sbin/itzks-puppet-renew-ssl: Add support for manual interaction with puppetserver (in case SSH pub/priv key authentication is not available when fixing a host).

1 files changed, 19 insertions, 2 deletions

diff --git a/sbin/itzks-puppet-renew-ssl b/sbin/itzks-puppet-renew-ssl
index 3b2dcbf..51f2007 100755
--- a/sbin/itzks-puppet-renew-ssl
+++ b/sbin/itzks-puppet-renew-ssl
@@ -26,13 +26,30 @@ if [[ -z "${HOSTNAME}" ]]; then
 	exit 1
 fi
 
+root_can_ssh_into_puppetserver=true
+ssh puppetserver -o PasswordAuthentication=no echo "TEST: puppetserver SSH login test successful" 2>/dev/null || {
+	echo "TEST: puppetserver SSH login not successful"
+	root_can_ssh_into_puppetserver=false
+}
+
 itzks-puppet-reset-ssl
 
-ssh puppetserver itzks-puppetserver-clean-hosts-from-ca "${HOSTNAME}"
+if [[ "${root_can_ssh_into_puppetserver}" = "true" ]]; then
+	ssh puppetserver itzks-puppetserver-clean-hosts-from-ca "${HOSTNAME}"
+else
+	echo "ON PUPPETSERVER: please run as root: 'itzks-puppetserver-clean-hosts-from-ca ${HOSTNAME}'"
+	read -p "PRESS ANY KEY WHEN DONE"
+fi
 
 puppet agent --test --waitforcert 0
 
-ssh puppetserver itzks-puppetserver-autosign-new-hosts-certificates "${HOSTNAME}"
+
+if [[ "${root_can_ssh_into_puppetserver}" = "true" ]]; then
+	ssh puppetserver itzks-puppetserver-autosign-new-host-certificates "${HOSTNAME}"
+else
+	echo "ON PUPPETSERVER: please run as root: 'itzks-puppetserver-autosign-new-host-certificates ${HOSTNAME}'"
+	read -p "PRESS ANY KEY WHEN DONE"
+fi
 
 puppet agent --test
 puppet agent --enable