aboutsummaryrefslogtreecommitdiff
path: root/share/hydractl/puppet-finger
blob: 010cca1f1a4f1e0a4868acef996e1e77f7aa7a5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
#
# Check puppet fingerprints, hydractl perspective.
#

# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load

# Command line arguments
BASENAME="`basename $0`"

# Execute openssl
function puppet_openssl {
  if [ -z "$1" ]; then
    return
  fi

  openssl x509 -text -noout -fingerprint -in $1 | grep "^SHA1 Fingerprint="
}

# Master:
#
#  openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/ca/signed/fqdn.pem
#  openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/certs/ca.pem
#
if [ -d "/var/lib/puppetmaster/ssl" ]; then
  if [ -d "/var/lib/puppetmaster/ssl/ca/signed" ]; then
    for file in `ls /var/lib/puppetmaster/ssl/ca/signed`; do
      fp="`puppet_openssl $file`"
      echo "`basename $file .pem`: $fp"
    done
  fi

  if [ -f "/var/lib/puppetmaster/ssl/certs/ca.pem" ]; then
    echo "ca: `puppet_openssl /var/lib/puppetmaster/ssl/certs/ca.pem`"
  fi
fi

# Node:
#
#  openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/fqdn.pem
#  openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/ca.pem
#
if [ -d "/var/lib/puppet/ssl" ]; then
  fqdn="`facter fqdn`"
  fp="`puppet_openssl /var/lib/puppet/ssl/certs/$fqdn.pem`"
  echo "$fqdn: $fp"

  echo "ca: `puppet_openssl /var/lib/puppet/ssl/certs/ca.pem`"
fi