Class: Puppetserver::Ca::PuppetConfig
- Inherits:
-
Object
- Object
- Puppetserver::Ca::PuppetConfig
- Includes:
- ConfigUtils
- Defined in:
- lib/puppetserver/ca/puppet_config.rb
Overview
Provides an interface for asking for Puppet settings w/o loading Puppet. Includes a simple ini parser that will ignore Puppet’s more complicated conventions.
Instance Attribute Summary collapse
-
#errors ⇒ Object
readonly
Returns the value of attribute errors.
-
#settings ⇒ Object
readonly
Returns the value of attribute settings.
Class Method Summary collapse
Instance Method Summary collapse
- #default_certname ⇒ Object
-
#initialize(supplied_config_path = nil) ⇒ PuppetConfig
constructor
A new instance of PuppetConfig.
- #load ⇒ Object
-
#parse_text(text) ⇒ Object
Parse an inifile formatted String.
-
#resolve_settings(overrides = {}) ⇒ Object
Resolve settings from default values, with any overrides for the specific settings or their dependent settings (ssldir, cadir) taken into account.
-
#user_specific_conf_dir ⇒ Object
Return the correct confdir.
- #user_specific_conf_file ⇒ Object
Methods included from ConfigUtils
Constructor Details
#initialize(supplied_config_path = nil) ⇒ PuppetConfig
Returns a new instance of PuppetConfig.
24 25 26 27 28 29 30 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 24 def initialize(supplied_config_path = nil) @using_default_location = !supplied_config_path @config_path = supplied_config_path || user_specific_conf_file @settings = nil @errors = [] end |
Instance Attribute Details
#errors ⇒ Object (readonly)
Returns the value of attribute errors.
22 23 24 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 22 def errors @errors end |
#settings ⇒ Object (readonly)
Returns the value of attribute settings.
22 23 24 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 22 def settings @settings end |
Class Method Details
.parse(config_path = nil) ⇒ Object
15 16 17 18 19 20 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 15 def self.parse(config_path = nil) instance = new(config_path) instance.load return instance end |
Instance Method Details
#default_certname ⇒ Object
66 67 68 69 70 71 72 73 74 75 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 66 def default_certname hostname = Facter.value(:hostname) domain = Facter.value(:domain) if domain and domain != '' fqdn = [hostname, domain].join('.') else fqdn = hostname end fqdn.chomp('.') end |
#load ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 50 def load if explicitly_given_config_file_or_default_config_exists? results = parse_text(File.read(@config_path)) end @certname = default_certname results ||= {} results[:main] ||= {} results[:master] ||= {} overrides = results[:main].merge(results[:master]) @settings = resolve_settings(overrides).freeze end |
#parse_text(text) ⇒ Object
Parse an inifile formatted String. Only captures word character class keys/section names but nearly any character values (excluding leading whitespace) up to one of whitespace, opening curly brace, or hash sign (Our concern being to capture filesystem path values). Put values without a section into :main.
Return Hash of Symbol section names with Symbol setting keys and String values.
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 155 def parse_text(text) res = {} current_section = :main text.each_line do |line| case line when /^\s*\[(\w+)\].*/ current_section = $1.to_sym when /^\s*(\w+)\s*=\s*([^\s{#]+).*$/ # Using a Hash with a default key breaks RSpec expectations. res[current_section] ||= {} res[current_section][$1.to_sym] = $2 end end res end |
#resolve_settings(overrides = {}) ⇒ Object
Resolve settings from default values, with any overrides for the specific settings or their dependent settings (ssldir, cadir) taken into account.
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 79 def resolve_settings(overrides = {}) unresolved_setting = /\$[a-z_]+/ # Returning the key for unknown keys (rather than nil) is required to # keep unknown settings in the string for later verification. substitutions = Hash.new {|h, k| k } settings = {} confdir = user_specific_conf_dir settings[:confdir] = substitutions['$confdir'] = confdir ssldir = overrides.fetch(:ssldir, '$confdir/ssl') settings[:ssldir] = substitutions['$ssldir'] = ssldir.sub('$confdir', confdir) certdir = overrides.fetch(:certdir, '$ssldir/certs') settings[:certdir] = substitutions['$certdir'] = certdir.sub(unresolved_setting, substitutions) cadir = overrides.fetch(:cadir, '$ssldir/ca') settings[:cadir] = substitutions['$cadir'] = cadir.sub(unresolved_setting, substitutions) settings[:certname] = substitutions['$certname'] = overrides.fetch(:certname, @certname) server = overrides.fetch(:server, '$certname') settings[:server] = substitutions['$server'] = server.sub(unresolved_setting, substitutions) settings[:masterport] = substitutions['$masterport'] = overrides.fetch(:masterport, '8140') settings[:ca_name] = overrides.fetch(:ca_name, 'Puppet CA: $certname') settings[:root_ca_name] = overrides.fetch(:root_ca_name, "Puppet Root CA: #{SecureRandom.hex(7)}") unmunged_ca_ttl = overrides.fetch(:ca_ttl, '15y') ttl_setting = Puppetserver::Settings::TTLSetting.new(:ca_ttl, unmunged_ca_ttl) if ttl_setting.errors ttl_setting.errors.each { |error| @errors << error } end settings[:ca_ttl] = ttl_setting.munged_value settings[:keylength] = overrides.fetch(:keylength, 4096) settings[:cacert] = overrides.fetch(:cacert, '$cadir/ca_crt.pem') settings[:cakey] = overrides.fetch(:cakey, '$cadir/ca_key.pem') settings[:rootkey] = overrides.fetch(:rootkey, '$cadir/root_key.pem') settings[:cacrl] = overrides.fetch(:cacrl, '$cadir/ca_crl.pem') settings[:serial] = overrides.fetch(:serial, '$cadir/serial') settings[:cert_inventory] = overrides.fetch(:cert_inventory, '$cadir/inventory.txt') settings[:ca_server] = overrides.fetch(:ca_server, '$server') settings[:ca_port] = overrides.fetch(:ca_port, '$masterport') settings[:localcacert] = overrides.fetch(:localcacert, '$certdir/ca.pem') settings[:hostcert] = overrides.fetch(:hostcert, '$certdir/$certname.pem') settings[:hostcrl] = overrides.fetch(:hostcrl, '$ssldir/crl.pem') settings[:privatekeydir] = overrides.fetch(:privatekeydir, '$ssldir/private_keys') settings[:publickeydir] = overrides.fetch(:publickeydir, '$ssldir/public_keys') settings[:certificate_revocation] = parse_crl_usage(overrides.fetch(:certificate_revocation, 'true')) settings.each_pair do |key, value| next unless value.is_a? String settings[key] = value.gsub(unresolved_setting, substitutions) if match = settings[key].match(unresolved_setting) @errors << "Could not parse #{match[0]} in #{value}, " + 'valid settings to be interpolated are ' + '$ssldir, $cadir, or $certname' end end return settings end |
#user_specific_conf_dir ⇒ Object
Return the correct confdir. We check for being root on *nix, else the user path. We do not include a check for running as Adminstrator since non-development scenarios for Puppet Server on Windows are unsupported. Note that Puppet Server runs as the [pe-]puppet user but to start/stop it you must be root.
38 39 40 41 42 43 44 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 38 def user_specific_conf_dir if running_as_root? '/etc/puppetlabs/puppet' else "#{ENV['HOME']}/.puppetlabs/etc/puppet" end end |
#user_specific_conf_file ⇒ Object
46 47 48 |
# File 'lib/puppetserver/ca/puppet_config.rb', line 46 def user_specific_conf_file user_specific_conf_dir + '/puppet.conf' end |