diff options
| author | Luke Kanies <luke@madstop.com> | 2007-11-24 14:55:01 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2007-11-24 14:55:01 -0600 |
| commit | 1b7f0ee67a7589e824c705c4f6f06fd6c59bc586 (patch) | |
| tree | 6f8ae366bf64e71e3f37bf73a2664be320b13ab2 | |
| parent | e53693e3ff244f8e782b5dc863aa659d46f9a286 (diff) | |
| parent | 8de1412d97ac9d80500efb5cb94451ab67908448 (diff) | |
| download | puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.tar.gz puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.tar.xz puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.zip | |
Merge branch 'wombles-patches'
34 files changed, 806 insertions, 85 deletions
@@ -1,3 +1,8 @@ + Empty dbserver and dbpassword settings will now be ignored when + initializing Rails connections (patch by womble). + + Configuration settings can now be blank (patch by womble). + Added calls to endpwent/endgrent when searching for user and group IDs, which fixes #791. diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 000000000..49b373b40 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,9 @@ +The debian/ directory for this package is maintained in bzr. There are two +primary branches, kept by each maintainer: + +http://www.hezmatt.org/~mpalmer/bzr/puppet.debian (mpalmer) +http://repo.spacepants.org/puppet/puppet.debian (jaq) + +Typically all the changes will be in one (or both) of these branches. They +merge from each other on a regular basis, and the canonical version for a +release just depends on who actually made the upload. diff --git a/debian/TODO.Debian b/debian/TODO.Debian new file mode 100644 index 000000000..ac70b97be --- /dev/null +++ b/debian/TODO.Debian @@ -0,0 +1 @@ +* clean up initscripts per http://mail.madstop.com/pipermail/puppet-dev/2006-June/001069.html diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..1a33e55c3 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,146 @@ +puppet (0.23.2-5) unstable; urgency=low + + * Add some NEWS for the ssldir transition. Should have done that earlier. + * Remove the explicit mode change for vardir, and fix up the mode on + statedir, as well. Closes: #425496. + * Only set some database parameters if they're explicitly set; this makes + life easier for PgSQL ident auth. + * Allow empty config options. + + -- Matthew Palmer <mpalmer@debian.org> Thu, 13 Sep 2007 11:09:59 +1000 + +puppet (0.23.2-4) unstable; urgency=low + + * Fix puppet#776 in a slightly better way by only flushing the cache when + a value is changed, rather than whenever a value is read. + * Apply patch from puppet#755 to cache connections to the Puppetmaster, + which improves performance by more than a little. + * Modify the fileserver so that it provides a 'plugins' mount which + exports the union of the plugins directory of all modules. + + -- Matthew Palmer <mpalmer@debian.org> Fri, 31 Aug 2007 15:32:04 +1000 + +puppet (0.23.2-3) unstable; urgency=low + + * Clear the config value cache every time. This is a titchy little + performance hit, but it works around puppet#776 rather nicely. + + -- Matthew Palmer <mpalmer@debian.org> Fri, 24 Aug 2007 16:08:04 +1000 + +puppet (0.23.2-2) unstable; urgency=low + + * Move the SSL state directory to a more policy-friendly location, + /var/lib/puppet/ssl. + + -- Matthew Palmer <mpalmer@debian.org> Tue, 21 Aug 2007 12:54:40 +1000 + +puppet (0.23.2-1) unstable; urgency=low + + * New upstream release. + + -- Matthew Palmer <mpalmer@debian.org> Tue, 7 Aug 2007 12:47:49 +1000 + +puppet (0.23.1-1) unstable; urgency=low + + * New upstream release. + * Switch primary maintainer to me. Thanks jaq. + * Make the recommendation for rails >= 1.2.3-2, to avoid + incompatibilities. This breaks compatibility with stable, but the rails + package from unstable should install cleanly in stable. Closes: #433999 + + -- Matthew Palmer <mpalmer@debian.org> Sat, 21 Jul 2007 16:34:36 +1000 + +puppet (0.23.0-1) unstable; urgency=low + + * New upstream release. + - Includes a new configuration file handling system; see NEWS.Debian. + + -- Matthew Palmer <mpalmer@debian.org> Mon, 25 Jun 2007 09:55:12 +1000 + +puppet (0.22.4-2) unstable; urgency=low + + * Depend on libshadow-ruby1.8, for new password modification functionality + added to upstream 0.22.4. + * Several improvements from Micah Anderson: + - Better vim syntax installation process. + - Install Emacs syntax highlighting. + - Install logcheck rules. Closes: #421851. + + -- Matthew Palmer <mpalmer@debian.org> Thu, 3 May 2007 15:04:15 +1000 + +puppet (0.22.4-1) unstable; urgency=low + + * New upstream release. + + -- Matthew Palmer <mpalmer@debian.org> Wed, 2 May 2007 12:20:15 +1000 + +puppet (0.22.3-1) unstable; urgency=low + + * New upstream release. Closes: #415773. + * Switch to using our own logrotate config, and enhance it as per + David Schmitt's suggestions. Closes: #414282. + * Add puppetrun to the puppetmaster package, and actually put puppetdoc + into the puppet package. Closes: #419273. + * Copy vim syntax highlighting file into the puppet package, and add a + stanza to have Vim automatically highlight .pp files. Closes: #412868. + Thanks to David Schmitt for researching how to do all of that. + * Add a templatedir setting to the default puppetmasterd.conf to make it + obvious that it can be changed. Closes: #407506. + + -- Matthew Palmer <mpalmer@debian.org> Wed, 18 Apr 2007 14:03:33 +1000 + +puppet (0.22.1-1) unstable; urgency=low + + * New upstream release. + + -- Matthew Palmer <mpalmer@debian.org> Fri, 2 Feb 2007 09:06:46 +1100 + +puppet (0.22.0-1) unstable; urgency=low + + * New upstream release. + * Use --startas instead of --init in init scripts, which (according to + Paul Hampson) makes checking for already-running instances work. + Closes: #405912. + + -- Matthew Palmer <mpalmer@debian.org> Mon, 8 Jan 2007 08:41:35 +1100 + +puppet (0.20.1-1) unstable; urgency=low + + * New upstream release. (Closes: #387674) + * Rationalise the puppetmasterd init script. + * Add inclusion of /etc/default files for init scripts. (Closes: #388178) + * Add puppet.conf to match puppetd.conf. (Closes: #385646) + + -- Matthew Palmer <mpalmer@debian.org> Thu, 30 Nov 2006 10:54:19 +1100 + +puppet (0.18.4-1) unstable; urgency=low + + * New upstream release. + - Properly detect all services, including those in rcS.d. + (Closes: #378351) + * Add Homepage: to the long description. (Closes: #377896) + + -- Matthew Palmer <mpalmer@debian.org> Mon, 24 Jul 2006 19:46:06 +1000 + +puppet (0.18.3-1) unstable; urgency=low + + * New upstream version. + - Set DEBIAN_FRONTEND=noninteractive when installing Debian packages. + (Closes: #378338) + + -- Matthew Palmer <mpalmer@debian.org> Sun, 16 Jul 2006 10:58:50 +1000 + +puppet (0.18.1-1) unstable; urgency=low + + * Make Puppet not wait for a cert at all (to prevent startup hangs). + * Cleanup the init scripts to not have NO_START detritus. + * Apply puppet.debian-frontend, to set DEBIAN_FRONTEND=noninteractive on + package installation. + + -- Matthew Palmer <mpalmer@debian.org> Tue, 27 Jun 2006 15:05:32 +1000 + +puppet (0.18.0-1) unstable; urgency=low + + * Initial release. (Closes: #348625) + + -- Matthew Palmer <mpalmer@debian.org> Wed, 24 May 2006 13:10:01 +1000 diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..b8626c4cf --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..879c9770c --- /dev/null +++ b/debian/control @@ -0,0 +1,45 @@ +Source: puppet +Section: admin +Priority: optional +Maintainer: Matthew Palmer <mpalmer@debian.org> +Uploaders: Jamie Wilkinson <jaq@debian.org>, Matthew Palmer <mpalmer@debian.org> +Build-Depends-Indep: debhelper (>= 4.0.0), ruby (>= 1.8.1) +Standards-Version: 3.6.2 + +Package: puppet +Architecture: all +Depends: ruby (>= 1.8.1), libxmlrpc-ruby, libopenssl-ruby, libshadow-ruby1.8, adduser, facter, lsb-base +Recommends: rdoc +Description: centralised configuration management for networks + Puppet lets you centrally manage every important aspect of your system + using a cross-platform specification language that manages all the + separate elements normally aggregated in different files, like users, + cron jobs, and hosts, along with obviously discrete elements like + packages, services, and files. + . + Puppet's simple declarative specification language provides powerful + classing abilities for drawing out the similarities between hosts while + allowing them to be as specific as necessary, and it handles dependency + and prerequisite relationships between objects clearly and explicitly. + . + Homepage: http://reductivelabs.com/projects/puppet + +Package: puppetmaster +Architecture: all +Depends: ruby (>= 1.8.1), puppet (= ${Source-Version}), facter, lsb-base +Recommends: rails (>= 1.2.3-2), rdoc +Description: centralised configuration management control daemon + Puppet lets you centrally manage every important aspect of your system + using a cross-platform specification language that manages all the + separate elements normally aggregated in different files, like users, + cron jobs, and hosts, along with obviously discrete elements like + packages, services, and files. + . + Puppet's simple declarative specification language provides powerful + classing abilities for drawing out the similarities between hosts while + allowing them to be as specific as necessary, and it handles dependency + and prerequisite relationships between objects clearly and explicitly. + . + This package contains the manifest server, 'puppetmaster'. + . + Homepage: http://reductivelabs.com/projects/puppet diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..06bdcab30 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,17 @@ +This package was debianized by Jamie Wilkinson <jaq@debian.org> on +Thu, 27 Apr 2006 10:18:04 +1000. + +It was downloaded from http://reductivelabs.com/downloads/puppet + +Copyright Holder: Luke Kanies <luke@madstop.com> + +License: + +From +http://reductivelabs.com/documents/faq#what-license-is-puppet-released-under: + +Puppet is open source and is released under the GNU Public License. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + diff --git a/debian/docs b/debian/docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README diff --git a/debian/fileserver.conf b/debian/fileserver.conf new file mode 100644 index 000000000..04a51c080 --- /dev/null +++ b/debian/fileserver.conf @@ -0,0 +1,12 @@ +# This file consists of arbitrarily named sections/modules +# defining where files are served from and to whom + +# Define a section 'files' +# Adapt the allow/deny settings to your needs. Order +# for allow/deny does not matter, allow always takes precedence +# over deny +[files] + path /etc/puppet/files +# allow *.example.com +# deny *.evil.example.com +# allow 192.168.0.0/24 diff --git a/debian/puppet.NEWS b/debian/puppet.NEWS new file mode 100644 index 000000000..a712aafd4 --- /dev/null +++ b/debian/puppet.NEWS @@ -0,0 +1,63 @@ +puppet (0.23.2-12) unstable; urgency=low + + * Handling of the rundir setting has been changed; we now store PID files + in /var/run/puppet, and the initscripts have been modified to ensure + that this directory exists on startup. It is no longer necessary to set + rundir explicitly in /etc/puppet/puppet.conf, and you should ensure that + you have no explicit rundir setting in your puppet.conf unless you want + to use a custom rundir setting for your own local purposes. + + -- Matthew Palmer <mpalmer@debian.org> Sat, 20 Oct 2007 11:58:58 +1000 + +puppet (0.23.2-3) unstable; urgency=low + + * This version of Puppet makes a fairly major change to the location of + the CA and certificates, from /etc/puppet/ssl to the more FHS-compliant + location /var/lib/puppet/ssl. This is to be both policy-compliant and + to match the location of the ssldir in other distributions. + + If you have transitioned to using the consolidated puppet.conf config + file, there should be no problems. If you are using a stock + puppet.conf, the change should be made for you automatically, while if + you've customised puppet.conf the ssldir will be left where it is and + you should transition to the new location manually. + + The only source of problems is if you're still using per-program config + files (puppetd.conf, puppetmasterd.conf, etc). I haven't been able to + work out a damage-free way of transitioning to the new location, so + things will likely break for you -- ssldir will have been moved to + /var/lib/puppet/ssl, but your puppet programs will use the + old config file (with the default ssldir of /etc/puppet/ssl. In this + case, you'll likely get all sorts of certificate-related problems. + + The solution is to either switch to using puppet.conf (which is + necessary anyway because support for the deprecated per-program config + files will be going away sometime) with the new ssldir setting, or add + the ssldir setting to all your per-program config files (this includes + creating them for programs that don't already have a config file, like + puppetca.conf). Then delete /etc/puppet/ssl (since it's not needed) and + use the existing SSL data that was moved to /var/lib/puppet/ssl. + + -- Matthew Palmer <mpalmer@debian.org> Fri, 24 Aug 2007 16:08:04 +1000 + +puppet (0.23.0-1) unstable; urgency=low + + * As of upstream 0.23.0, the configuration file layout has been largely + revamped. Now, instead of having one file per program, there is now + a single file, /etc/puppet/puppet.conf, which contains sections for + each program, as well as a "main" section that sets global config + options relevant for all programs. + + See http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for + more info. + + For backwards compatibility, all programs still read the per-program + configuration files, and will ignore the generic puppet.conf file if the + per-program file still exists. To prevent accidents, you will need to + do the configuration change manually, by rewriting puppet.conf to match + your local configuration parameters and then deleting the old files. If + you haven't changed any config parameters, then it should be as simple + as deleting puppetd.conf and puppetmasterd.conf and restarting the + daemons, as the configuration itself hasn't changed between versions. + + -- Matthew Palmer <mpalmer@debian.org> Mon, 25 Jun 2007 10:43:53 +1000 diff --git a/debian/puppet.conf b/debian/puppet.conf new file mode 100644 index 000000000..e17d039bb --- /dev/null +++ b/debian/puppet.conf @@ -0,0 +1,7 @@ +[main] +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl + +[puppetmasterd] +templatedir=/var/lib/puppet/templates diff --git a/debian/puppet.dirs b/debian/puppet.dirs new file mode 100644 index 000000000..95ccc1e1b --- /dev/null +++ b/debian/puppet.dirs @@ -0,0 +1,6 @@ +usr/sbin +usr/lib/ruby/1.8 +var/log/puppet +etc/puppet/files +usr/share/vim/addons/ftdetect +usr/share/vim/vim70/syntax diff --git a/debian/puppet.files b/debian/puppet.files new file mode 100644 index 000000000..d92ac32e9 --- /dev/null +++ b/debian/puppet.files @@ -0,0 +1,6 @@ +usr/bin/puppet +usr/bin/puppetdoc +usr/sbin/puppetd +usr/lib/ruby/1.8/ +var/log/puppet +etc/puppet/puppet.conf diff --git a/debian/puppet.init b/debian/puppet.init new file mode 100644 index 000000000..da9f548cb --- /dev/null +++ b/debian/puppet.init @@ -0,0 +1,55 @@ +#! /bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/puppetd +DAEMON_OPTS="-w 0" +NAME=puppetd +DESC="puppet configuration management tool" + +test -x $DAEMON || exit 0 + +[ -r /etc/default/puppet ] && . /etc/default/puppet + +. /lib/lsb/init-functions + +start_puppet() { + start-stop-daemon --start --quiet --pidfile /var/run/puppet/$NAME.pid \ + --startas $DAEMON -- $DAEMON_OPTS +} + +stop_puppet() { + start-stop-daemon --stop --quiet --pidfile /var/run/puppet/$NAME.pid +} + +if [ ! -d /var/run/puppet ]; then + rm -rf /var/run/puppet + mkdir -p /var/run/puppet +fi + +chown puppet:puppet /var/run/puppet + +case "$1" in + start) + log_begin_msg "Starting $DESC" + start_puppet + log_end_msg 0 + ;; + stop) + log_begin_msg "Stopping $DESC" + stop_puppet + log_end_msg 0 + ;; + restart|force-reload) + log_begin_msg "Restarting $DESC" + stop_puppet + sleep 1 + start_puppet + log_end_msg 0 + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/puppet.logrotate b/debian/puppet.logrotate new file mode 100644 index 000000000..3864e396d --- /dev/null +++ b/debian/puppet.logrotate @@ -0,0 +1,11 @@ +/var/log/puppet/*log { + missingok + create 0644 puppet puppet + compress + rotate 4 + + postrotate + [ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster restart >/dev/null 2>&1 || true + [ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true + endscript +} diff --git a/debian/puppet.postinst b/debian/puppet.postinst new file mode 100644 index 000000000..ac765ba85 --- /dev/null +++ b/debian/puppet.postinst @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if [ "$1" = "configure" ]; then + if [ -d /etc/puppet/ssl ] && [ ! -e /var/lib/puppet/ssl ] && grep -q 'ssldir=/var/lib/puppet/ssl' /etc/puppet/puppet.conf; then + mv /etc/puppet/ssl /var/lib/puppet/ssl + fi +fi + +#DEBHELPER# diff --git a/debian/puppet.postrm b/debian/puppet.postrm new file mode 100644 index 000000000..da994c3c3 --- /dev/null +++ b/debian/puppet.postrm @@ -0,0 +1,21 @@ +#! /bin/sh + +case "$1" in + purge) + rm -rf /var/lib/puppet + /usr/sbin/deluser --system puppet + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/puppet.preinst b/debian/puppet.preinst new file mode 100644 index 000000000..ce8e76083 --- /dev/null +++ b/debian/puppet.preinst @@ -0,0 +1,25 @@ +#! /bin/sh + +case "$1" in + install|upgrade) + /usr/sbin/adduser --system \ + --group \ + --home /var/lib/puppet \ + --gecos "Puppet configuration management daemon" \ + puppet > /dev/null + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/puppetmaster.files b/debian/puppetmaster.files new file mode 100644 index 000000000..15bc694b1 --- /dev/null +++ b/debian/puppetmaster.files @@ -0,0 +1,4 @@ +usr/sbin/puppetmasterd +usr/sbin/puppetca +usr/sbin/puppetrun +etc/puppet/ diff --git a/debian/puppetmaster.init b/debian/puppetmaster.init new file mode 100644 index 000000000..ea5c1bafb --- /dev/null +++ b/debian/puppetmaster.init @@ -0,0 +1,58 @@ +#! /bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/puppetmasterd +DAEMON_OPTS="" +NAME=puppetmasterd +DESC="puppet configuration management tool master server" + +test -x $DAEMON || exit 0 + +[ -r /etc/default/puppetmaster ] && . /etc/default/puppetmaster + +. /lib/lsb/init-functions + +if [ ! -d /var/run/puppet ]; then + rm -rf /var/run/puppet + mkdir -p /var/run/puppet +fi + +chown puppet:puppet /var/run/puppet + +start_puppetmaster() { + start-stop-daemon --start --quiet --pidfile /var/run/puppet/$NAME.pid \ + --startas $DAEMON -- $DAEMON_OPTS +} + +stop_puppetmaster() { + start-stop-daemon --stop --quiet --pidfile /var/run/puppet/$NAME.pid +} + +case "$1" in + start) + log_begin_msg "Starting $DESC" + start_puppetmaster + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping $DESC" + stop_puppetmaster + log_end_msg $? + ;; + reload) + # Do nothing, as Puppetmaster rechecks its config automatically + ;; + restart|force-reload) + log_begin_msg "Restarting $DESC" + stop_puppetmaster + sleep 1 + start_puppetmaster + log_end_msg 0 + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100644 index 000000000..69bf3a4af --- /dev/null +++ b/debian/rules @@ -0,0 +1,114 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +INSTALL=install -Dp + +prefix := $(CURDIR)/debian/tmp +bindir := $(prefix)/usr/bin +sbindir := $(prefix)/usr/sbin +libdir := $(prefix)/usr/lib +localstatedir := $(prefix)/var +rubylibdir := $(libdir)/ruby/1.8 +sysconfdir := $(prefix)/etc +pkgconfdir := $(sysconfdir)/puppet + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + touch configure-stamp + + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # ripped from the redhat spec + # this sucks, who wants to maintain this? + # note to self, fix the install.rb to handle DESTDIR and change + # library path + install -d -m0755 $(sbindir) + install -d -m0755 $(bindir) + install -d -m0755 $(rubylibdir) + install -d -m0755 $(pkgconfdir)/manifests + install -d -m0755 $(localstatedir)/lib/puppet + install -d -m0755 $(localstatedir)/run + install -d -m0755 $(localstatedir)/log/puppet + + $(INSTALL) -m0755 bin/puppet bin/puppetdoc $(bindir) + $(INSTALL) -m0755 bin/puppetd bin/puppetmasterd bin/puppetca bin/puppetrun $(sbindir) + $(INSTALL) -m0644 lib/puppet.rb $(rubylibdir)/puppet.rb + cp -a lib/puppet $(rubylibdir) + find $(rubylibdir) -type f -perm +ugo+x -exec chmod a-x {} \; + + $(INSTALL) -m0644 debian/fileserver.conf $(pkgconfdir)/fileserver.conf + $(INSTALL) -m0644 debian/puppet.conf $(pkgconfdir)/puppet.conf + + # Vim auto-syntax-highlighting stuff + $(INSTALL) -m0644 ext/vim/puppet.vim \ + $(CURDIR)/debian/puppet/usr/share/vim/vim70/syntax/puppet.vim + $(INSTALL) -m0644 ext/vim/filetype.vim \ + $(CURDIR)/debian/puppet/usr/share/vim/addons/ftdetect/puppet.vim + + # Emacs keeping up with the Joneses + $(INSTALL) -m0644 ext/emacs/puppet-mode-init.el \ + $(CURDIR)/debian/puppet/etc/emacs/site-start.d/50puppet-mode-init.el + $(INSTALL) -m0644 ext/emacs/puppet-mode.el \ + $(CURDIR)/debian/puppet/usr/share/emacs/site-lisp/puppet-mode.el + + dh_installexamples examples/* + + # Logcheck rules. Gee I wish you could specify a file to source + # in dh_installlogcheck. + cp ext/logcheck/puppet debian/puppet.logcheck.ignore.server + cp ext/logcheck/puppet debian/puppet.logcheck.ignore.workstation + dh_installlogcheck + rm debian/puppet.logcheck.* + + # Clean out any SVN cruft that may still be lingering in our + # packages + find debian/tmp debian/puppet debian/puppetmaster -name .svn |xargs rm -rf + +# Build architecture-dependent files here. +binary-arch: build install + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_movefiles -i + dh_installchangelogs -i CHANGELOG + dh_installdocs -i + dh_installinit -i + dh_installlogrotate -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..29d439f6d --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://reductivelabs.com/downloads/puppet/puppet-([0-9]+\..*)\.tgz diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 9a95c3cab..8edbe31fe 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -55,7 +55,7 @@ module Puppet syslog. Syslog has a fixed list of valid facilities, and you must choose one of those; you cannot just make one up."], :statedir => { :default => "$vardir/state", - :mode => 01777, + :mode => 01755, :desc => "The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts)." @@ -74,7 +74,6 @@ module Puppet :desc => "Where SSL certificates are kept." }, :rundir => { :default => rundir, - :mode => 01777, :desc => "Where Puppet PID files are kept." }, :genconfig => [false, @@ -385,6 +384,8 @@ module Puppet may need to use a FQDN for the server hostname when using a proxy."], :http_proxy_port => [3128, "The HTTP proxy port to use for outgoing connections"], + :http_keepalive => [true, + "Whether to reuse http connections, thus enabling http-keepalive."], :server => ["puppet", "The server to which server puppetd should connect"], :ignoreschedules => [false, diff --git a/lib/puppet/network/client.rb b/lib/puppet/network/client.rb index 7950abe3f..fa48ebfb5 100644 --- a/lib/puppet/network/client.rb +++ b/lib/puppet/network/client.rb @@ -85,9 +85,7 @@ class Puppet::Network::Client @driver = self.class.xmlrpc_client.new(args) - if self.read_cert - @driver.cert_setup(self) - end + self.read_cert # We have to start the HTTP connection manually before we start # sending it requests or keep-alive won't work. @@ -120,7 +118,7 @@ class Puppet::Network::Client # Make sure we set the driver up when we read the cert in. def read_cert if super - @driver.cert_setup(self) if @driver.respond_to?(:cert_setup) + @driver.recycle_connection(self) if @driver.respond_to?(:recycle_connection) return true else return false diff --git a/lib/puppet/network/client/master.rb b/lib/puppet/network/client/master.rb index ea351ddc3..30007d90b 100644 --- a/lib/puppet/network/client/master.rb +++ b/lib/puppet/network/client/master.rb @@ -323,6 +323,7 @@ class Puppet::Network::Client::Master < Puppet::Network::Client :owner => Process.uid, :group => Process.gid, :purge => true, + :force => true, :backup => false } diff --git a/lib/puppet/network/xmlrpc/client.rb b/lib/puppet/network/xmlrpc/client.rb index ab4117b0e..39f149aa8 100644 --- a/lib/puppet/network/xmlrpc/client.rb +++ b/lib/puppet/network/xmlrpc/client.rb @@ -3,6 +3,7 @@ require 'openssl' require 'puppet/external/base64' require 'xmlrpc/client' +require 'net/https' require 'yaml' module Puppet::Network @@ -18,6 +19,42 @@ module Puppet::Network include Puppet::Util::ClassGen end + # Clear our http cache. + def self.clear_http_instances + @@http_cache.clear + end + + # Retrieve a cached http instance of caching is enabled, else return + # a new one. + def self.http_instance(host, port, reset = false) + # We overwrite the uninitialized @http here with a cached one. + key = "%s:%s" % [host, port] + + # Return our cached instance if keepalive is enabled and we've got + # a cache, as long as we're not resetting the instance. + return @@http_cache[key] if ! reset and Puppet[:http_keepalive] and @@http_cache[key] + + args = [host, port] + if Puppet[:http_proxy_host] == "none" + args << nil << nil + else + args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port] + end + @http = Net::HTTP.new(*args) + + # Pop open @http a little; older versions of Net::HTTP(s) didn't + # give us a reader for ca_file... Grr... + class << @http; attr_accessor :ca_file; end + + @http.use_ssl = true + @http.read_timeout = 120 + @http.open_timeout = 120 + + @@http_cache[key] = @http if Puppet[:http_keepalive] + + return @http + end + # Create a netclient for each handler def self.mkclient(handler) interface = handler.interface @@ -25,7 +62,7 @@ module Puppet::Network # Create a subclass for every client type. This is # so that all of the methods are on their own class, - # so that they namespaces can define the same methods if + # so that their namespaces can define the same methods if # they want. constant = handler.name.to_s.capitalize name = namespace.downcase @@ -43,13 +80,14 @@ module Puppet::Network begin call("%s.%s" % [namespace, method.to_s],*args) rescue OpenSSL::SSL::SSLError => detail + if detail.message =~ /bad write retry/ + Puppet.warning "Transient SSL write error; restarting connection and retrying" + self.recycle_connection(@cert_client) + retry + end raise XMLRPCClientError, "Certificates were not trusted: %s" % detail rescue ::XMLRPC::FaultException => detail - #Puppet.err "Could not call %s.%s: %s" % - # [namespace, method, detail.faultString] - #raise XMLRPCClientError, - # "XMLRPC Error: %s" % detail.faultString raise XMLRPCClientError, detail.faultString rescue Errno::ECONNREFUSED => detail msg = "Could not connect to %s on port %s" % @@ -57,13 +95,21 @@ module Puppet::Network raise XMLRPCClientError, msg rescue SocketError => detail Puppet.err "Could not find server %s: %s" % - [@puppet_server, detail.to_s] + [@host, detail.to_s] error = XMLRPCClientError.new( - "Could not find server %s" % @puppet_server + "Could not find server %s" % @host ) error.set_backtrace detail.backtrace raise error + rescue Errno::EPIPE, EOFError + Puppet.warning "Other end went away; restarting connection and retrying" + self.recycle_connection(@cert_client) + retry rescue => detail + if detail.message =~ /^Wrong size\. Was \d+, should be \d+$/ + Puppet.warning "XMLRPC returned wrong size. Retrying." + retry + end Puppet.err "Could not call %s.%s: %s" % [namespace, method, detail.inspect] error = XMLRPCClientError.new(detail.to_s) @@ -82,22 +128,25 @@ module Puppet::Network # Use cert information from a Puppet client to set up the http object. def cert_setup(client) - unless FileTest.exists?(Puppet[:localcacert]) + # Cache it for next time + @cert_client = client + + unless FileTest.exist?(Puppet[:localcacert]) raise Puppet::SSLCertificates::Support::MissingCertificate, "Could not find ca certificate %s" % Puppet[:localcacert] end - # Don't want to overwrite certificates, @http will freeze itself + # We can't overwrite certificates, @http will freeze itself # once started. unless @http.ca_file - @http.ca_file = Puppet[:localcacert] - store = OpenSSL::X509::Store.new - store.add_file Puppet[:localcacert] - store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT - @http.cert_store = store - @http.cert = client.cert - @http.verify_mode = OpenSSL::SSL::VERIFY_PEER - @http.key = client.key + @http.ca_file = Puppet[:localcacert] + store = OpenSSL::X509::Store.new + store.add_file Puppet[:localcacert] + store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT + @http.cert_store = store + @http.cert = client.cert + @http.verify_mode = OpenSSL::SSL::VERIFY_PEER + @http.key = client.key end end @@ -113,30 +162,26 @@ module Puppet::Network hash[:HTTPProxyPort] = nil end - @puppet_server = hash[:Server] - @puppet_port = hash[:Port] - super( hash[:Server], hash[:Path], hash[:Port], - hash[:HTTPProxyHost], # proxy_host - hash[:HTTPProxyPort], # proxy_port + hash[:HTTPProxyHost], + hash[:HTTPProxyPort], nil, # user nil, # password true, # use_ssl 120 # a two minute timeout, instead of 30 seconds ) - - # We overwrite the uninitialized @http here with a cached one. - key = "%s%s" % [hash[:Server], hash[:Port]] - if @@http_cache[key] - @http = @@http_cache[key] - else - @@http_cache[key] = @http - end + @http = self.class.http_instance(@host, @port) end + + def recycle_connection(client) + @http = self.class.http_instance(@host, @port, true) # reset the instance + cert_setup(client) + end + def start @http.start unless @http.started? end diff --git a/lib/puppet/parser/resource/param.rb b/lib/puppet/parser/resource/param.rb index 6bde0674e..9352311d6 100644 --- a/lib/puppet/parser/resource/param.rb +++ b/lib/puppet/parser/resource/param.rb @@ -51,7 +51,7 @@ class Puppet::Parser::Resource::Param #dev_warn if db_values.nil? || db_values.empty? values_to_remove(db_values).each { |remove_me| - Puppet::Rails::ParamValue.delete(remove_me) + Puppet::Rails::ParamValue.delete(remove_me.id) } line_number = line_to_i() values_to_add(db_values).each { |add_me| diff --git a/lib/puppet/rails.rb b/lib/puppet/rails.rb index 55d03b878..bdb3a3cdc 100644 --- a/lib/puppet/rails.rb +++ b/lib/puppet/rails.rb @@ -41,9 +41,9 @@ module Puppet::Rails when "sqlite3": args[:dbfile] = Puppet[:dblocation] when "mysql", "postgresql": - args[:host] = Puppet[:dbserver] - args[:username] = Puppet[:dbuser] - args[:password] = Puppet[:dbpassword] + args[:host] = Puppet[:dbserver] unless Puppet[:dbserver].empty? + args[:username] = Puppet[:dbuser] unless Puppet[:dbuser].empty? + args[:password] = Puppet[:dbpassword] unless Puppet[:dbpassword].empty? args[:database] = Puppet[:dbname] args[:args] = Puppet[:dbsocket] unless Puppet[:dbsocket] == "" else diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index 1db396dc4..bac832812 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -896,7 +896,7 @@ Generated on #{Time.now}. result[section][:_meta] ||= {} when /^\s*#/: next # Skip comments when /^\s*$/: next # Skip blanks - when /^\s*(\w+)\s*=\s*(.+)$/: # settings + when /^\s*(\w+)\s*=\s*(.*)$/: # settings var = $1.intern # We don't want to munge modes, because they're specified in octal, so we'll diff --git a/spec/unit/network/xmlrpc/client.rb b/spec/unit/network/xmlrpc/client.rb new file mode 100755 index 000000000..e20c66c25 --- /dev/null +++ b/spec/unit/network/xmlrpc/client.rb @@ -0,0 +1,69 @@ +#!/usr/bin/env ruby +# +# Created by Luke Kanies on 2007-11-26. +# Copyright (c) 2007. All rights reserved. + +require File.dirname(__FILE__) + '/../../../spec_helper' +require 'puppet/network/xmlrpc/client' + +describe Puppet::Network::XMLRPCClient, " when managing http instances" do + it "should return an http instance created with the passed host and port" do + http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, :open_timeout= => nil + Net::HTTP.expects(:new).with("me", 54321, nil, nil).returns(http) + Puppet::Network::XMLRPCClient.http_instance("me", 54321).should equal(http) + end + + it "should enable ssl on the http instance" do + Puppet::Network::XMLRPCClient.http_instance("me", 54321).use_ssl.should be_true + end + + it "should set the read timeout" do + Puppet::Network::XMLRPCClient.http_instance("me", 54321).read_timeout.should == 120 + end + + it "should set the open timeout" do + Puppet::Network::XMLRPCClient.http_instance("me", 54321).open_timeout.should == 120 + end + + it "should create the http instance with the proxy host and port set if the http_proxy is not set to 'none'" do + Puppet.settings.stubs(:value).with(:http_keepalive).returns(true) + Puppet.settings.stubs(:value).with(:http_proxy_host).returns("myhost") + Puppet.settings.stubs(:value).with(:http_proxy_port).returns(432) + Puppet::Network::XMLRPCClient.http_instance("me", 54321).open_timeout.should == 120 + end + + it "should default to keep-alive being enabled" do + Puppet.settings[:http_keepalive].should be_true + end + + it "should cache http instances if keepalive is enabled" do + Puppet.settings.stubs(:value).with(:http_keepalive).returns(true) + Puppet.settings.stubs(:value).with(:http_proxy_host).returns("myhost") + Puppet.settings.stubs(:value).with(:http_proxy_port).returns(432) + old = Puppet::Network::XMLRPCClient.http_instance("me", 54321) + Puppet::Network::XMLRPCClient.http_instance("me", 54321).should equal(old) + end + + it "should not cache http instances if keepalive is not enabled" do + Puppet.settings.stubs(:value).with(:http_keepalive).returns(false) + Puppet.settings.stubs(:value).with(:http_proxy_host).returns("myhost") + Puppet.settings.stubs(:value).with(:http_proxy_port).returns(432) + old = Puppet::Network::XMLRPCClient.http_instance("me", 54321) + Puppet::Network::XMLRPCClient.http_instance("me", 54321).should_not equal(old) + end + + it "should have a mechanism for clearing the http cache" do + Puppet.settings.stubs(:value).with(:http_keepalive).returns(true) + Puppet.settings.stubs(:value).with(:http_proxy_host).returns("myhost") + Puppet.settings.stubs(:value).with(:http_proxy_port).returns(432) + old = Puppet::Network::XMLRPCClient.http_instance("me", 54321) + Puppet::Network::XMLRPCClient.http_instance("me", 54321).should equal(old) + old = Puppet::Network::XMLRPCClient.http_instance("me", 54321) + Puppet::Network::XMLRPCClient.clear_http_instances + Puppet::Network::XMLRPCClient.http_instance("me", 54321).should_not equal(old) + end + + after do + Puppet::Network::XMLRPCClient.clear_http_instances + end +end diff --git a/spec/unit/util/settings.rb b/spec/unit/util/settings.rb index 620c04009..2856c574e 100755 --- a/spec/unit/util/settings.rb +++ b/spec/unit/util/settings.rb @@ -323,6 +323,17 @@ describe Puppet::Util::Settings, " when parsing its configuration" do @settings[:myfile].should == "/other/file" @settings.metadata(:myfile).should == {:owner => "luke"} end + + it "should allow empty values" do + @settings.setdefaults :section, :myarg => ["myfile", "a"] + + text = "[main] + myarg = + " + @settings.stubs(:read_file).returns(text) + @settings.parse("/some/file") + @settings[:myarg].should == "" + end end describe Puppet::Util::Settings, " when reparsing its configuration" do diff --git a/test/network/client/client.rb b/test/network/client/client.rb index 4a7e9cdb6..918b9e86a 100755 --- a/test/network/client/client.rb +++ b/test/network/client/client.rb @@ -243,8 +243,8 @@ class TestClient < Test::Unit::TestCase client = FakeClient.new :Test => FakeDriver.new driver = client.driver - driver.meta_def(:cert_setup) { |c| } - driver.expects(:cert_setup).with(client) + driver.meta_def(:recycle_connection) { |c| } + driver.expects(:recycle_connection).with(client) assert_nothing_raised("Could not read cert") do client.read_cert diff --git a/test/network/handler/bucket.rb b/test/network/handler/bucket.rb index d72206e29..1a7063366 100755 --- a/test/network/handler/bucket.rb +++ b/test/network/handler/bucket.rb @@ -203,38 +203,6 @@ class TestBucket < Test::Unit::TestCase checkfiles(client) end - # test that things work over the wire - def test_webxmlmix - Puppet::Util::SUIDManager.stubs(:asuser).yields - - files = filelist() - - tmpdir = File.join(tmpdir(),"tmpfiledir") - @@tmpfiles << tmpdir - FileUtils.mkdir_p(tmpdir) - - Puppet[:autosign] = true - Puppet[:certname] = "localhost" - client = nil - port = Puppet[:masterport] - - pid = mkserver(:CA => {}, :FileBucket => { :Path => @bucket}) - - assert_nothing_raised { - client = Puppet::Network::Client.dipper.new( - :Server => "localhost", - :Port => @@port - ) - } - - checkfiles(client) - - unless pid - raise "Uh, we don't have a child pid" - end - Process.kill("TERM", pid) - end - def test_no_path_duplicates bucket = nil assert_nothing_raised { diff --git a/test/network/xmlrpc/client.rb b/test/network/xmlrpc/client.rb index e740e57b4..f6d234324 100755 --- a/test/network/xmlrpc/client.rb +++ b/test/network/xmlrpc/client.rb @@ -51,24 +51,34 @@ class TestXMLRPCClient < Test::Unit::TestCase client = Puppet::Network::XMLRPCClient.new() end - ca = Puppet::Network::Handler.ca.new - caclient = Puppet::Network::Client.ca.new :CA => ca - caclient.request_cert + caclient = mock 'client', :cert => :ccert, :key => :ckey + + FileTest.expects(:exist?).with(Puppet[:localcacert]).returns(true) + + store = mock 'sslstore' + OpenSSL::X509::Store.expects(:new).returns(store) + store.expects(:add_file).with(Puppet[:localcacert]) + store.expects(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_CLIENT) class << client attr_accessor :http end - client.http.expects(:ca_file=).with(Puppet[:localcacert]) - client.http.expects(:cert=).with(caclient.cert) - client.http.expects(:key=).with(caclient.key) - client.http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) - client.http.expects(:cert_store=) + http = mock 'http' + client.http = http + + http.expects(:ca_file).returns(false) + http.expects(:ca_file=).with(Puppet[:localcacert]) + http.expects(:cert=).with(:ccert) + http.expects(:key=).with(:ckey) + http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) + http.expects(:cert_store=) assert_nothing_raised do client.cert_setup(caclient) end end -end - + def test_http_cache + end +end |