blob: cb84335886179f30c98ca08155b0b0a95d6f08e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#!/bin/bash
#
# Check puppet fingerprints, hydractl perspective.
#
# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load
# Command line arguments
BASENAME="`basename $0`"
# Execute openssl
function puppet_openssl {
if [ -z "$1" ]; then
return
fi
openssl x509 -text -noout -fingerprint -in $1 | grep "^SHA1 Fingerprint=" | \
sed -e 's/^SHA1 Fingerprint=//'
}
# Print a fingerprint with correct padding.
function print_fingerprint {
if [ -z "$2" ]; then
return
fi
len="`echo $1 | wc -c`"
offset="$((85 - $len))"
printf "$1: %${offset}s\n" "$2"
}
# Master:
#
# openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/ca/signed/fqdn.pem
# openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/certs/ca.pem
#
if [ -d "/var/lib/puppetmaster/ssl" ]; then
if [ -d "/var/lib/puppetmaster/ssl/ca/signed" ]; then
for file in `ls /var/lib/puppetmaster/ssl/ca/signed`; do
fp="`puppet_openssl /var/lib/puppetmaster/ssl/ca/signed/$file`"
print_fingerprint `basename $file .pem` $fp
done
fi
if [ -f "/var/lib/puppetmaster/ssl/certs/ca.pem" ]; then
print_fingerprint ca `puppet_openssl /var/lib/puppetmaster/ssl/certs/ca.pem`
fi
fi
# Node:
#
# openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/fqdn.pem
# openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/ca.pem
#
if [ -d "/var/lib/puppet/ssl" ]; then
fqdn="`facter fqdn`"
print_fingerprint $fqdn `puppet_openssl /var/lib/puppet/ssl/certs/$fqdn.pem`
print_fingerprint ca `puppet_openssl /var/lib/puppet/ssl/certs/ca.pem`
fi
|
