[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, experimental, updated. debian/2.6.8-1-844-g7ec39d5
Jesse Wolfe
jes5199 at gmail.com
Tue May 10 08:04:08 UTC 2011
The following commit has been merged in the experimental branch:
commit 7568b780702d53beabc3fba3017c4c70179aafd7
Author: Jesse Wolfe <jes5199 at gmail.com>
Date: Thu Feb 3 15:43:54 2011 -0800
Maint: move puppet cert --help
diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index 467b0c8..0db968e 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -45,6 +45,117 @@ class Puppet::Application::Cert < Puppet::Application
Puppet::Util::Log.level = :info
end
+ def help
+ <<-HELP
+
+SYNOPSIS
+========
+Stand-alone certificate authority. Capable of generating certificates
+but mostly meant for signing certificate requests from puppet clients.
+
+
+USAGE
+=====
+ puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+ [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
+ [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
+ [--fingerprint] [host]
+
+
+DESCRIPTION
+===========
+Because the puppetmasterd daemon defaults to not signing client
+certificate requests, this script is available for signing outstanding
+requests. It can be used to list outstanding requests and then either
+sign them individually or sign all of them.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet cert with
+'--genconfig'.
+
+all: Operate on all items. Currently only makes sense with
+ '--sign', '--clean', or '--list'.
+
+digest: Set the digest for fingerprinting (defaults to md5). Valid
+ values depends on your openssl and openssl ruby extension
+ version, but should contain at least md5, sha1, md2,
+ sha256.
+
+clean: Remove all files related to a host from puppet cert's
+ storage. This is useful when rebuilding hosts, since new
+ certificate signing requests will only be honored if puppet
+ cert does not have a copy of a signed certificate for that
+ host. The certificate of the host is also revoked. If
+ '--all' is specified then all host certificates, both
+ signed and unsigned, will be removed.
+
+debug: Enable full debugging.
+
+generate: Generate a certificate for a named client. A
+ certificate/keypair will be generated for each client named
+ on the command line.
+
+help: Print this help message
+
+list: List outstanding certificate requests. If '--all' is
+ specified, signed certificates are also listed, prefixed by
+ '+', and revoked or invalid certificates are prefixed by
+ '-' (the verification outcome is printed in parenthesis).
+
+print: Print the full-text version of a host's certificate.
+
+fingerprint: Print the DIGEST (defaults to md5) fingerprint of a host's
+ certificate.
+
+revoke: Revoke the certificate of a client. The certificate can be
+ specified either by its serial number, given as a decimal
+ number or a hexadecimal number prefixed by '0x', or by its
+ hostname. The certificate is revoked by adding it to the
+ Certificate Revocation List given by the 'cacrl' config
+ parameter. Note that the puppetmasterd needs to be
+ restarted after revoking certificates.
+
+sign: Sign an outstanding certificate request. Unless '--all' is
+ specified, hosts must be listed after all flags.
+
+verbose: Enable verbosity.
+
+version: Print the puppet version number and exit.
+
+verify: Verify the named certificate against the local CA
+ certificate.
+
+
+EXAMPLE
+=======
+ $ puppet cert -l
+ culain.madstop.com
+ $ puppet cert -s culain.madstop.com
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+ HELP
+ end
+
def main
if @all
hosts = :all
diff --git a/lib/puppet/util/command_line/puppetca b/lib/puppet/util/command_line/puppetca
deleted file mode 100755
index 317d998..0000000
--- a/lib/puppet/util/command_line/puppetca
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Stand-alone certificate authority. Capable of generating certificates
-# but mostly meant for signing certificate requests from puppet clients.
-#
-# = Usage
-#
-# puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
-# [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
-# [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
-# [--fingerprint] [host]
-#
-# = Description
-#
-# Because the puppetmasterd daemon defaults to not signing client certificate
-# requests, this script is available for signing outstanding requests. It
-# can be used to list outstanding requests and then either sign them individually
-# or sign all of them.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument. For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet cert with
-# '--genconfig'.
-#
-# all::
-# Operate on all items. Currently only makes sense with '--sign',
-# '--clean', or '--list'.
-#
-# digest::
-# Set the digest for fingerprinting (defaults to md5). Valid values depends
-# on your openssl and openssl ruby extension version, but should contain at
-# least md5, sha1, md2, sha256.
-#
-# clean::
-# Remove all files related to a host from puppet cert's storage. This is
-# useful when rebuilding hosts, since new certificate signing requests
-# will only be honored if puppet cert does not have a copy of a signed
-# certificate for that host. The certificate of the host is also revoked.
-# If '--all' is specified then all host certificates, both signed and
-# unsigned, will be removed.
-#
-# debug::
-# Enable full debugging.
-#
-# generate::
-# Generate a certificate for a named client. A certificate/keypair will be
-# generated for each client named on the command line.
-#
-# help::
-# Print this help message
-#
-# list::
-# List outstanding certificate requests. If '--all' is specified,
-# signed certificates are also listed, prefixed by '+', and revoked
-# or invalid certificates are prefixed by '-' (the verification outcome
-# is printed in parenthesis).
-#
-# print::
-# Print the full-text version of a host's certificate.
-#
-# fingerprint::
-# Print the DIGEST (defaults to md5) fingerprint of a host's certificate.
-#
-# revoke::
-# Revoke the certificate of a client. The certificate can be specified
-# either by its serial number, given as a decimal number or a hexadecimal
-# number prefixed by '0x', or by its hostname. The certificate is revoked
-# by adding it to the Certificate Revocation List given by the 'cacrl'
-# config parameter. Note that the puppetmasterd needs to be restarted
-# after revoking certificates.
-#
-# sign::
-# Sign an outstanding certificate request. Unless '--all' is specified,
-# hosts must be listed after all flags.
-#
-# verbose::
-# Enable verbosity.
-#
-# version::
-# Print the puppet version number and exit.
-#
-# verify::
-# Verify the named certificate against the local CA certificate.
-#
-# = Example
-#
-# $ puppet cert -l
-# culain.madstop.com
-# $ puppet cert -s culain.madstop.com
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:cert].run
--
Puppet packaging for Debian
More information about the Pkg-puppet-devel
mailing list