diff options
| author | Luke Kanies <luke@madstop.com> | 2008-06-14 13:53:56 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-06-14 13:53:56 -0500 |
| commit | 6a61198f9293674a4bf0aa75bfbca10e20f64d20 (patch) | |
| tree | 0b1b6c4ffe6e69c3c9d3e9650620e3afbd486f18 /lib/puppet/executables/client/certhandler.rb | |
| parent | eaa6eabc680cb6264594e30fd6a56e3e36765269 (diff) | |
| parent | 7b2c310e18b214424ae082e6ed2354a07b708c6f (diff) | |
| download | puppet-6a61198f9293674a4bf0aa75bfbca10e20f64d20.tar.gz puppet-6a61198f9293674a4bf0aa75bfbca10e20f64d20.tar.xz puppet-6a61198f9293674a4bf0aa75bfbca10e20f64d20.zip | |
Merge branch '0.24.x'
Also added the fixes to make the certhandler tests pass
even when certs exist; I'll deal with the conflict later.
Conflicts:
CHANGELOG
bin/puppetd
lib/puppet/network/http/handler.rb
lib/puppet/network/http/mongrel/rest.rb
spec/integration/indirector/rest.rb
spec/integration/network/server/mongrel.rb
spec/integration/network/server/webrick.rb
spec/unit/network/http/webrick.rb
Diffstat (limited to 'lib/puppet/executables/client/certhandler.rb')
| -rw-r--r-- | lib/puppet/executables/client/certhandler.rb | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/lib/puppet/executables/client/certhandler.rb b/lib/puppet/executables/client/certhandler.rb new file mode 100644 index 000000000..6f23de0e3 --- /dev/null +++ b/lib/puppet/executables/client/certhandler.rb @@ -0,0 +1,70 @@ + +module Puppet + module Executables + module Client + class CertHandler + attr_writer :wait_for_cert, :one_time + + attr_reader :caclient + + def initialize(wait_time, is_one_time) + @wait_for_cert = wait_time + @one_time = is_one_time + @new_cert = false + + @caclient = Puppet::Network::Client.ca.new() + end + + def read_retrieve + #NOTE: ACS this is checking that a file exists, maybe next time just do that? + unless read_cert + # If we don't already have the certificate, then create a client to + # request one. Use the special ca stuff, don't use the normal server and port. + retrieve_cert + end + + !@new_cert + end + + def retrieve_cert + while true do + begin + if caclient.request_cert + break if read_new_cert + else + Puppet.notice "Did not receive certificate" + if @one_time + Puppet.notice "Set to run 'one time'; exiting with no certificate" + exit(1) + end + end + rescue StandardError => detail + Puppet.err "Could not request certificate: %s" % detail.to_s + exit(23) if @one_time + end + + sleep @wait_for_cert + end + end + + def read_cert + caclient.read_cert + end + + def read_new_cert + if caclient.read_cert + # If we read it in, then we need to get rid of our existing http connection. + # The @new_cert flag will help us do that + @new_cert = true + Puppet.notice "Got signed certificate" + else + Puppet.err "Could not read certificates after retrieving them" + exit(34) if @one_time + end + + return @new_cert + end + end + end + end +end |