blob: 6f23de0e307db78ea7abd79489e2aa421d54e0ee (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
module Puppet
module Executables
module Client
class CertHandler
attr_writer :wait_for_cert, :one_time
attr_reader :caclient
def initialize(wait_time, is_one_time)
@wait_for_cert = wait_time
@one_time = is_one_time
@new_cert = false
@caclient = Puppet::Network::Client.ca.new()
end
def read_retrieve
#NOTE: ACS this is checking that a file exists, maybe next time just do that?
unless read_cert
# If we don't already have the certificate, then create a client to
# request one. Use the special ca stuff, don't use the normal server and port.
retrieve_cert
end
!@new_cert
end
def retrieve_cert
while true do
begin
if caclient.request_cert
break if read_new_cert
else
Puppet.notice "Did not receive certificate"
if @one_time
Puppet.notice "Set to run 'one time'; exiting with no certificate"
exit(1)
end
end
rescue StandardError => detail
Puppet.err "Could not request certificate: %s" % detail.to_s
exit(23) if @one_time
end
sleep @wait_for_cert
end
end
def read_cert
caclient.read_cert
end
def read_new_cert
if caclient.read_cert
# If we read it in, then we need to get rid of our existing http connection.
# The @new_cert flag will help us do that
@new_cert = true
Puppet.notice "Got signed certificate"
else
Puppet.err "Could not read certificates after retrieving them"
exit(34) if @one_time
end
return @new_cert
end
end
end
end
end
|
