Okay, Puppet is now almost entirely capable of configuring itself. I have not yet added the extra tests to puppetmasterd to make sure it can start as a normal user, and the executables still fail some simple tests because they are producing output when they start (I will get rid of the output), but overall things look pretty good.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@965 980ebf18-57e1-0310-9a29-db15c13687c0

1 files changed, 37 insertions, 25 deletions

diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index 9fec908d6..8d74cdf3e 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -2,35 +2,42 @@ class Puppet::SSLCertificates::CA
     Certificate = Puppet::SSLCertificates::Certificate
     attr_accessor :keyfile, :file, :config, :dir, :cert
 
-    Puppet.setdefaults("ca",
-        :certdir => ["$ssldir/certs", "The certificate directory."],
-        :publickeydir => ["$ssldir/public_keys", "The public key directory."],
-        :privatekeydir => ["$ssldir/private_keys", "The private key directory."],
-        :cadir => ["$ssldir/ca",
-            "The root directory for the certificate authority."],
-        :cacert => ["$cadir/ca_crt.pem", "The CA certificate."],
-        :cakey => ["$cadir/ca_key.pem", "The CA private key."],
+    Puppet.setdefaults(:ca,
+        :cadir => {  :default => "$ssldir/ca",
+            :mode => 0770,
+            :desc => "The root directory for the certificate authority."
+        },
+        :cacert => { :default => "$cadir/ca_crt.pem",
+            :mode => 0660,
+            :desc => "The CA certificate."
+        },
+        :cakey => { :default => "$cadir/ca_key.pem",
+            :mode => 0660,
+            :desc => "The CA private key."
+        },
         :capub => ["$cadir/ca_pub.pem", "The CA public key."],
-        :caprivatedir => ["$cadir/private",
-            "Where the CA stores private certificate information."],
+        :caprivatedir => { :default => "$cadir/private",
+            :mode => 0770,
+            :desc => "Where the CA stores private certificate information."
+        },
         :csrdir => ["$cadir/requests",
             "Where the CA stores certificate requests"],
-        :signeddir => ["$cadir/signed",
-            "Where the CA stores signed certificates."],
-        :capass => ["$caprivatedir/ca.pass",
-            "Where the CA stores the password for the private key"],
+        :signeddir => { :default => "$cadir/signed",
+            :mode => 0770,
+            :desc => "Where the CA stores signed certificates."
+        },
+        :capass => { :default => "$caprivatedir/ca.pass",
+            :mode => 0660,
+            :desc => "Where the CA stores the password for the private key"
+        },
         :serial => ["$cadir/serial",
             "Where the serial number for certificates is stored."],
-        :privatedir => ["$ssldir/private",
-            "Where the client stores private certificate information."],
-        :passfile => ["$privatedir/password",
-            "Where puppetd stores the password for its private key.  Generally
-            unused."],
-        :autosign => ["$confdir/autosign.conf",
-            "Whether to enable autosign.  Valid values are true (which autosigns
-            any key request, and is a very bad idea), false (which never autosigns
-            any key request), and the path to a file, which uses that configuration
-            file to determine which keys to sign."],
+        :autosign => { :default => "$confdir/autosign.conf",
+            :mode => 0640,
+            :desc => "Whether to enable autosign.  Valid values are true (which
+                autosigns any key request, and is a very bad idea), false (which
+                never autosigns any key request), and the path to a file, which
+                uses that configuration file to determine which keys to sign."},
         :ca_days => [1825, "How long a certificate should be valid."],
         :ca_md => ["md5", "The type of hash used in certificates."],
         :req_bits => [2048, "The bit length of the certificates."],
@@ -62,6 +69,7 @@ class Puppet::SSLCertificates::CA
     end
 
     def initialize(hash = {})
+        Puppet.config.use(:puppet, :certificates, :ca)
         self.setconfig(hash)
 
         if Puppet[:capass]
@@ -90,7 +98,11 @@ class Puppet::SSLCertificates::CA
         pass = ""
         20.times { pass += (rand(74) + 48).chr }
 
-        Puppet.recmkdir(File.dirname(@config[:capass]))
+        # FIXME It's a hack that this still needs to be here :/
+        unless FileTest.exists?(File.dirname(@config[:capass]))
+            Puppet::Util.recmkdir(File.dirname(@config[:capass]), 0770)
+        end
+
         begin
             File.open(@config[:capass], "w", 0600) { |f| f.print pass }
         rescue Errno::EACCES => detail