Maint: move puppet cert --help

1 files changed, 111 insertions, 0 deletions

diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index 467b0c859..0db968e9e 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -45,6 +45,117 @@ class Puppet::Application::Cert < Puppet::Application
     Puppet::Util::Log.level = :info
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Stand-alone certificate authority. Capable of generating certificates
+but mostly meant for signing certificate requests from puppet clients.
+
+
+USAGE
+=====
+  puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+              [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
+              [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
+              [--fingerprint] [host]
+
+
+DESCRIPTION
+===========
+Because the puppetmasterd daemon defaults to not signing client
+certificate requests, this script is available for signing outstanding
+requests. It can be used to list outstanding requests and then either
+sign them individually or sign all of them.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet cert with
+'--genconfig'.
+
+all:         Operate on all items. Currently only makes sense with
+             '--sign', '--clean', or '--list'.
+
+digest:      Set the digest for fingerprinting (defaults to md5). Valid
+             values depends on your openssl and openssl ruby extension
+             version, but should contain at least md5, sha1, md2,
+             sha256.
+
+clean:       Remove all files related to a host from puppet cert's
+             storage. This is useful when rebuilding hosts, since new
+             certificate signing requests will only be honored if puppet
+             cert does not have a copy of a signed certificate for that
+             host. The certificate of the host is also revoked. If
+             '--all' is specified then all host certificates, both
+             signed and unsigned, will be removed.
+
+debug:       Enable full debugging.
+
+generate:    Generate a certificate for a named client. A
+             certificate/keypair will be generated for each client named
+             on the command line.
+
+help:        Print this help message
+
+list:        List outstanding certificate requests. If '--all' is
+             specified, signed certificates are also listed, prefixed by
+             '+', and revoked or invalid certificates are prefixed by
+             '-' (the verification outcome is printed in parenthesis).
+
+print:       Print the full-text version of a host's certificate.
+
+fingerprint: Print the DIGEST (defaults to md5) fingerprint of a host's
+             certificate.
+
+revoke:      Revoke the certificate of a client. The certificate can be
+             specified either by its serial number, given as a decimal
+             number or a hexadecimal number prefixed by '0x', or by its
+             hostname. The certificate is revoked by adding it to the
+             Certificate Revocation List given by the 'cacrl' config
+             parameter. Note that the puppetmasterd needs to be
+             restarted after revoking certificates.
+
+sign:        Sign an outstanding certificate request. Unless '--all' is
+             specified, hosts must be listed after all flags.
+
+verbose:     Enable verbosity.
+
+version:     Print the puppet version number and exit.
+
+verify:      Verify the named certificate against the local CA
+             certificate.
+
+
+EXAMPLE
+=======
+  $ puppet cert -l
+  culain.madstop.com
+  $ puppet cert -s culain.madstop.com
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def main
     if @all
       hosts = :all