~nvalcarcel/ubuntu/lucid/puppet/fix-546677

« back to all changes in this revision

Viewing changes to lib/puppet/executables/client/certhandler.rb

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2009-12-23 00:48:10 UTC
  • mfrom: (1.1.10 upstream) (3.1.7 squeeze)
  • Revision ID: james.westby@ubuntu.com-20091223004810-3i4oryds922g5n59
Tags: 0.25.1-3ubuntu1
* Merge from debian testing.  Remaining changes:
  - debian/rules:
    + Don't start puppet when first installing puppet.
  - debian/puppet.conf, lib/puppet/defaults.rb:
    + Move templates to /etc/puppet
  - lib/puppet/defaults.rb:
    + Fix /var/lib/puppet/state ownership.
  - man/man8/puppet.conf.8: 
    + Fix broken URL in manpage.
  - debian/control:
    + Update maintainer accordint to spec.
    + Puppetmaster Recommends -> Suggests
    + Created puppet-testsuite as a seperate. Allow the users to run puppet's 
      testsuite.
  - tests/Rakefile: Fix rakefile so that the testsuite can acutally be ran.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
 
2
 
module Puppet
3
 
    module Executables
4
 
        module Client
5
 
            class CertHandler
6
 
                attr_writer :wait_for_cert, :one_time
7
 
                attr_reader :new_cert
8
 
                
9
 
                def initialize(wait_time, is_one_time)
10
 
                    @wait_for_cert = wait_time
11
 
                    @one_time = is_one_time
12
 
                    @new_cert = false
13
 
                end
14
 
 
15
 
                # Did we just read a cert?
16
 
                def new_cert?
17
 
                    new_cert
18
 
                end
19
 
                
20
 
                # Read, or retrieve if necessary, our certificate.  Returns true if we retrieved
21
 
                # a new cert, false if the cert already exists.
22
 
                def read_retrieve 
23
 
                    #NOTE: ACS this is checking that a file exists, maybe next time just do that?
24
 
                    unless read_cert 
25
 
                        # If we don't already have the certificate, then create a client to
26
 
                        # request one.  Use the special ca stuff, don't use the normal server and port.
27
 
                        retrieve_cert
28
 
                    end
29
 
 
30
 
                    ! new_cert?
31
 
                end
32
 
 
33
 
                def retrieve_cert
34
 
                    caclient = Puppet::Network::Client.ca.new()
35
 
 
36
 
                    while true do
37
 
                       begin
38
 
                           if caclient.request_cert 
39
 
                               break if read_new_cert
40
 
                           else
41
 
                               Puppet.notice "Did not receive certificate"
42
 
                               if @one_time 
43
 
                                   Puppet.notice "Set to run 'one time'; exiting with no certificate"
44
 
                                   exit(1)
45
 
                               end
46
 
                           end
47
 
                       rescue StandardError => detail
48
 
                          Puppet.err "Could not request certificate: %s" % detail.to_s
49
 
                          exit(23) if @one_time
50
 
                       end
51
 
 
52
 
                        if @wait_for_cert > 0
53
 
                            sleep @wait_for_cert
54
 
                        else
55
 
                            Puppet.notice "waitforcert disabled; exiting with no certificate"
56
 
                            exit(1)
57
 
                        end
58
 
                    end
59
 
                end
60
 
 
61
 
                def read_cert
62
 
                    Puppet::Network::HttpPool.read_cert
63
 
                end
64
 
 
65
 
                def read_new_cert
66
 
                    if Puppet::Network::HttpPool.read_cert
67
 
                        # If we read it in, then we need to get rid of our existing http connection.
68
 
                        # The @new_cert flag will help us do that, in that it provides a way
69
 
                        # to notify that the cert status has changed.
70
 
                        @new_cert = true
71
 
                        Puppet.notice "Got signed certificate"
72
 
                    else
73
 
                        Puppet.err "Could not read certificates after retrieving them"
74
 
                        exit(34) if @one_time
75
 
                    end
76
 
 
77
 
                    return @new_cert
78
 
                end
79
 
            end
80
 
        end
81
 
    end
82
 
end