utils::Config.running_as_root?
52
- '/etc/puppetlabs/puppet'
53
- else
54
- "#{ENV['HOME']}/.puppetlabs/etc/puppet"
55
- end
49
+ def user_specific_puppet_confdir
50
+ @user_specific_puppet_confdir ||= Puppetserver::Ca::Utils::Config.puppet_confdir
56
51
  end
57
52
 
58
- def user_specific_conf_file
59
- user_specific_conf_dir + '/puppet.conf'
53
+ def user_specific_puppet_config
54
+ user_specific_puppet_confdir + '/puppet.conf'
60
55
  end
61
56
 
62
- def load(cli_overrides = {})
57
+ def load(cli_overrides: {}, logger:, ca_dir_warn: true)
63
58
  if explicitly_given_config_file_or_default_config_exists?
64
59
  results = parse_text(File.read(@config_path))
65
60
  end
66
61
 
67
62
  results ||= {}
68
63
  results[:main] ||= {}
64
+ # The [master] config section is deprecated
65
+ # We now favor [server], but support both for backwards compatibility
69
66
  results[:master] ||= {}
67
+ results[:server] ||= {}
70
68
  results[:agent] ||= {}
71
69
 
72
- overrides = results[:agent].merge(results[:main]).merge(results[:master])
70
+ overrides = results[:agent].merge(results[:main]).merge(results[:master]).merge(results[:server])
73
71
  overrides.merge!(cli_overrides)
74
72
 
75
- @settings = resolve_settings(overrides).freeze
73
+ @settings = resolve_settings(overrides, logger, ca_dir_warn: ca_dir_warn).freeze
76
74
  end
77
75
 
78
76
  def default_certname
@@ -89,7 +87,7 @@ module Puppetserver
89
87
 
90
88
  # Resolve settings from default values, with any overrides for the
91
89
  # specific settings or their dependent settings (ssldir, cadir) taken into account.
92
- def resolve_settings(overrides = {})
90
+ def resolve_settings(overrides = {}, logger, ca_dir_warn: true)
93
91
  unresolved_setting = /\$[a-z_]+/
94
92
 
95
93
  # Returning the key for unknown keys (rather than nil) is required to
@@ -101,9 +99,8 @@ module Puppetserver
101
99
  # These need to be evaluated before we can construct their dependent
102
100
  # defaults below
103
101
  base_defaults = [
104
- [:confdir, user_specific_conf_dir],
102
+ [:confdir, user_specific_puppet_confdir],
105
103
  [:ssldir,'$confdir/ssl'],
106
- [:cadir, '$ssldir/ca'],
107
104
  [:certdir, '$ssldir/certs'],
108
105
  [:certname, default_certname],
109
106
  [:server, 'puppet'],
@@ -148,6 +145,14 @@ module Puppetserver
148
145
  settings[setting_name] = substitutions[substitution_name] = subbed_value
149
146
  end
150
147
 
148
+ cadir = find_cadir(overrides.fetch(:cadir, false),
149
+ settings[:confdir],
150
+ settings[:ssldir],
151
+ logger,
152
+ ca_dir_warn)
153
+ settings[:cadir] = substitutions['$cadir'] = cadir
154
+
155
+
151
156
  dependent_defaults.each do |setting_name, default_value|
152
157
  setting_value = overrides.fetch(setting_name, default_value)
153
158
  settings[setting_name] = setting_value
@@ -210,6 +215,33 @@ module Puppetserver
210
215
 
211
216
  private
212
217
 
218
+
219
+ def find_cadir(configured_cadir, confdir, ssldir, logger, ca_dir_warn)
220
+ warning = 'The cadir is currently configured to be inside the ' +
221
+ '%{ssldir} directory. This config setting and the directory ' +
222
+ 'location will not be used in a future version of puppet. ' +
223
+ 'Please run the puppetserver ca tool to migrate out from the ' +
224
+ 'puppet confdir to the /etc/puppetlabs/puppetserver/ca directory. ' +
225
+ 'Use `puppetserver ca migrate --help` for more info.'
226
+
227
+ if configured_cadir
228
+ if ca_dir_warn && configured_cadir.start_with?(ssldir)
229
+ logger.warn(warning % {ssldir: ssldir})
230
+ end
231
+ configured_cadir
232
+
233
+ else
234
+ old_cadir = Puppetserver::Ca::Utils::Config.old_default_cadir(confdir)
235
+ new_cadir = Puppetserver::Ca::Utils::Config.new_default_cadir(confdir)
236
+ if File.exist?(old_cadir) && !File.symlink?(old_cadir)
237
+ logger.warn(warning % {ssldir: ssldir}) if ca_dir_warn
238
+ old_cadir
239
+ else
240
+ new_cadir
241
+ end
242
+ end
243
+ end
244
+
213
245
  def explicitly_given_config_file_or_default_config_exists?
214
246
  !@using_default_location || File.exist?(@config_path)
215
247
  end
@@ -1,3 +1,5 @@
1
+ require 'puppetserver/ca/utils/file_system'
2
+
1
3
  module Puppetserver
2
4
  module Ca
3
5
  module Utils
@@ -19,6 +21,40 @@ module Puppetserver
19
21
  end.sort.uniq.join(", ")
20
22
  end
21
23
 
24
+ def self.puppet_confdir
25
+ if running_as_root?
26
+ '/etc/puppetlabs/puppet'
27
+ else
28
+ "#{ENV['HOME']}/.puppetlabs/etc/puppet"
29
+ end
30
+ end
31
+
32
+ def self.puppetserver_confdir(puppet_confdir)
33
+ File.join(File.dirname(puppet_confdir), 'puppetserver')
34
+ end
35
+
36
+ def self.default_ssldir(confdir = puppet_confdir)
37
+ File.join(confdir, 'ssl')
38
+ end
39
+
40
+ def self.old_default_cadir(confdir = puppet_confdir)
41
+ File.join(confdir, 'ssl', 'ca')
42
+ end
43
+
44
+ def self.new_default_cadir(confdir = puppet_confdir)
45
+ File.join(puppetserver_confdir(confdir), 'ca')
46
+ end
47
+
48
+ def self.symlink_to_old_cadir(current_cadir, puppet_confdir)
49
+ old_cadir = old_default_cadir(puppet_confdir)
50
+ new_cadir = new_default_cadir(puppet_confdir)
51
+ return if current_cadir != new_cadir
52
+ # This is only run on setup/import, so there should be no files in the
53
+ # old cadir, so it should be safe to forcibly remove it (which we need
54
+ # to do in order to create a symlink).
55
+ Puppetserver::Ca::Utils::FileSystem.forcibly_symlink(new_cadir, old_cadir)
56
+ end
57
+
22
58
  end
23
59
  end
24
60
  end
@@ -50,6 +50,19 @@ module Puppetserver
50
50
  errors
51
51
  end
52
52
 
53
+ def self.forcibly_symlink(source, link_target)
54
+ FileUtils.remove_dir(link_target, true)
55
+ FileUtils.symlink(source, link_target)
56
+ # Ensure the symlink has the same ownership as the source.
57
+ # This requires using `FileUtils.chown` rather than `File.chown`, as
58
+ # the latter will update the ownership of the source rather than the
59
+ # link itself.
60
+ # Symlink permissions are ignored in favor of the source's permissions,
61
+ # so we don't have to change those.
62
+ source_info = File.stat(source)
63
+ FileUtils.chown(source_info.uid, source_info.gid, link_target)
64
+ end
65
+
53
66
  def initialize
54
67
  @user, @group = find_user_and_group
55
68
  end
@@ -159,6 +159,36 @@ module Puppetserver
159
159
 
160
160
  store
161
161
  end
162
+
163
+ # Queries the simple status endpoint for the status of the CA service.
164
+ # Returns true if it receives back a response of "running", and false if
165
+ # no connection can be made, or a different response is received.
166
+ def self.check_server_online(settings, logger)
167
+ status_url = URL.new('https', settings[:ca_server], settings[:ca_port], 'status', 'v1', 'simple', 'ca')
168
+ begin
169
+ # Generating certs offline is necessary if the master cert has been destroyed
170
+ # or compromised. Since querying the status endpoint does not require a client cert, and
171
+ # we commonly won't have one, don't require one for creating the connection.
172
+ # Additionally, we want to ensure the server is stopped before migrating the CA dir to
173
+ # avoid issues with writing to the CA dir and moving it.
174
+ self.new(settings, with_client_cert: false).with_connection(status_url) do |conn|
175
+ result = conn.get
176
+ if result.body == "running"
177
+ logger.err "Puppetserver service is running. Please stop it before attempting to run this command."
178
+ true
179
+ else
180
+ false
181
+ end
182
+ end
183
+ rescue Puppetserver::Ca::ConnectionFailed => e
184
+ if e.wrapped.is_a? Errno::ECONNREFUSED
185
+ return false
186
+ else
187
+ raise e
188
+ end
189
+ end
190
+ end
191
+
162
192
  end
163
193
  end
164
194
  end
@@ -1,5 +1,5 @@
1
1
  module Puppetserver
2
2
  module Ca
3
- VERSION = "1.7.0"
3
+ VERSION = "2.0.1"
4
4
  end
5
5
  end
@@ -20,9 +20,9 @@ Gem::Specification.new do |spec|
20
20
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
21
21
  spec.require_paths = ["lib"]
22
22
 
23
- spec.add_runtime_dependency "facter", [">= 2.0.1", "< 4"]
23
+ spec.add_runtime_dependency "facter", [">= 2.0.1", "< 5"]
24
24
 
25
25
  spec.add_development_dependency "bundler", ">= 1.16"
26
- spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rake", ">= 12.3.3"
27
27
  spec.add_development_dependency "rspec", "~> 3.0"
28
28
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppetserver-ca
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-04-08 00:00:00.000000000 Z
11
+ date: 2020-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: 2.0.1
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '4'
22
+ version: '5'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: 2.0.1
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '4'
32
+ version: '5'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: bundler
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -48,16 +48,16 @@ dependencies:
48
48
  name: rake
49
49
  requirement: !ruby/object:Gem::Requirement
50
50
  requirements:
51
- - - "~>"
51
+ - - ">="
52
52
  - !ruby/object:Gem::Version
53
- version: '10.0'
53
+ version: 12.3.3
54
54
  type: :development
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
- - - "~>"
58
+ - - ">="
59
59
  - !ruby/object:Gem::Version
60
- version: '10.0'
60
+ version: 12.3.3
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: rspec
63
63
  requirement: !ruby/object:Gem::Requirement
@@ -99,6 +99,7 @@ files:
99
99
  - lib/puppetserver/ca/action/generate.rb
100
100
  - lib/puppetserver/ca/action/import.rb
101
101
  - lib/puppetserver/ca/action/list.rb
102
+ - lib/puppetserver/ca/action/migrate.rb
102
103
  - lib/puppetserver/ca/action/revoke.rb
103
104
  - lib/puppetserver/ca/action/setup.rb
104
105
  - lib/puppetserver/ca/action/sign.rb
@@ -138,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
138
139
  - !ruby/object:Gem::Version
139
140
  version: '0'
140
141
  requirements: []
141
- rubygems_version: 3.0.6
142
+ rubygems_version: 3.0.8
142
143
  signing_key:
143
144
  specification_version: 4
144
145
  summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority