sbin/*puppet*: Rework puppet client/ca maintenance scripts.

1 files changed, 49 insertions, 0 deletions

diff --git a/sbin/itzks-puppetserver-list-known-hosts b/sbin/itzks-puppetserver-list-known-hosts
new file mode 100755
index 0000000..49d63d7
--- /dev/null
+++ b/sbin/itzks-puppetserver-list-known-hosts
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Copyright (C) 2022-2025 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+if [ $(id -u) -gt 0 ]; then
+        echo "ERROR: This script has to run as super-user root."
+        exit 1
+fi
+
+PUPPET_SERVER="puppetserver.intern"
+TJENER_SERVER="tjener.intern"
+
+if [ "${HOSTNAME}" != "${PUPPET_SERVER}" ] && [ "${HOSTNAME}" != "${TJENER_SERVER}" ]; then
+        echo "$(basename $0): Error: This script may only be run on 'tjener.intern' or 'puppetserver.intern'."
+        exit -1
+fi
+
+source /etc/os-release
+
+if [ "${ID}" = "debian" ] && \
+   ([ "${VERSION_CODENAME}" == "stretch" ] || \
+    [ "${VERSION_CODENAME}" == "buster" ] || \
+    [ "${VERSION_CODENAME}" == "bullseye" ]); then
+
+	SIGNED_CERTS_PATH="/var/lib/puppet/ssl/ca/signed"
+
+else
+
+	SIGNED_CERTS_PATH="/etc/puppet/puppetserver/ca/signed"
+
+}
+
+ls "${SIGNED_CERTS_PATH}" | cut -d "." -f1-2 | while read host; do
+	getent hosts $host
+done  | grep 10.