Via outset

bootstrap_pupppetcerts.py

#!/usr/bin/python
"""bootstraps puppet, which gets munki ready for SSL, 
and runs the munki function that shoves puppet's CA into the sys keychain.
Assumes this is at /Library/MMCSupport/bootstrap_puppet.py, 
and called by outset(github.com/chilcote/outset)'s boot-every option"""

import os
import shutil
import subprocess
import sys
import time

sys.path.append('/usr/local/munki/munkilib')
import keychain

def main():
    """gimme some main"""
    print "Starting puppet bootstrap process\n"
    munkipath = '/Users/Shared/.com.googlecode.munki.checkandinstallatstartup'
    puppet_cmd = ['/opt/puppetlabs/bin/puppet', 'agent', '-t']
    while True:
        if os.path.exists(munkipath):
            print 'Sleeping another 15...'
            time.sleep(15)
        else:
            break
    print "Enough sleep, running puppet bootstrap"
    code = subprocess.check_call(puppet_cmd)
    print "\nPuppet bootstrap should be complete, seeding certs"
    # Uses munkilib's keychain module to inject into system keychain using puppet-set prefs
    keychain.add_ca_certs_to_system_keychain()
    shutil.move(sys.argv[0], '/Library/MMCSupport/bootstrap_puppet.py')
    sys.exit(code)

if __name__ == '__main__':
    main()