module Puppet::Acceptance::CAUtils

Public Instance Methods

clean_cert(host, cn, check = true) click to toggle source
   # File acceptance/lib/puppet/acceptance/common_utils.rb
70 def clean_cert(host, cn, check = true)
71   if host == master && master[:is_puppetserver]
72       on master, puppet_resource("service", master['puppetservice'], "ensure=stopped")
73   end
74 
75   on(host, puppet('cert', 'clean', cn), :acceptable_exit_codes => check ? [0] : [0, 24])
76   if check
77     assert_match(/remov.*Certificate.*#{cn}/i, stdout, "Should see a log message that certificate request was removed.")
78     on(host, puppet('cert', 'list', '--all'))
79     assert_no_match(/#{cn}/, stdout, "Should not see certificate in list anymore.")
80   end
81 end
clear_agent_ssl() click to toggle source
   # File acceptance/lib/puppet/acceptance/common_utils.rb
83 def clear_agent_ssl
84   return if master.is_pe?
85   step "All: Clear agent only ssl settings (do not clear master)"
86   hosts.each do |host|
87     next if host == master
88     ssldir = on(host, puppet('agent --configprint ssldir')).stdout.chomp
89     on( host, host_command("rm -rf '#{ssldir}'") )
90   end
91 end
initialize_ssl() click to toggle source
   # File acceptance/lib/puppet/acceptance/common_utils.rb
23 def initialize_ssl
24   hostname = on(master, 'facter hostname').stdout.strip
25   fqdn = on(master, 'facter fqdn').stdout.strip
26 
27   if master.use_service_scripts?
28     step "Ensure puppet is stopped"
29     # Passenger, in particular, must be shutdown for the cert setup steps to work,
30     # but any running puppet master will interfere with webrick starting up and
31     # potentially ignore the puppet.conf changes.
32     on(master, puppet('resource', 'service', master['puppetservice'], "ensure=stopped"))
33   end
34 
35   step "Clear SSL on all hosts"
36   hosts.each do |host|
37     ssldir = on(host, puppet('agent --configprint ssldir')).stdout.chomp
38     on(host, "rm -rf '#{ssldir}'")
39   end
40 
41   step "Master: Start Puppet Master" do
42     master_opts = {
43       :main => {
44         :dns_alt_names => "puppet,#{hostname},#{fqdn}",
45       },
46       :__service_args__ => {
47         # apache2 service scripts can't restart if we've removed the ssl dir
48         :bypass_service_script => true,
49       },
50     }
51     with_puppet_running_on(master, master_opts) do
52 
53       hosts.each do |host|
54         next if host['roles'].include? 'master'
55 
56         step "Agents: Run agent --test first time to gen CSR"
57         on host, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [1]
58       end
59 
60       # Sign all waiting certs
61       step "Master: sign all certs"
62       on master, puppet("cert --sign --all"), :acceptable_exit_codes => [0,24]
63 
64       step "Agents: Run agent --test second time to obtain signed cert"
65       on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]
66     end
67   end
68 end
reset_agent_ssl(resign = true) click to toggle source
    # File acceptance/lib/puppet/acceptance/common_utils.rb
 93 def reset_agent_ssl(resign = true)
 94   return if master.is_pe?
 95   clear_agent_ssl
 96 
 97   hostname = master.execute('facter hostname')
 98   fqdn = master.execute('facter fqdn')
 99 
100   step "Clear old agent certificates from master" do
101     agents.each do |agent|
102       next if agent == master && agent.is_using_passenger?
103       agent_cn = on(agent, puppet('agent --configprint certname')).stdout.chomp
104       clean_cert(master, agent_cn, false) if agent_cn
105     end
106   end
107 
108   if resign
109     step "Master: Ensure the master is listening and autosigning"
110     with_puppet_running_on(master,
111                             :master => {
112                               :dns_alt_names => "puppet,#{hostname},#{fqdn}",
113                               :autosign => true,
114                             }
115                           ) do
116 
117       agents.each do |agent|
118         next if agent == master && agent.is_using_passenger?
119         step "Agents: Run agent --test once to obtain auto-signed cert" do
120           on agent, puppet('agent', "--test --server #{master}"), :acceptable_exit_codes => [0,2]
121         end
122       end
123     end
124   end
125 end