diff options
| author | Luke Kanies <luke@madstop.com> | 2008-05-07 12:29:58 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-05-07 12:29:58 -0500 |
| commit | 330359015602eba83077fccaa708c819d2d78b53 (patch) | |
| tree | ab124f5ae2a2493218b45b48cb3f07d9c8087f4a /bin | |
| parent | 8fd68e388aa0b26d2dacc201086960385ff5c834 (diff) | |
| download | puppet-330359015602eba83077fccaa708c819d2d78b53.tar.gz puppet-330359015602eba83077fccaa708c819d2d78b53.tar.xz puppet-330359015602eba83077fccaa708c819d2d78b53.zip | |
The master and client now successfully speak xmlrpc using the new system.
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/puppetd | 14 | ||||
| -rwxr-xr-x | bin/puppetmasterd | 9 |
2 files changed, 18 insertions, 5 deletions
diff --git a/bin/puppetd b/bin/puppetd index f652e6b08..b92773c76 100755 --- a/bin/puppetd +++ b/bin/puppetd @@ -317,6 +317,11 @@ if options[:centrallogs] Puppet::Util::Log.newdestination(logdest) end +# We need to specify a ca location for things to work, but +# until the REST cert transfers are working, it needs to +# be local. +Puppet::SSL::Host.ca_location = :local + # We need tomake the client either way, we just don't start it # if --no-client is set. client = Puppet::Network::Client.master.new(args) @@ -338,10 +343,9 @@ if Puppet[:daemonize] client.daemonize end -unless Puppet::Network::HttpPool.read_cert - # If we don't already have the certificate, then create a client to - # request one. Use the special ca stuff, don't use the normal server and port. - caclient = Puppet::Network::Client.ca.new() +caclient = Puppet::Network::Client.ca.new() + +unless caclient.read_cert if options[:waitforcert] > 0 begin while ! caclient.request_cert do @@ -360,7 +364,7 @@ unless Puppet::Network::HttpPool.read_cert end # Now read the new cert in. - if Puppet::Network::HttpPool.read_cert + if caclient.read_cert # If we read it in, then get rid of our existing http connection. client.recycle_connection Puppet.notice "Got signed certificate" diff --git a/bin/puppetmasterd b/bin/puppetmasterd index 57fc4bdb4..625b75d52 100755 --- a/bin/puppetmasterd +++ b/bin/puppetmasterd @@ -160,6 +160,15 @@ Puppet::Node::Facts.terminus_class = :yaml # Cache our nodes in yaml. Currently not configurable. Puppet::Node.cache_class = :yaml +# Configure all of the SSL stuff. +if Puppet::SSL::CertificateAuthority.ca? + Puppet::SSL::Host.ca_location = :local + Puppet.settings.use :main, :ssl, :ca + Puppet::SSL::CertificateAuthority.instance +else + Puppet::SSL::Host.ca_location = :none +end + require 'etc' if Puppet[:parseonly] |