Class: Simp::Cli::Commands::Cleancerts

Inherits:
Simp::Cli
  • Object
show all
Defined in:
lib/simp/cli/commands/cleancerts.rb

Constant Summary

Constants inherited from Simp::Cli

VERSION

Class Method Summary collapse

Methods inherited from Simp::Cli

help, menu

Class Method Details

.clean_certsObject 



41
42
43
44
 
# File 'lib/simp/cli/commands/cleancerts.rb', line 41

def self.clean_certs

  success
end

.run(args = Array.new) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/simp/cli/commands/cleancerts.rb', line 46

def self.run(args = Array.new)
  File.exists?('/usr/sbin/puppetd') && File.exists?('/usr/sbin/puppetca')

  raise "SIMP CleanCerts cannot be run as 'root'." if Process.uid == 0

  @host_list = Array.new
  if @gen_host_list
    @host_list = %x{cd /;sudo /usr/sbin/puppetca --list --all}.split("\n").map { |host| host.split(/\(.*\)/).first.split(/\s+/).last }
  else
    File.open(@host_file).each_line do |line|
      @host_list << line.chomp
    end
  end
  @host_list.compact!

  if @host_list.size == 0
    puts "No known hosts to clean!"
    exit 0
  end

  system("echo 'Please review the list of hosts to clean certificates on:\n - #{@host_list.join("\n - ")}' | less -f")

  if Utils.yes_or_no("Clean certificates for all listed hosts?", false)
    if @gen_host_list
      file = File.open(@host_file, 'w')
      @host_list.each do |host|
        file.puts host
      end
      file.close
    end

    @host_list.each do |host|
      %{sudo /usr/sbin/puppetca --revoke #{host}}
      %{sudo /usr/sbin/puppetca --clean #{host}}
    end

    result = %x{pssh -f -h #{@host_file} -OStrictHostKeyChecking=no "sudo /bin/rm -rf /var/lib/puppet/ssl"}
    result.each_line do |line|
      if line =~ /.*\[FAILURE\]\s([A-Za-z0-9\-\.]+).*/
        success = false
        @host_errors << $1
      end
    end

    if @host_errors.empty?
      puts "Successfully cleaned certificates for the #{@host_list.size} hosts listed in #{@host_file.path}."
    else
      filename = "#{@conf_dir}/pssh_error#{Time.now.strftime("%Y%m%d%H%M")}"
      File.open(filename, 'w') do
        @host_errors.each { |err| file.puts err }
      end
      raise "Errors occured while cleaning certificates, outputting list of hosts with errors to #{filename}"
    end
  else
    if @gen_host_list
      puts "If you do not want to clean all certificates, you can place"
      puts "all hosts you want to clean in a newline-delimited file and"
      puts "use the '--hosts <hosts_file>' command line option."
    end

    puts "If you want to manually clean certificates on all boxes,"
    puts "follow the steps to clean certificates from the "
    puts "'\033[1mChanging Puppet Masters\033[21m' users guide."
    puts "Also look through the '\033[1mPerforming One Shot Operations\033[21m'"
    puts "users guide for guidance on doing this with PSSH.\n"
    puts "Users guides can be found using '\033[1msimp doc\033[21m'."
  end
end