diff options
| author | Luke Kanies <luke@madstop.com> | 2008-05-07 12:29:58 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-05-07 12:29:58 -0500 |
| commit | 330359015602eba83077fccaa708c819d2d78b53 (patch) | |
| tree | ab124f5ae2a2493218b45b48cb3f07d9c8087f4a /lib/puppet/ssl | |
| parent | 8fd68e388aa0b26d2dacc201086960385ff5c834 (diff) | |
| download | puppet-330359015602eba83077fccaa708c819d2d78b53.tar.gz puppet-330359015602eba83077fccaa708c819d2d78b53.tar.xz puppet-330359015602eba83077fccaa708c819d2d78b53.zip | |
The master and client now successfully speak xmlrpc using the new system.
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
Diffstat (limited to 'lib/puppet/ssl')
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 21 | ||||
| -rw-r--r-- | lib/puppet/ssl/certificate_factory.rb | 2 |
2 files changed, 17 insertions, 6 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index 0329f5354..5054c1dbe 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -16,11 +16,16 @@ class Puppet::SSL::CertificateAuthority require 'puppet/ssl/certificate_authority/interface' + def self.ca? + return false unless Puppet[:ca] + return false unless Puppet[:name] == "puppetmasterd" + return true + end + # If this process can function as a CA, then return a singleton # instance. def self.instance - return nil unless Puppet[:ca] - return nil unless Puppet[:name] == "puppetmasterd" + return nil unless ca? unless defined?(@instance) and @instance @instance = new @@ -177,11 +182,17 @@ class Puppet::SSL::CertificateAuthority # file so this one is considered used. def next_serial serial = nil + + # This is slightly odd. If the file doesn't exist, our readwritelock creates + # it, but with a mode we can't actually read in some cases. So, use + # a default before the lock. + unless FileTest.exist?(Puppet[:serial]) + serial = 0x0 + end + Puppet.settings.readwritelock(:serial) { |f| if FileTest.exist?(Puppet[:serial]) - serial = File.read(Puppet.settings[:serial]).chomp.hex - else - serial = 0x0 + serial ||= File.read(Puppet.settings[:serial]).chomp.hex end # We store the next valid serial, not the one we just used. diff --git a/lib/puppet/ssl/certificate_factory.rb b/lib/puppet/ssl/certificate_factory.rb index 4b1669804..41155fd41 100644 --- a/lib/puppet/ssl/certificate_factory.rb +++ b/lib/puppet/ssl/certificate_factory.rb @@ -115,7 +115,7 @@ class Puppet::SSL::CertificateFactory dnsnames = Puppet[:certdnsnames] name = @name.to_s.sub(%r{/CN=},'') if dnsnames != "" - dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d } + dnsnames.split(':').each { |d| @subject_alt_name << 'DNS:' + d } @subject_alt_name << 'DNS:' + name # Add the fqdn as an alias elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server @subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias |