(PUP-11428) Log that we're exiting if a daemonized agent can't get its cert

Previously the state machine printed that it was exiting to stdout, which is
fine for foreground runs. But when running daemonized, stdout is redirected to
/dev/null, so there wasn't an indication that we were exiting. Now when running
daemonized write the message to puppet's logging system, so it ends up in syslog.

Author: joshcooper

lib/puppet/ssl/state_machine.rb

@@ -27,6 +27,15 @@ def to_error(message, cause)
       detail.set_backtrace(cause.backtrace)
       Error.new(@machine, message, detail)
     end
+
+    def log_error(message)
+      # When running daemonized we set stdout to /dev/null, so write to the log instead
+      if Puppet[:daemonize]
+        Puppet.err(message)
+      else
+        $stdout.puts(message)
+      end
+    end
   end
 
   # Load existing CA certs or download them. Transition to NeedCRLs.
@@ -270,10 +279,10 @@ def initialize(machine)
     def next_state
       time = @machine.waitforcert
       if time < 1
-        puts _("Exiting now because the waitforcert setting is set to 0.")
+        log_error(_("Exiting now because the waitforcert setting is set to 0."))
         exit(1)
       elsif Time.now.to_i > @machine.wait_deadline
-        puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Exiting now because the maxwaitforcert timeout has been exceeded.") % {name: Puppet[:certname] }
+        log_error(_("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Exiting now because the maxwaitforcert timeout has been exceeded.") % {name: Puppet[:certname] })
         exit(1)
       else
         Puppet.info(_("Will try again in %{time} seconds.") % {time: time})

spec/unit/ssl/state_machine_spec.rb

@@ -27,6 +27,7 @@
   let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
 
   before(:each) do
+    Puppet[:daemonize] = false
     Puppet[:ssl_lockfile] = tmpfile('ssllock')
     allow(Kernel).to receive(:sleep)
   end