diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2005-08-30 00:13:53 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2005-08-30 00:13:53 +0000 |
| commit | 998b4155dfc7a783b6dba5beafa272b579e98381 (patch) | |
| tree | 6d815be734b2461d912b0e3b5b42ba12c3c82de5 /lib/puppet | |
| parent | 7f274a4c53a676ab471a823b4d281d7708edf70d (diff) | |
| download | puppet-998b4155dfc7a783b6dba5beafa272b579e98381.tar.gz puppet-998b4155dfc7a783b6dba5beafa272b579e98381.tar.xz puppet-998b4155dfc7a783b6dba5beafa272b579e98381.zip | |
correcting documentation on autosign in puppetmasterd, and switching the autosign.conf file to use the same authstore as fileserver.conf
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@609 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/server/ca.rb | 45 | ||||
| -rwxr-xr-x | lib/puppet/sslcertificates.rb | 2 |
2 files changed, 25 insertions, 22 deletions
diff --git a/lib/puppet/server/ca.rb b/lib/puppet/server/ca.rb index 669fe1290..04096a216 100644 --- a/lib/puppet/server/ca.rb +++ b/lib/puppet/server/ca.rb @@ -16,6 +16,7 @@ class Server iface.add_method("array getcert(csr)") } + # FIXME autosign? should probably accept both hostnames and IP addresses def autosign?(hostname) # simple values are easy asign = Puppet[:autosign] @@ -33,32 +34,34 @@ class Server Puppet.warning "Autosign is enabled but %s is missing" % asign return false end + auth = Puppet::Server::AuthStore.new File.open(asign) { |f| f.each { |line| - line.chomp! - if line =~ /^[.\w-]+$/ and line == hostname - Puppet.info "%s exactly matched %s" % [hostname, line] - return true - else - begin - rx = Regexp.new(line) - rescue => detail - Puppet.err( - "Could not create regexp out of autosign line %s: %s" % - [line, detail] - ) - next - end - - if hostname =~ rx - Puppet.info "%s matched %s" % [hostname, line] - return true - end - end + auth.allow(line.chomp) +# if line =~ /^[.\w-]+$/ and line == hostname +# Puppet.info "%s exactly matched %s" % [hostname, line] +# return true +# else +# begin +# rx = Regexp.new(line) +# rescue => detail +# Puppet.err( +# "Could not create regexp out of autosign line %s: %s" % +# [line, detail] +# ) +# next +# end +# +# if hostname =~ rx +# Puppet.info "%s matched %s" % [hostname, line] +# return true +# end +# end } } - return false + # for now, just cheat and pass a fake IP address to allowed? + return auth.allowed?(hostname, "127.0.0.1") end def initialize(hash = {}) diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb index fd26c097a..da6853a8c 100755 --- a/lib/puppet/sslcertificates.rb +++ b/lib/puppet/sslcertificates.rb @@ -207,7 +207,7 @@ module SSLCertificates :serial => [:cadir, "serial"], :privatedir => [:ssldir, "private"], :passfile => [:privatedir, "password"], - :autosign => [:ssldir, "autosign"], + :autosign => [:ssldir, "autosign.conf"], :ca_crl_days => 365, :ca_days => 1825, :ca_md => "md5", |