puppetserver-ca 2.3.4 → 2.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/puppetserver/ca/action/generate.rb +20 -3
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 37981ba97c1f259e077b807b2903ea73d4726c56c4fb28b1e7e506fa456c2002
|
4
|
+
data.tar.gz: 15fab6a94a112e748d6605cb7d1b9a511fb17f663e6c25b59a2552d254f5c155
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 993aa454173c018b817f5028bd0726679fd71c9588cf96aa75e4534e3726919b0b851b83c7bd04628c2cf9e58146739678d9b856e0b64fea8ca0fea98b78f567
|
7
|
+
data.tar.gz: ea9b4e92cf2a607274bee95d882f8e69c34fa5ae4dcf338aee4fae7697ed82d39f0cb1ffa16ba8466a88d2040e75d3d96b01f6b2c528adaf8170779966b2e366
|
@@ -26,7 +26,7 @@ Usage:
|
|
26
26
|
puppetserver ca generate [--help]
|
27
27
|
puppetserver ca generate --certname NAME[,NAME] [--config PATH]
|
28
28
|
[--subject-alt-names NAME[,NAME]]
|
29
|
-
[--ca-client]
|
29
|
+
[--ca-client [--force]]
|
30
30
|
|
31
31
|
Description:
|
32
32
|
Generates a new certificate signed by the intermediate CA
|
@@ -75,6 +75,10 @@ BANNER
|
|
75
75
|
'Causes the cert to be generated offline.') do |ca_client|
|
76
76
|
parsed['ca-client'] = true
|
77
77
|
end
|
78
|
+
opts.on('--force', 'Suppress errors when signing cert offline.',
|
79
|
+
"To be used with '--ca-client'") do |force|
|
80
|
+
parsed['force'] = true
|
81
|
+
end
|
78
82
|
opts.on('--ttl TTL', 'The time-to-live for each cert generated and signed') do |ttl|
|
79
83
|
parsed['ttl'] = ttl
|
80
84
|
end
|
@@ -139,8 +143,21 @@ BANNER
|
|
139
143
|
|
140
144
|
# Generate and save certs and associated keys
|
141
145
|
if input['ca-client']
|
142
|
-
#
|
143
|
-
|
146
|
+
# Refuse to generate certs offline if the CA service is running
|
147
|
+
begin
|
148
|
+
return 1 if HttpClient.check_server_online(puppet.settings, @logger)
|
149
|
+
rescue Puppetserver::Ca::ConnectionFailed => e
|
150
|
+
base_message = "Could not determine whether Puppet Server is online."
|
151
|
+
if input['force']
|
152
|
+
@logger.inform("#{base_message} Connection check failed with " \
|
153
|
+
"error: #{e.wrapped}\nContinuing with certificate signing.")
|
154
|
+
else
|
155
|
+
@logger.inform("#{base_message} If you are certain that the " \
|
156
|
+
"Puppetserver service is stopped, run this command again " \
|
157
|
+
"with the '--force' flag.")
|
158
|
+
raise e
|
159
|
+
end
|
160
|
+
end
|
144
161
|
all_passed = generate_authorized_certs(certnames, alt_names, puppet.settings, signer.digest)
|
145
162
|
else
|
146
163
|
all_passed = generate_certs(certnames, alt_names, puppet.settings, signer.digest, input['ttl'])
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|