Permalink
Browse files

Add the ability to check the existance of a certificate and dont do c…

…ert management if the node already has ssl
  • Loading branch information...
1 parent 14fddaa commit 402d7b6a1e90048caf11e4aa1915b72e77f87c67 @ripienaar ripienaar committed Feb 6, 2011
Showing with 43 additions and 10 deletions.
  1. +19 −1 agent/provision.ddl
  2. +3 −1 etc/provisioner.yaml
  3. +8 −0 lib/mcprovision/node.rb
  4. +13 −8 lib/mcprovision/runner.rb
View
@@ -22,7 +22,7 @@ end
action "set_puppet_host", :description => "Update /etc/hosts with the master IP" do
display :always
- input :ipaddress,
+ input :ipaddress,
:prompt => "Master IP Address",
:description => "IP Adress of the Puppet Master",
:type => :string,
@@ -60,3 +60,21 @@ action "run_puppet", :description => "Runs Puppet in the normal environment" do
:description => "Puppetd Exit Code",
:display_as => "Exit Code"
end
+
+action "has_cert", :description => "Finds out if we already have a Puppet certificate" do
+ output :has_cert,
+ :description => "Have a puppet certificate already been created",
+ :display_as => "Has Certificate"
+end
+
+action "lock_deploy", :description => "Lock the deploy so new ones can not be started" do
+ output :lockfile,
+ :description => "The file that got created",
+ :display_as => "Lock file"
+end
+
+action "is_locked", :description => "Determine if the install is currently locked" do
+ output :locked,
+ :description => "Is the install locked",
+ :display_as => "Locked"
+end
View
@@ -3,13 +3,15 @@ logfile: /dev/stderr
loglevel: debug
daemonize: false
steps:
+ lock: true
set_puppet_hostname: true
clean_node_certname: true
send_node_csr: true
sign_node_csr: true
puppet_bootstrap_stage: true
puppet_final_run: true
- notify: true
+ unlock: true
+ notify: false
master:
criteria:
- ec2_placement_region
View
@@ -23,6 +23,14 @@ def inventory
result
end
+ # Do we already have a puppet cert?
+ def has_cert?
+ MCProvision.info("Finding out if we already have a certificate")
+ result = @node.custom_request("has_cert", {}, @hostname, {"identity" => @hostname})
+
+ result.first[:data][:has_cert]
+ end
+
# sets the ip of the puppet master host using the
# set_puppet_host action on the node
def set_puppet_host(ipaddress)
View
@@ -62,14 +62,19 @@ def provision(node)
# calls set_puppet_host
node.set_puppet_host(master_ip) if @config.settings["steps"]["set_puppet_hostname"]
- # calls clean on all puppetmasters
- @master.clean_cert(node.hostname) if @config.settings["steps"]["clean_node_certname"]
-
- # Gets the node to request a CSR
- node.send_csr if @config.settings["steps"]["send_node_csr"]
-
- # Sign it
- @master.sign(node.hostname) if @config.settings["steps"]["sign_node_csr"]
+ # Only do certificate management if the node is clean and doesnt already have a cert
+ unless node.has_cert?
+ # calls clean on all puppetmasters
+ @master.clean_cert(node.hostname) if @config.settings["steps"]["clean_node_certname"]
+
+ # Gets the node to request a CSR
+ node.send_csr if @config.settings["steps"]["send_node_csr"]
+
+ # Sign it
+ @master.sign(node.hostname) if @config.settings["steps"]["sign_node_csr"]
+ else
+ MCProvision.info("Skipping SSL certificate management for node - already has a cert")
+ end
# Bootstrap it
node.bootstrap if @config.settings["steps"]["puppet_bootstrap_stage"]

0 comments on commit 402d7b6

Please sign in to comment.