Class Puppet::SSL::Host
In: lib/puppet/ssl/host.rb
Parent: Object

The class that manages all aspects of our SSL certificates — private keys, public keys, requests, etc.

Methods

ca?   ca_location=   ca_name   certificate   certificate_matches_key?   certificate_request   configure_indirection   destroy   generate   generate_certificate_request   generate_key   key   new   public_key   search   ssl_store   wait_for_cert  

Included Modules

Puppet::Util::Cacher

Constants

Key = Puppet::SSL::Key   Yay, ruby‘s strange constant lookups.
CA_NAME = Puppet::SSL::CA_NAME
Certificate = Puppet::SSL::Certificate
CertificateRequest = Puppet::SSL::CertificateRequest
CertificateRevocationList = Puppet::SSL::CertificateRevocationList
CA_MODES = { # Our ca is local, so we use it as the ultimate source of information # And we cache files locally. :local => [:ca, :file], # We're a remote CA client. :remote => [:rest, :file], # We are the CA, so we don't have read/write access to the normal certificates. :only => [:ca], # We have no CA, so we just look in the local file store. :none => [:file]

Attributes

ca  [RW] 
ca_location  [R] 
certificate  [W] 
certificate_request  [W] 
key  [W] 
name  [R] 

Public Class methods

ca_location=(mode)

Specify how we expect to interact with our certificate authority.

ca_name()

This is the constant that people will use to mark that a given host is a certificate authority.

configure_indirection(terminus, cache = nil)

Configure how our various classes interact with their various terminuses.

destroy(name)

Remove all traces of a given host

search(options = {})

Search for more than one host, optionally only specifying an interest in hosts with a given file type. This just allows our non-indirected class to have one of indirection methods.

Public Instance methods

ca?()

Is this a ca host, meaning that all of its files go in the CA location?

generate()

Generate all necessary parts of our ssl host.

generate_certificate_request()

Our certificate request requires the key but that‘s all.

generate_key()

This is the private key; we can create it from scratch with no inputs.

public_key()

Extract the public key from the private key.

ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)

Create/return a store that uses our SSL info to validate connections.

wait_for_cert(time)

Attempt to retrieve a cert, if we don‘t already have one.

[Validate]