[PATCH] fixup puppet minions a bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

add a puppet_signed_certs_dir option to point to where puppet stores
the pem files. This is necessary in order to completely know about hosts
which were not revoked but were --cleaned from the puppetdb

also make sure we're looking for revoked serials only after sorting
for the latest serials per host.
---
 func/commonconfig.py    |    1 +
 func/overlord/client.py |   14 +++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/func/commonconfig.py b/func/commonconfig.py
index f35d576..76607a4 100644
--- a/func/commonconfig.py
+++ b/func/commonconfig.py
@@ -44,6 +44,7 @@ class OverlordConfig(BaseConfig):
     ca_file = Option('')
     puppet_minions = BoolOption(False)
     puppet_inventory = Option('/var/lib/puppet/ssl/ca/inventory.txt')
+    puppet_signed_certs_dir = Option('/var/lib/puppet/ssl/ca/signed')
     puppet_crl = Option('/var/lib/puppet/ssl/ca/ca_crl.pem')
     host_down_list = Option('/var/lib/func/hosts_down.lst')
     
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 27a92c7..d92dce1 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -281,8 +281,6 @@ class PuppetMinions(Minions):
         tmp_certs = set()
         tmp_hosts = set()
         
-        # revoked certs
-        revoked_serials = self._return_revoked_serials(self.overlord_config.puppet_crl)
         # get all hosts
         if os.access(self.overlord_config.puppet_inventory, os.R_OK):
             fo = open(self.overlord_config.puppet_inventory, 'r')
@@ -293,8 +291,6 @@ class PuppetMinions(Minions):
                 if re.match('\s*(#|$)', line):
                     continue
                 (serial, before, after, cn) = line.split()
-                if int(serial, 16) in revoked_serials:
-                    continue
                 before = time.strftime('%s', time.strptime(before, time_format))
                 if now < int(before):
                     continue
@@ -308,8 +304,16 @@ class PuppetMinions(Minions):
                     if host_inv[hn] > serial:
                         continue
                 host_inv[hn] = serial
-
+            fo.close()
+            
+            # revoked certs
+            revoked_serials = self._return_revoked_serials(self.overlord_config.puppet_crl)
             for hostname in host_inv.keys():
+                if int(host_inv[hostname], 16) in revoked_serials:
+                    continue
+                pempath = '%s/%s.pem' % (self.overlord_config.puppet_signed_certs_dir, hostname)
+                if not os.path.exists(pempath):
+                    continue
                 if fnmatch.fnmatch(hostname, each_gloob):
                     tmp_hosts.add(hostname)
                     # don't return certs path - just hosts
-- 
1.6.6

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux