1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
require 'openssl'
# Time constants in seconds
HOUR = 60 * 60
DAY = 24 * HOUR
YEAR = 365 * DAY
# Retrieve CA Certificate from the given host
#
# @param [Host] host single Beaker::Host
#
# @return [OpenSSL::X509::Certificate] Certificate object
def get_ca_cert_on(host)
if host[:roles].include? 'master' then
dir = on(host, puppet('config', 'print', 'cadir')).stdout.chomp
ca_path = "#{dir}/ca_crt.pem"
else
dir = on(host, puppet('config', 'print', 'certdir')).stdout.chomp
ca_path = "#{dir}/ca.pem"
end
on(host, "cat #{ca_path}") do |result|
cert = OpenSSL::X509::Certificate.new(result.stdout)
return cert
end
end
# Execute `date` command on host with optional arguments
# and get back a Ruby Time object
#
# @param [Host] host single Beaker::Host to run the command on
# @param [Array<String>] args Array of arguments to be appended to the
# `date` command
# @return [Time] Ruby Time object
def get_time_on(host, args = [])
arg_string = args.join(' ')
date = on(host, "date #{arg_string}").stdout.chomp
return Time.parse(date)
end
# Retrieve the CA enddate on a given host as a Ruby time object
#
# @param [Host] host single Beaker::Host to get CA enddate from
#
# @return [Time] Ruby Time object, or nil if error
def get_ca_enddate_time_on(host)
cert = get_ca_cert_on(host)
return cert.not_after if cert
return nil
end
# Retrieve the current ca_serial value for `puppet certgen ca` on a given host
#
# @param [Host] host single Beaker::Host to get ca_serial from
#
# @return [String] ca_serial in hexadecimal, or nil if error
def get_ca_serial_id_on(host)
cert = get_ca_cert_on(host)
return cert.serial.to_s(16) if cert
return nil
end
# Patch puppet to get around the date check validation.
#
# This method is used to patch puppet in order to prevent it from failing to
# create a CA if the system clock is turned back in time by years. The same
# method is used to reverse the patch with the `reverse` parameter.
#
# @param [Host] host single Beaker::Host to run the command on
# @param [String] reverse causes the patch to be reversed
def patch_puppet_date_check_on(host, reverse=nil)
reverse = '--reverse' if reverse
apply_manifest_on(host, 'package { "patch": ensure => present}')
interface_documentation_file = "/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/interface/documentation.rb"
patch =<<EOF
305c305
< raise ArgumentError, "copyright with a year \#{fault} is very strange; did you accidentally add or subtract two years?"
---
> #raise ArgumentError, "copyright with a year \#{fault} is very strange; did you accidentally add or subtract two years?"
EOF
patch_file = host.tmpfile('iface_doc_patch')
create_remote_file(host, patch_file, patch)
on(host, "patch #{reverse} #{interface_documentation_file} < #{patch_file}", :acceptable_exit_codes => [0,1])
end
|
