[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, experimental, updated. debian/2.6.8-1-844-g7ec39d5

nfagerlund nick.fagerlund at gmail.com
Tue May 10 08:14:51 UTC 2011 

The following commit has been merged in the experimental branch:
commit ca9d68f2aa846d4d8c57f272e990115c9642e9e1
Author: nfagerlund <nick.fagerlund at gmail.com>
Date:   Thu Apr 14 15:33:33 2011 -0700

    (#6408) Update puppet cert help for new subcommand action syntax.
    
    Puppet cert now allows bareword actions, which brings it more in-line with the
    Faces subcommands. Updating the help text accordingly.

diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index c087753..162672b 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -61,9 +61,8 @@ but mostly used for signing certificate requests from puppet clients.
 
 USAGE
 -----
-puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
-  [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] [-p|--print]
-  [-c|--clean] [--verify] [--digest <digest>] [--fingerprint] [host]
+puppet cert <action> [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+  [--digest <digest>] [<host>]
 
 
 DESCRIPTION
@@ -73,6 +72,51 @@ certificate requests, this script is available for signing outstanding
 requests. It can be used to list outstanding requests and then either
 sign them individually or sign all of them.
 
+ACTIONS
+-------
+
+Every action except 'list' and 'generate' requires a hostname to act on,
+unless the '--all' option is set.
+
+* clean:
+  Revoke a host's certificate (if applicable) and remove all files
+  related to that host from puppet cert's storage. This is useful when
+  rebuilding hosts, since new certificate signing requests will only be
+  honored if puppet cert does not have a copy of a signed certificate
+  for that host. If '--all' is specified then all host certificates,
+  both signed and unsigned, will be removed.
+
+* fingerprint:
+  Print the DIGEST (defaults to md5) fingerprint of a host's
+  certificate.
+
+* generate:
+  Generate a certificate for a named client. A certificate/keypair will
+  be generated for each client named on the command line.
+
+* list:
+  List outstanding certificate requests. If '--all' is specified, signed
+  certificates are also listed, prefixed by '+', and revoked or invalid
+  certificates are prefixed by '-' (the verification outcome is printed
+  in parenthesis).
+
+* print:
+  Print the full-text version of a host's certificate.
+
+* revoke:
+  Revoke the certificate of a client. The certificate can be specified
+  either by its serial number (given as a decimal number or a
+  hexadecimal number prefixed by '0x') or by its hostname. The
+  certificate is revoked by adding it to the Certificate Revocation List
+  given by the 'cacrl' configuration option. Note that the puppet master
+  needs to be restarted after revoking certificates.
+
+* sign:
+  Sign an outstanding certificate request.
+
+* verify:
+  Verify the named certificate against the local CA certificate.
+
 
 OPTIONS
 -------
@@ -88,72 +132,32 @@ configuration options can also be generated by running puppet cert with
 '--genconfig'.
 
 * --all:
-  Operate on all items. Currently only makes sense with '--sign',
-  '--clean', or '--list'.
+  Operate on all items. Currently only makes sense with the 'sign',
+  'clean', 'list', and 'fingerprint' actions.
 
 * --digest:
   Set the digest for fingerprinting (defaults to md5). Valid values
   depends on your openssl and openssl ruby extension version, but should
   contain at least md5, sha1, md2, sha256.
 
-* --clean:
-  Remove all files related to a host from puppet cert's storage. This is
-  useful when rebuilding hosts, since new certificate signing requests
-  will only be honored if puppet cert does not have a copy of a signed
-  certificate for that host. The certificate of the host is also
-  revoked. If '--all' is specified then all host certificates, both
-  signed and unsigned, will be removed.
-
 * --debug:
   Enable full debugging.
 
-* --generate:
-  Generate a certificate for a named client. A certificate/keypair will
-  be generated for each client named on the command line.
-
 * --help:
   Print this help message
 
-* --list:
-  List outstanding certificate requests. If '--all' is specified, signed
-  certificates are also listed, prefixed by '+', and revoked or invalid
-  certificates are prefixed by '-' (the verification outcome is printed
-  in parenthesis).
-
-* --print:
-  Print the full-text version of a host's certificate.
-
-* --fingerprint:
-  Print the DIGEST (defaults to md5) fingerprint of a host's
-  certificate.
-
-* --revoke:
-  Revoke the certificate of a client. The certificate can be specified
-  either by its serial number, given as a decimal number or a
-  hexadecimal number prefixed by '0x', or by its hostname. The
-  certificate is revoked by adding it to the Certificate Revocation List
-  given by the 'cacrl' config parameter. Note that the puppetmasterd
-  needs to be restarted after revoking certificates.
-
-* --sign:
-  Sign an outstanding certificate request. Unless '--all' is specified,
-  hosts must be listed after all flags.
-
 * --verbose:
   Enable verbosity.
 
 * --version:
   Print the puppet version number and exit.
 
-* --verify:
-  Verify the named certificate against the local CA certificate.
-
 
 EXAMPLE
 -------
-    $ puppet cert -l
+    $ puppet cert list
     culain.madstop.com
-    $ puppet cert -s culain.madstop.com
+    $ puppet cert sign culain.madstop.com
 
 
 AUTHOR

-- 
Puppet packaging for Debian

More information about the Pkg-puppet-devel mailing list