generated from theforeman/foreman_plugin_template
-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
789713a
commit c0d88ea
Showing
6 changed files
with
130 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
181 changes: 91 additions & 90 deletions
181
app/models/concerns/foreman_puppet/orchestration/puppetca.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,111 +1,112 @@ | ||
module ForemanPuppet | ||
module Orchestration::Puppetca | ||
extend ActiveSupport::Concern | ||
include Orchestration::Common | ||
|
||
included do | ||
attr_reader :puppetca | ||
after_validation :initialize_puppetca, :unless => :skip_orchestration? | ||
after_validation :queue_puppetca | ||
before_destroy :initialize_puppetca, :queue_puppetca_destroy | ||
end | ||
module Orchestration | ||
module Puppetca | ||
extend ActiveSupport::Concern | ||
include Orchestration::Common | ||
|
||
protected | ||
included do | ||
attr_reader :puppetca | ||
|
||
def initialize_puppetca | ||
return unless puppetca? | ||
return unless Setting[:manage_puppetca] | ||
@puppetca = ProxyAPI::Puppetca.new :url => puppet_ca_proxy.url | ||
true | ||
rescue => e | ||
failure _("Failed to initialize the PuppetCA proxy: %s") % e, e | ||
end | ||
after_validation :initialize_puppetca, unless: :skip_orchestration? | ||
after_validation :queue_puppetca | ||
before_destroy :initialize_puppetca, :queue_puppetca_destroy | ||
end | ||
|
||
# Removes the host's puppet certificate from the puppetmaster's CA | ||
def delCertificate | ||
logger.info "Remove puppet certificate for #{name}" | ||
puppetca.del_certificate certname | ||
end | ||
protected | ||
|
||
# Empty method for rollbacks - maybe in the future we would support creating the certificates directly | ||
def setCertificate | ||
end | ||
def initialize_puppetca | ||
return unless puppetca? | ||
return unless Setting[:manage_puppetca] | ||
@puppetca = ProxyAPI::Puppetca.new url: puppet_ca_proxy.url | ||
true | ||
rescue StandardError => e | ||
failure _('Failed to initialize the PuppetCA proxy: %s') % e, e | ||
end | ||
|
||
# Reset certname based on whether to use uuids or the hostname | ||
def resetCertname | ||
logger.info "Resetting certname for #{name}" | ||
self.certname = Setting[:use_uuid_for_certificates] ? Foreman.uuid : hostname | ||
end | ||
# Removes the host's puppet certificate from the puppetmaster's CA | ||
def delCertificate | ||
logger.info "Remove puppet certificate for #{name}" | ||
puppetca.del_certificate certname | ||
end | ||
|
||
# Adds the host's name to the autosign.conf file | ||
def setAutosign | ||
logger.info "Adding autosign entry for #{name}" | ||
response = puppetca.set_autosign certname | ||
# return if puppetca is using basic autosigning | ||
return response if response.in? [true, false] | ||
unless response.is_a?(Hash) && response['generated_token'].present? | ||
logger.warn "Received an unexpected smart proxy response: #{response}" | ||
return false | ||
# Empty method for rollbacks - maybe in the future we would support creating the certificates directly | ||
def setCertificate | ||
end | ||
puppet.create_puppetca_token value: response['generated_token'] | ||
end | ||
|
||
# Removes the host's name from the autosign.conf file | ||
def delAutosign | ||
logger.info "Delete the autosign entry for #{name}" | ||
puppetca_token.destroy! if puppetca_token.present? | ||
puppetca.del_autosign certname | ||
end | ||
# Reset certname based on whether to use uuids or the hostname | ||
def resetCertname | ||
logger.info "Resetting certname for #{name}" | ||
self.certname = Setting[:use_uuid_for_certificates] ? Foreman.uuid : hostname | ||
end | ||
|
||
private | ||
# Adds the host's name to the autosign.conf file | ||
def setAutosign | ||
logger.info "Adding autosign entry for #{name}" | ||
response = puppetca.set_autosign certname | ||
# return if puppetca is using basic autosigning | ||
return response if response.in? [true, false] | ||
unless response.is_a?(Hash) && response['generated_token'].present? | ||
logger.warn "Received an unexpected smart proxy response: #{response}" | ||
return false | ||
end | ||
puppet.create_puppetca_token value: response['generated_token'] | ||
end | ||
|
||
def queue_puppetca | ||
return log_orchestration_errors unless puppetca? && errors.empty? | ||
return unless Setting[:manage_puppetca] | ||
new_record? ? queue_puppetca_create : queue_puppetca_update | ||
end | ||
# Removes the host's name from the autosign.conf file | ||
def delAutosign | ||
logger.info "Delete the autosign entry for #{name}" | ||
puppetca_token.destroy! if puppetca_token.present? | ||
puppetca.del_autosign certname | ||
end | ||
|
||
def queue_puppetca_certname_reset | ||
post_queue.create(:name => _("Reset PuppetCA certname for %s") % self, :priority => 49, | ||
:action => [self, :resetCertname]) | ||
end | ||
private | ||
|
||
def queue_puppetca_create | ||
post_queue.create(:name => _("Cleanup PuppetCA certificates for %s") % self, :priority => 51, | ||
:action => [self, :delCertificate]) | ||
post_queue.create(:name => _("Enable PuppetCA autosigning for %s") % self, :priority => 55, | ||
:action => [self, :setAutosign]) | ||
end | ||
def queue_puppetca | ||
return log_orchestration_errors unless puppetca? && errors.empty? | ||
return unless Setting[:manage_puppetca] | ||
new_record? ? queue_puppetca_create : queue_puppetca_update | ||
end | ||
|
||
def queue_puppetca_update | ||
if old.build? && !build? | ||
# Host has been built --> remove auto sign | ||
queue_puppetca_autosign_destroy | ||
elsif !old.build? && build? | ||
# Host was set to build mode | ||
# If use_uuid_for_certificates is true, reuse the certname UUID value. | ||
# If false, then reset the certname if it does not match the hostname. | ||
if (Setting[:use_uuid_for_certificates] ? !Foreman.is_uuid?(certname) : certname != hostname) | ||
queue_puppetca_certname_reset | ||
def queue_puppetca_certname_reset | ||
post_queue.create(name: _('Reset PuppetCA certname for %s') % self, priority: 49, | ||
action: [self, :resetCertname]) | ||
end | ||
|
||
def queue_puppetca_create | ||
post_queue.create(name: _('Cleanup PuppetCA certificates for %s') % self, priority: 51, | ||
action: [self, :delCertificate]) | ||
post_queue.create(name: _('Enable PuppetCA autosigning for %s') % self, priority: 55, | ||
action: [self, :setAutosign]) | ||
end | ||
|
||
def queue_puppetca_update | ||
if old.build? && !build? | ||
# Host has been built --> remove auto sign | ||
queue_puppetca_autosign_destroy | ||
elsif !old.build? && build? | ||
# Host was set to build mode | ||
# If use_uuid_for_certificates is true, reuse the certname UUID value. | ||
# If false, then reset the certname if it does not match the hostname. | ||
queue_puppetca_certname_reset if Setting[:use_uuid_for_certificates] ? !Foreman.is_uuid?(certname) : certname != hostname | ||
queue_puppetca_autosign_destroy | ||
queue_puppetca_create | ||
end | ||
queue_puppetca_autosign_destroy | ||
queue_puppetca_create | ||
true | ||
end | ||
true | ||
end | ||
|
||
def queue_puppetca_destroy | ||
return unless puppetca? && errors.empty? | ||
return unless Setting[:manage_puppetca] | ||
post_queue.create(:name => _("Delete PuppetCA certificates for %s") % self, :priority => 59, | ||
:action => [self, :delCertificate]) | ||
queue_puppetca_autosign_destroy | ||
true | ||
end | ||
def queue_puppetca_destroy | ||
return unless puppetca? && errors.empty? | ||
return unless Setting[:manage_puppetca] | ||
post_queue.create(name: _('Delete PuppetCA certificates for %s') % self, priority: 59, | ||
action: [self, :delCertificate]) | ||
queue_puppetca_autosign_destroy | ||
true | ||
end | ||
|
||
def queue_puppetca_autosign_destroy | ||
post_queue.create(:name => _("Disable PuppetCA autosigning for %s") % self, :priority => 50, | ||
:action => [self, :delAutosign]) | ||
def queue_puppetca_autosign_destroy | ||
post_queue.create(name: _('Disable PuppetCA autosigning for %s') % self, priority: 50, | ||
action: [self, :delAutosign]) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
module ForemanPuppet | ||
class Token::Puppetca < ::Token | ||
validates :value, uniqueness: true | ||
module Token | ||
class Puppetca < ::Token | ||
validates :value, uniqueness: true | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.