258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
# File 'lib/puppet/application/ssl.rb', line 258
def clean(certname)
if certname == Puppet[:ca_server]
cert = nil
begin
ssl_context = @machine.ensure_ca_certificates
route = create_route(ssl_context)
_, cert = route.get_certificate(certname, ssl_context: ssl_context)
rescue Puppet::HTTP::ResponseError => e
if e.response.code.to_i != 404
raise Puppet::Error.new(_("Failed to connect to the CA to determine if certificate %{certname} has been cleaned") % { certname: certname }, e)
end
rescue => e
raise Puppet::Error.new(_("Failed to connect to the CA to determine if certificate %{certname} has been cleaned") % { certname: certname }, e)
end
if cert
raise Puppet::Error, _(<<END) % { certname: certname }
The certificate %{certname} must be cleaned from the CA first. To fix this,
run the following commands on the CA:
puppetserver ca clean --certname %{certname}
puppet ssl clean
END
end
end
paths = {
'private key' => Puppet[:hostprivkey],
'public key' => Puppet[:hostpubkey],
'certificate request' => Puppet[:hostcsr],
'certificate' => Puppet[:hostcert],
'private key password file' => Puppet[:passfile]
}
if options[:localca]
paths['local CA certificate'] = Puppet[:localcacert]
paths['local CRL'] = Puppet[:hostcrl]
end
paths.each_pair do |label, path|
if Puppet::FileSystem.exist?(path)
Puppet::FileSystem.unlink(path)
Puppet.notice _("Removed %{label} %{path}") % { label: label, path: path }
end
end
end
|