Class: Puppetserver::Ca::Action::Enable

Inherits:
Object
  • Object
show all
Includes:
Utils
Defined in:
lib/puppetserver/ca/action/enable.rb

Constant Summary collapse

SUMMARY = 
"Setup infrastructure CRL based on a node inventory."
<<-BANNER
Usage:
  puppetserver ca enable [--help]
  puppetserver ca enable [--infracrl]

Description:
  Performs actions necessary to enable certain CA modes.

  --infracrl
    Creates auxiliary files necessary to use the infrastructure-only CRL.
    Assumes the existence of an `infra_inventory.txt` file in the CA
    directory listing the certnames of the infrastructure nodes in the
    Puppet installation. Generates the the empty CRL to be populated with
    revoked infrastructure nodes.

Options:
BANNER

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger) ⇒ Enable

Returns a new instance of Enable.



35
36
37
 
# File 'lib/puppetserver/ca/action/enable.rb', line 35

def initialize(logger)
  @logger = logger
end

Class Method Details

.parser(parsed = {}) ⇒ Object 



123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
# File 'lib/puppetserver/ca/action/enable.rb', line 123

def self.parser(parsed = {})
  OptionParser.new do |opts|
    opts.banner = BANNER
    opts.on('--help', 'Display this command-specific help output') do |help|
      parsed['help'] = true
    end
    opts.on('--config CONF', 'Path to puppet.conf') do |conf|
      parsed['config'] = conf
    end
    opts.on('--infracrl', "Create auxiliary files for the infrastructure-only CRL.") do |infracrl|
      parsed['infracrl'] = true
    end
  end
end

Instance Method Details

#check_for_existing_infra_files(files) ⇒ Object 



82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/puppetserver/ca/action/enable.rb', line 82

def check_for_existing_infra_files(files)
  file_errors = FileSystem.check_for_existing_files(files)
  if !file_errors.empty?
    notice = <<-MSG
  If you would really like to reinitialize your infrastructure CRL, please delete
  the existing files and run this command again.
MSG
    file_errors << notice
  end
  return file_errors
end

#create_infra_crl_chain(settings) ⇒ Object 



94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/puppetserver/ca/action/enable.rb', line 94

def create_infra_crl_chain(settings)
  # Load most secure signing digest we can for cers/crl/csr signing.
  signer = SigningDigest.new
  return signer.errors if signer.errors.any?

  ca = LocalCertificateAuthority.new(signer.digest, settings)
  return ca.errors if ca.errors.any?

  infra_crl = ca.create_crl_for(ca.cert, ca.key)

  # Drop the full leaf CRL from the chain
  crl_chain = ca.crl_chain.drop(1)
  # Add the new clean CRL, that will be populated with infra nodes only
  # as they are revoked
  crl_chain.unshift(infra_crl)
  FileSystem.write_file(File.join(settings[:cadir], 'infra_crl.pem'), crl_chain, 0644)

  []
end

#enable_infra_crl(settings) ⇒ Object 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/puppetserver/ca/action/enable.rb', line 60

def enable_infra_crl(settings)
  inventory_file = File.join(settings[:cadir], 'infra_inventory.txt')
  if !File.exist?(inventory_file)
    error = <<-ERR
  Please create an inventory file at '#{inventory_file}' with the certnames of your
  infrastructure nodes before proceeding with infra CRL setup!"
ERR
    return [error]
  end

  infra_crl = File.join(settings[:cadir], 'infra_crl.pem')

  file_errors = check_for_existing_infra_files(infra_crl)
  return file_errors if !file_errors.empty?

  errors = create_infra_crl_chain(settings)
  return errors if !errors.empty?

  @logger.inform "Infra CRL files created."
  return []
end

#parse(cli_args) ⇒ Object 



114
115
116
117
118
119
120
121
 
# File 'lib/puppetserver/ca/action/enable.rb', line 114

def parse(cli_args)
  results = {}
  parser = self.class.parser(results)
  errors = CliParsing.parse_with_errors(parser, cli_args)
  errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help)
  exit_code = errors_were_handled ? 1 : nil
  return results, exit_code
end

#run(input) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/puppetserver/ca/action/enable.rb', line 39

def run(input)
  # Validate config_path provided
  config_path = input['config']
  if config_path
    errors = FileSystem.validate_file_paths(config_path)
    return 1 if Errors.handle_with_usage(@logger, errors)
  end

  puppet = Config::Puppet.new(config_path)
  puppet.load({}, @logger)
  settings = puppet.settings
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)

  if input['infracrl']
    errors = enable_infra_crl(settings)
    return 1 if Errors.handle_with_usage(@logger, errors)
  end

  return 0
end