diff options
| author | Luke Kanies <luke@madstop.com> | 2008-04-15 12:09:13 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-15 12:09:13 -0500 |
| commit | d738f31dd33f6f4683b78f49041a302e4d95eae7 (patch) | |
| tree | 3e73ac107caf7c82179a4eb1ecedbe0af2fc3c31 /lib | |
| parent | d834242db13a827a34340c5f2e51c8df532d5196 (diff) | |
| download | puppet-d738f31dd33f6f4683b78f49041a302e4d95eae7.tar.gz puppet-d738f31dd33f6f4683b78f49041a302e4d95eae7.tar.xz puppet-d738f31dd33f6f4683b78f49041a302e4d95eae7.zip | |
Adding the necessary tests for webrick to have logging and
ssl. The tests can't be completed until the certificate work
is all done.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/network/http/webrick.rb | 74 |
1 files changed, 73 insertions, 1 deletions
diff --git a/lib/puppet/network/http/webrick.rb b/lib/puppet/network/http/webrick.rb index 3a37e2071..762c29451 100644 --- a/lib/puppet/network/http/webrick.rb +++ b/lib/puppet/network/http/webrick.rb @@ -22,7 +22,13 @@ class Puppet::Network::HTTP::WEBrick @protocols = args[:protocols] @handlers = args[:handlers] - @server = WEBrick::HTTPServer.new(:BindAddress => args[:address], :Port => args[:port]) + + arguments = {:BindAddress => args[:address], :Port => args[:port]} + arguments.merge!(setup_logger) + arguments.merge!(setup_ssl) + + @server = WEBrick::HTTPServer.new(arguments) + setup_handlers @mutex.synchronize do @@ -48,6 +54,72 @@ class Puppet::Network::HTTP::WEBrick end end + # Configure out http log file. + def setup_logger + # Make sure the settings are all ready for us. + Puppet.settings.use(:main, :ssl, Puppet[:name]) + + if Puppet[:name] == "puppetmasterd" + file = Puppet[:masterhttplog] + else + file = Puppet[:httplog] + end + + # open the log manually to prevent file descriptor leak + file_io = ::File.open(file, "a+") + file_io.sync + file_io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) + + args = [file_io] + args << WEBrick::Log::DEBUG if Puppet::Util::Log.level == :debug + + logger = WEBrick::Log.new(*args) + return :Logger => logger, :AccessLog => [ + [logger, WEBrick::AccessLog::COMMON_LOG_FORMAT ], + [logger, WEBrick::AccessLog::REFERER_LOG_FORMAT ] + ] + end + + # Add all of the ssl cert information. + def setup_ssl + results = {} + + results[:SSLCertificateStore] = setup_crl if Puppet[:cacrl] != 'false' + + results[:SSLCertificate] = self.cert + results[:SSLPrivateKey] = self.key + results[:SSLStartImmediately] = true + results[:SSLEnable] = true + results[:SSLCACertificateFile] = Puppet[:localcacert] + results[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER + results[:SSLCertName] = nil + + results + end + + # Create our Certificate revocation list + def setup_crl + nil + if Puppet[:cacrl] == 'false' + # No CRL, no store needed + return nil + end + unless File.exist?(Puppet[:cacrl]) + raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage" + end + crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])) + store = OpenSSL::X509::Store.new + store.purpose = OpenSSL::X509::PURPOSE_ANY + store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK + unless self.ca_cert + raise Puppet::Error, "Could not find CA certificate" + end + + store.add_file(Puppet[:localcacert]) + store.add_crl(crl) + return store + end + private def setup_handlers |