Try again

Add the class to handle certs, specs and modify puppetd should fix 1190, 1199, 1200
author: Andrew Shafer <andrew@reductivelabs.com> 2008-06-10 23:19:37 -0600
committer: Andrew Shafer <andrew@reductivelabs.com> 2008-06-10 23:19:37 -0600
commit: 946081b3c0bf24dc68a3a08fbcb6b5347e01de8f (patch)
tree: ce3dd2a23ec07ae21f1b06543e846a475bca37cf /lib/puppet/executables/client
parent: 041ca27460013088b790fab377aba0a8e470ce51 (diff)
download: puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.tar.gz
puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.tar.xz
puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/lib/puppet/executables/client/certhandler.rb b/lib/puppet/executables/client/certhandler.rb
new file mode 100644
index 000000000..d2ead3950
--- /dev/null
+++ b/lib/puppet/executables/client/certhandler.rb
@@ -0,0 +1,68 @@
+
+module Puppet
+    module Executables
+        module Client
+            class CertHandler
+                attr_writer :wait_for_cert, :one_time
+                
+                def initialize(wait_time, is_one_time)
+                    @wait_for_cert = wait_time
+                    @one_time = is_one_time
+                    @new_cert = false
+                end
+                
+                def read_retrieve 
+                    #NOTE: ACS this is checking that a file exists, maybe next time just do that?
+                    unless read_cert 
+                        # If we don't already have the certificate, then create a client to
+                        # request one.  Use the special ca stuff, don't use the normal server and port.
+                        retrieve_cert
+                    end
+
+                    !@new_cert
+                end
+
+                def retrieve_cert
+                    caclient = Puppet::Network::Client.ca.new()
+
+                    while true do
+                       begin
+                           if caclient.request_cert 
+                               break if read_new_cert
+                           else
+                               Puppet.notice "Did not receive certificate"
+                               if @one_time 
+                                   Puppet.notice "Set to run 'one time'; exiting with no certificate"
+                                   exit(1)
+                               end
+                           end
+                       rescue StandardError => detail
+                          Puppet.err "Could not request certificate: %s" % detail.to_s
+                          exit(23) if @one_time
+                       end
+
+                       sleep @wait_for_cert 
+                    end
+                end
+
+                def read_cert
+                     Puppet::Network::HttpPool.read_cert
+                end
+
+                def read_new_cert
+                    if Puppet::Network::HttpPool.read_cert
+                        # If we read it in, then we need to get rid of our existing http connection.
+                        # The @new_cert flag will help us do that
+                        @new_cert = true
+                        Puppet.notice "Got signed certificate"
+                    else
+                        Puppet.err "Could not read certificates after retrieving them"
+                        exit(34) if @one_time
+                    end
+
+                    return @new_cert
+                end
+            end
+        end
+    end
+end
author	Andrew Shafer <andrew@reductivelabs.com>	2008-06-10 23:19:37 -0600
committer	Andrew Shafer <andrew@reductivelabs.com>	2008-06-10 23:19:37 -0600
commit	946081b3c0bf24dc68a3a08fbcb6b5347e01de8f (patch)
tree	ce3dd2a23ec07ae21f1b06543e846a475bca37cf /lib/puppet/executables/client
parent	041ca27460013088b790fab377aba0a8e470ce51 (diff)
download	puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.tar.gz puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.tar.xz puppet-946081b3c0bf24dc68a3a08fbcb6b5347e01de8f.zip