diff options
| -rwxr-xr-x | bin/puppetca | 29 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/ca.rb | 20 | ||||
| -rw-r--r-- | test/server/ca.rb | 7 |
3 files changed, 47 insertions, 9 deletions
diff --git a/bin/puppetca b/bin/puppetca index 8bc7ac1ae..2cbb37872 100755 --- a/bin/puppetca +++ b/bin/puppetca @@ -10,6 +10,7 @@ # # puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] # [-g|--generate] [-l|--list] [-s|--sign] +# [-c|--clean] [host] # # = Description # @@ -29,6 +30,9 @@ # all:: # Operate on all outstanding requests. Only makes sense with '--sign'. # +# clean:: +# Remove all traces of a host. This is useful when rebuilding hosts. +# # debug:: # Enable full debugging. # @@ -78,6 +82,7 @@ end options = [ [ "--all", "-a", GetoptLong::NO_ARGUMENT ], + [ "--clean", "-c", GetoptLong::NO_ARGUMENT ], [ "--debug", "-d", GetoptLong::NO_ARGUMENT ], [ "--generate", "-g", GetoptLong::NO_ARGUMENT ], [ "--help", "-h", GetoptLong::NO_ARGUMENT ], @@ -100,6 +105,8 @@ begin case opt when "--all" all = true + when "--clean" + mode = :clean when "--debug" Puppet::Log.level = :debug when "--generate" @@ -150,15 +157,23 @@ unless mode exit(12) end -hosts = ca.list -unless hosts.length > 0 or mode == :generate - Puppet.info "No waiting requests" - exit(0) +if mode == :generate or mode == :clean + hosts = ARGV +else + hosts = ca.list + unless hosts.length > 0 + puts "No certificates to sign" + exit(0) + end end case mode when :list puts hosts.join("\n") +when :clean + hosts.each do |host| + ca.clean(host) + end when :sign unless ARGV.length > 0 or all $stderr.puts( @@ -200,11 +215,7 @@ when :sign } when :generate # we need to generate a certificate for a host - unless ARGV.length > 0 - $stderr.puts "You must specify hosts to generate certs for" - exit(84) - end - ARGV.each { |host| + hosts.each { |host| puts "Generating certificate for %s" % host cert = Puppet::SSLCertificates::Certificate.new( :name => host diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index aacf3352c..4e4cd8ba8 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -70,6 +70,26 @@ class Puppet::SSLCertificates::CA @config[:cacert] end + # Remove all traces of a given host. This is kind of hackish, but, eh. + def clean(host) + [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir].each do |name| + dir = Puppet[name] + + file = File.join(dir, host + ".pem") + + if FileTest.exists?(file) + begin + puts "Removing %s" % file + File.unlink(file) + rescue => detail + raise Puppet::Error, "Could not delete %s: %s" % + [file, detail] + end + end + + end + end + def host2csrfile(hostname) File.join(Puppet[:csrdir], [hostname, "pem"].join(".")) end diff --git a/test/server/ca.rb b/test/server/ca.rb index 99b79fea2..0009b3d32 100644 --- a/test/server/ca.rb +++ b/test/server/ca.rb @@ -147,6 +147,13 @@ class TestCA < Test::Unit::TestCase assert_nothing_raised { OpenSSL::X509::Certificate.new(newtext) } + + # Now verify that we can clean a given host's certs + assert_nothing_raised { + ca.clean("anothertest.domain.com") + } + + assert(!File.exists?(cert.certfile), "Cert still exists after clean") end # and now test the autosign file |