diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-05-04 23:09:34 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-05-04 23:09:34 +0000 |
| commit | 1f8de9d0c211ac5641f5ad827a0f478fff6bd223 (patch) | |
| tree | cd376d4ec4baa846ea9d9e885af7400ea97f63f5 | |
| parent | f783859c6fb9dd7eb79a6775b3fb58441b4a8b9c (diff) | |
| download | puppet-1f8de9d0c211ac5641f5ad827a0f478fff6bd223.tar.gz puppet-1f8de9d0c211ac5641f5ad827a0f478fff6bd223.tar.xz puppet-1f8de9d0c211ac5641f5ad827a0f478fff6bd223.zip | |
Consolidating all of the configuration parameter declarations into configuration, at least partially just because then the docs for each parameter have to be a bit better. Also, I have gotten rid of the "puppet" section, replacing it with "main", and changed, added, or removed a couple of other sections. In general, we should now prefer more sections, rather than fewer.
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2463 980ebf18-57e1-0310-9a29-db15c13687c0
| -rw-r--r-- | lib/puppet/configuration.rb | 290 | ||||
| -rw-r--r-- | lib/puppet/network/client/ca.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/network/client/master.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/network/handler/ca.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/network/server/webrick.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/parser/ast.rb | 5 | ||||
| -rw-r--r-- | lib/puppet/parser/interpreter.rb | 55 | ||||
| -rw-r--r-- | lib/puppet/parser/scope.rb | 8 | ||||
| -rw-r--r-- | lib/puppet/rails.rb | 30 | ||||
| -rw-r--r-- | lib/puppet/reports/tagmail.rb | 3 | ||||
| -rwxr-xr-x | lib/puppet/sslcertificates.rb | 48 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/ca.rb | 79 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/inventory.rb | 10 | ||||
| -rw-r--r-- | lib/puppet/transaction.rb | 20 | ||||
| -rwxr-xr-x | lib/puppet/util/loadedfile.rb | 7 | ||||
| -rw-r--r-- | lib/puppet/util/metric.rb | 12 | ||||
| -rw-r--r-- | lib/puppet/util/storage.rb | 2 | ||||
| -rwxr-xr-x | test/language/snippets.rb | 1 | ||||
| -rwxr-xr-x | test/network/client/client.rb | 2 | ||||
| -rwxr-xr-x | test/network/handler/master.rb | 2 | ||||
| -rwxr-xr-x | test/other/transactions.rb | 2 | ||||
| -rwxr-xr-x | test/ral/manager/type.rb | 3 |
22 files changed, 298 insertions, 289 deletions
diff --git a/lib/puppet/configuration.rb b/lib/puppet/configuration.rb index ffd147cd1..9489b9737 100644 --- a/lib/puppet/configuration.rb +++ b/lib/puppet/configuration.rb @@ -5,6 +5,7 @@ module Puppet conf = nil var = nil name = $0.gsub(/.+#{File::SEPARATOR}/,'').sub(/\.rb$/, '') + if name != "puppetmasterd" and Puppet::Util::SUIDManager.uid != 0 conf = File.expand_path("~/.puppet") var = File.expand_path("~/.puppet/var") @@ -14,7 +15,7 @@ module Puppet var = "/var/puppet" end - self.setdefaults(:puppet, + self.setdefaults(:main, :confdir => [conf, "The main Puppet configuration directory. The default for this parameter is calculated based on the user. If the process is runnig as root or the user that ``puppetmasterd`` is supposed to run as, it defaults to a system directory, but if it's running as any other user, it defaults to being in ``~``."], @@ -33,7 +34,7 @@ module Puppet else logopts = ["$vardir/log", "The Puppet log directory."] end - setdefaults(:puppet, :logdir => logopts) + setdefaults(:main, :logdir => logopts) # This name hackery is necessary so that the rundir is set reasonably during # unit tests. @@ -43,7 +44,7 @@ module Puppet rundir = "$vardir/run" end - self.setdefaults(:puppet, + self.setdefaults(:main, :trace => [false, "Whether to print stack traces on some errors"], :autoflush => [false, "Whether log files should always flush to disk."], :syslogfacility => ["daemon", "What syslog facility to use when logging to @@ -124,8 +125,140 @@ module Puppet ] ) + hostname = Facter["hostname"].value + domain = Facter["domain"].value + if domain and domain != "" + fqdn = [hostname, domain].join(".") + else + fqdn = hostname + end + + Puppet.setdefaults(:ssl, + :certname => [fqdn, "The name to use when handling certificates. Defaults + to the fully qualified domain name."], + :certdir => ["$ssldir/certs", "The certificate directory."], + :publickeydir => ["$ssldir/public_keys", "The public key directory."], + :privatekeydir => { :default => "$ssldir/private_keys", + :mode => 0750, + :desc => "The private key directory." + }, + :privatedir => { :default => "$ssldir/private", + :mode => 0750, + :desc => "Where the client stores private certificate information." + }, + :passfile => { :default => "$privatedir/password", + :mode => 0640, + :desc => "Where puppetd stores the password for its private key. + Generally unused." + }, + :hostcsr => { :default => "$ssldir/csr_$certname.pem", + :mode => 0644, + :desc => "Where individual hosts store and look for their certificates." + }, + :hostcert => { :default => "$certdir/$certname.pem", + :mode => 0644, + :desc => "Where individual hosts store and look for their certificates." + }, + :hostprivkey => { :default => "$privatekeydir/$certname.pem", + :mode => 0600, + :desc => "Where individual hosts store and look for their private key." + }, + :hostpubkey => { :default => "$publickeydir/$certname.pem", + :mode => 0644, + :desc => "Where individual hosts store and look for their public key." + }, + :localcacert => { :default => "$certdir/ca.pem", + :mode => 0644, + :desc => "Where each client stores the CA certificate." + } + ) + + setdefaults(:ca, + :cadir => { :default => "$ssldir/ca", + :owner => "$user", + :group => "$group", + :mode => 0770, + :desc => "The root directory for the certificate authority." + }, + :cacert => { :default => "$cadir/ca_crt.pem", + :owner => "$user", + :group => "$group", + :mode => 0660, + :desc => "The CA certificate." + }, + :cakey => { :default => "$cadir/ca_key.pem", + :owner => "$user", + :group => "$group", + :mode => 0660, + :desc => "The CA private key." + }, + :capub => { :default => "$cadir/ca_pub.pem", + :owner => "$user", + :group => "$group", + :desc => "The CA public key." + }, + :cacrl => { :default => "$cadir/ca_crl.pem", + :owner => "$user", + :group => "$group", + :mode => 0664, + :desc => "The certificate revocation list (CRL) for the CA. Set this to 'none' if you do not want to use a CRL." + }, + :caprivatedir => { :default => "$cadir/private", + :owner => "$user", + :group => "$group", + :mode => 0770, + :desc => "Where the CA stores private certificate information." + }, + :csrdir => { :default => "$cadir/requests", + :owner => "$user", + :group => "$group", + :desc => "Where the CA stores certificate requests" + }, + :signeddir => { :default => "$cadir/signed", + :owner => "$user", + :group => "$group", + :mode => 0770, + :desc => "Where the CA stores signed certificates." + }, + :capass => { :default => "$caprivatedir/ca.pass", + :owner => "$user", + :group => "$group", + :mode => 0660, + :desc => "Where the CA stores the password for the private key" + }, + :serial => { :default => "$cadir/serial", + :owner => "$user", + :group => "$group", + :desc => "Where the serial number for certificates is stored." + }, + :autosign => { :default => "$confdir/autosign.conf", + :mode => 0644, + :desc => "Whether to enable autosign. Valid values are true (which + autosigns any key request, and is a very bad idea), false (which + never autosigns any key request), and the path to a file, which + uses that configuration file to determine which keys to sign."}, + :ca_days => ["", "How long a certificate should be valid. + This parameter is deprecated, use ca_ttl instead"], + :ca_ttl => ["5y", "The default TTL for new certificates; valid values + must be an integer, optionally followed by one of the units + 'y' (years of 365 days), 'd' (days), 'h' (hours), or + 's' (seconds). The unit defaults to seconds. If this parameter + is set, ca_days is ignored. Examples are '3600' (one hour) + and '1825d', which is the same as '5y' (5 years) "], + :ca_md => ["md5", "The type of hash used in certificates."], + :req_bits => [2048, "The bit length of the certificates."], + :keylength => [1024, "The bit length of keys."], + :cert_inventory => { + :default => "$cadir/inventory.txt", + :mode => 0644, + :owner => "$user", + :group => "$group", + :desc => "A Complete listing of all certificates" + } + ) + # Define the config default. - self.setdefaults(self.name, + self.setdefaults(self.config[:name], :config => ["$confdir/#{Puppet[:name]}.conf", "The configuration file for #{Puppet[:name]}."], :pidfile => ["", "The pid file"], @@ -137,7 +270,7 @@ module Puppet speak SSL."] ) - self.setdefaults("puppetmasterd", + self.setdefaults(:puppetmasterd, :user => ["puppet", "The user puppetmasterd should run as."], :group => ["puppet", "The group puppetmasterd should run as."], :manifestdir => ["$confdir/manifests", @@ -179,7 +312,7 @@ module Puppet directories." ] ) - self.setdefaults("puppetd", + self.setdefaults(:puppetd, :localconfig => { :default => "$statedir/localconfig", :owner => "root", :mode => 0660, @@ -222,14 +355,14 @@ module Puppet :ca_port => ["$masterport", "The port to use for the certificate authority."] ) - self.setdefaults("filebucket", + self.setdefaults(:filebucket, :clientbucketdir => { :default => "$vardir/clientbucket", :mode => 0750, :desc => "Where FileBucket files are stored locally." } ) - self.setdefaults("fileserver", + self.setdefaults(:fileserver, :fileserverconfig => ["$confdir/fileserver.conf", "Where the fileserver configuration is stored."] ) @@ -247,7 +380,7 @@ module Puppet received from the client. Each client gets a separate subdirectory."} ) - self.setdefaults("puppetd", + self.setdefaults(:puppetd, :puppetdlockfile => [ "$statedir/puppetdlock", "A lock file to temporarily stop puppetd from doing anything."], :usecacheonfailure => [true, @@ -281,7 +414,7 @@ module Puppet ) # Plugin information. - self.setdefaults("puppet", + self.setdefaults(:main, :pluginpath => ["$vardir/plugins", "Where Puppet should look for plugins. Multiple directories should be colon-separated, like normal PATH variables."], @@ -299,7 +432,7 @@ module Puppet ) # Central fact information. - self.setdefaults("puppet", + self.setdefaults(:main, :factpath => ["$vardir/facts", "Where Puppet should look for facts. Multiple directories should be colon-separated, like normal PATH variables."], @@ -316,7 +449,7 @@ module Puppet "What files to ignore when pulling down facts."] ) - self.setdefaults(:reporting, + self.setdefaults(:tagmail, :tagmap => ["$confdir/tagmail.conf", "The mapping between reporting tags and email addresses."], :sendmail => [%x{which sendmail 2>/dev/null}.chomp, @@ -336,6 +469,139 @@ module Puppet :yamlfactdir => ["$vardir/facts", "The directory in which client facts are stored when the yaml fact store is used."] ) + + self.setdefaults(:rails, + :dblocation => { :default => "$statedir/clientconfigs.sqlite3", + :mode => 0660, + :owner => "$user", + :group => "$group", + :desc => "The database cache for client configurations. Used for + querying within the language." + }, + :dbadapter => [ "sqlite3", "The type of database to use." ], + :dbmigrate => [ false, "Whether to automatically migrate the database." ], + :dbname => [ "puppet", "The name of the database to use." ], + :dbserver => [ "localhost", "The database server for Client caching. Only + used when networked databases are used."], + :dbuser => [ "puppet", "The database user for Client caching. Only + used when networked databases are used."], + :dbpassword => [ "puppet", "The database password for Client caching. Only + used when networked databases are used."], + :railslog => {:default => "$logdir/rails.log", + :mode => 0600, + :owner => "$user", + :group => "$group", + :desc => "Where Rails-specific logs are sent" + } + ) + + setdefaults(:graphing, + :graph => [false, "Whether to create dot graph files for the different + configuration graphs. These dot files can be interpreted by tools + like OmniGraffle or dot (which is part of ImageMagick)."], + :graphdir => ["$statedir/graphs", "Where to store dot-outputted graphs."] + ) + + setdefaults(:transaction, + :tags => ["", "Tags to use to find resources. If this is set, then + only resources tagged with the specified tags will be applied. + Values must be comma-separated."], + :evaltrace => [false, "Whether each resource should log when it is + being evaluated. This allows you to interactively see exactly + what is being done."], + :summarize => [false, + "Whether to print a transaction summary." + ] + ) + + setdefaults(:parser, + :typecheck => [true, "Whether to validate types during parsing."], + :paramcheck => [true, "Whether to validate parameters during parsing."] + ) + + setdefaults(:main, + :casesensitive => [false, + "Whether matching in case statements and selectors + should be case-sensitive. Case insensitivity is + handled by downcasing all values before comparison."], + :external_nodes => ["none", + "An external command that can produce node information. The + first line of output must be either the parent node or blank, + and if there is a second line of output it should be a list of + whitespace-separated classes to include on that node. This command + makes it straightforward to store your node mapping information + in other data sources like databases. + + For unknown nodes, the commands should exit with an exit code of 1."]) + + setdefaults(:ldap, + :ldapnodes => [false, + "Whether to search for node configurations in LDAP."], + :ldapssl => [false, + "Whether SSL should be used when searching for nodes. + Defaults to false because SSL usually requires certificates + to be set up on the client side."], + :ldaptls => [false, + "Whether TLS should be used when searching for nodes. + Defaults to false because TLS usually requires certificates + to be set up on the client side."], + :ldapserver => ["ldap", + "The LDAP server. Only used if ``ldapnodes`` is enabled."], + :ldapport => [389, + "The LDAP port. Only used if ``ldapnodes`` is enabled."], + :ldapstring => ["(&(objectclass=puppetClient)(cn=%s))", + "The search string used to find an LDAP node."], + :ldapattrs => ["puppetclass", + "The LDAP attributes to use to define Puppet classes. Values + should be comma-separated."], + :ldapparentattr => ["parentnode", + "The attribute to use to define the parent node."], + :ldapuser => ["", + "The user to use to connect to LDAP. Must be specified as a + full DN."], + :ldappassword => ["", + "The password to use to connect to LDAP."], + :ldapbase => ["", + "The search base for LDAP searches. It's impossible to provide + a meaningful default here, although the LDAP libraries might + have one already set. Generally, it should be the 'ou=Hosts' + branch under your main directory."] + ) + + setdefaults(:puppetmasterd, + :storeconfigs => [false, + "Whether to store each client's configuration. This + requires ActiveRecord from Ruby on Rails."] + ) + + # This doesn't actually work right now. + setdefaults(:parser, + :lexical => [false, "Whether to use lexical scoping (vs. dynamic)."], + :templatedir => ["$vardir/templates", + "Where Puppet looks for template files." + ] + ) + + setdefaults(:main, + :filetimeout => [ 15, + "The minimum time to wait (in seconds) between checking for updates in + configuration files. This timeout determines how quickly Puppet checks whether + a file (such as manifests or templates) has changed on disk." + ] + ) + + setdefaults(:metrics, + :rrddir => {:default => "$vardir/rrd", + :owner => "$user", + :group => "$group", + :desc => "The directory where RRD database files are stored. + Directories for each reporting host will be created under + this directory." + }, + :rrdgraph => [false, "Whether RRD information should be graphed."], + :rrdinterval => ["$runinterval", "How often RRD should expect data. + This should match how often the hosts report back to the server."] + ) end # $Id$ diff --git a/lib/puppet/network/client/ca.rb b/lib/puppet/network/client/ca.rb index fe3cb060a..50d761ccf 100644 --- a/lib/puppet/network/client/ca.rb +++ b/lib/puppet/network/client/ca.rb @@ -16,7 +16,7 @@ class Puppet::Network::Client::CA < Puppet::Network::Client # This client is really only able to request certificates for the # current host. It uses the Puppet.config settings to figure everything out. def request_cert - Puppet.config.use(:puppet, :certificates) + Puppet.config.use(:main, :ssl) if cert = read_cert return cert diff --git a/lib/puppet/network/client/master.rb b/lib/puppet/network/client/master.rb index 9c1aed8ee..e358a1d55 100644 --- a/lib/puppet/network/client/master.rb +++ b/lib/puppet/network/client/master.rb @@ -238,7 +238,7 @@ class Puppet::Network::Client::Master < Puppet::Network::Client # Just so we can specify that we are "the" instance. def initialize(*args) - Puppet.config.use(:puppet, :sslcertificates, :puppetd) + Puppet.config.use(:main, :ssl, :puppetd) super # This might be nil diff --git a/lib/puppet/network/handler/ca.rb b/lib/puppet/network/handler/ca.rb index 06e0486bf..a52c1556e 100644 --- a/lib/puppet/network/handler/ca.rb +++ b/lib/puppet/network/handler/ca.rb @@ -56,7 +56,7 @@ class Puppet::Network::Handler end def initialize(hash = {}) - Puppet.config.use(:puppet, :certificates, :ca) + Puppet.config.use(:main, :ssl, :ca) if hash.include? :autosign @autosign = hash[:autosign] end diff --git a/lib/puppet/network/server/webrick.rb b/lib/puppet/network/server/webrick.rb index 7b9f0f0c6..135625710 100644 --- a/lib/puppet/network/server/webrick.rb +++ b/lib/puppet/network/server/webrick.rb @@ -47,7 +47,7 @@ module Puppet # yuck; separate http logs file = nil - Puppet.config.use(:puppet, :certificates, Puppet.name) + Puppet.config.use(:main, :ssl, Puppet[:name]) if Puppet[:name] == "puppetmasterd" file = Puppet[:masterhttplog] else diff --git a/lib/puppet/parser/ast.rb b/lib/puppet/parser/ast.rb index 055559e1c..c6067d353 100644 --- a/lib/puppet/parser/ast.rb +++ b/lib/puppet/parser/ast.rb @@ -12,11 +12,6 @@ class Puppet::Parser::AST include Puppet::Util::Errors include Puppet::Util::MethodHelper - - Puppet.setdefaults("ast", - :typecheck => [true, "Whether to validate types during parsing."], - :paramcheck => [true, "Whether to validate parameters during parsing."] - ) attr_accessor :line, :file, :parent, :scope # Just used for 'tree', which is only used in debugging. diff --git a/lib/puppet/parser/interpreter.rb b/lib/puppet/parser/interpreter.rb index 9391ec866..b9391f902 100644 --- a/lib/puppet/parser/interpreter.rb +++ b/lib/puppet/parser/interpreter.rb @@ -10,61 +10,6 @@ require 'puppet/parser/scope' class Puppet::Parser::Interpreter include Puppet::Util - - Puppet.setdefaults(:puppet, - :casesensitive => [false, - "Whether matching in case statements and selectors - should be case-sensitive. Case insensitivity is - handled by downcasing all values before comparison."], - :external_nodes => ["none", - "An external command that can produce node information. The - first line of output must be either the parent node or blank, - and if there is a second line of output it should be a list of - whitespace-separated classes to include on that node. This command - makes it straightforward to store your node mapping information - in other data sources like databases. - - For unknown nodes, the commands should exit with an exit code of 1."]) - - Puppet.setdefaults("ldap", - :ldapnodes => [false, - "Whether to search for node configurations in LDAP."], - :ldapssl => [false, - "Whether SSL should be used when searching for nodes. - Defaults to false because SSL usually requires certificates - to be set up on the client side."], - :ldaptls => [false, - "Whether TLS should be used when searching for nodes. - Defaults to false because TLS usually requires certificates - to be set up on the client side."], - :ldapserver => ["ldap", - "The LDAP server. Only used if ``ldapnodes`` is enabled."], - :ldapport => [389, - "The LDAP port. Only used if ``ldapnodes`` is enabled."], - :ldapstring => ["(&(objectclass=puppetClient)(cn=%s))", - "The search string used to find an LDAP node."], - :ldapattrs => ["puppetclass", - "The LDAP attributes to use to define Puppet classes. Values - should be comma-separated."], - :ldapparentattr => ["parentnode", - "The attribute to use to define the parent node."], - :ldapuser => ["", - "The user to use to connect to LDAP. Must be specified as a - full DN."], - :ldappassword => ["", - "The password to use to connect to LDAP."], - :ldapbase => ["", - "The search base for LDAP searches. It's impossible to provide - a meaningful default here, although the LDAP libraries might - have one already set. Generally, it should be the 'ou=Hosts' - branch under your main directory."] - ) - - Puppet.setdefaults(:puppetmaster, - :storeconfigs => [false, - "Whether to store each client's configuration. This - requires ActiveRecord from Ruby on Rails."] - ) attr_accessor :usenodes diff --git a/lib/puppet/parser/scope.rb b/lib/puppet/parser/scope.rb index 709884296..b792346fa 100644 --- a/lib/puppet/parser/scope.rb +++ b/lib/puppet/parser/scope.rb @@ -11,14 +11,6 @@ class Puppet::Parser::Scope AST = Puppet::Parser::AST - # This doesn't actually work right now. - Puppet.config.setdefaults(:puppet, - :lexical => [false, "Whether to use lexical scoping (vs. dynamic)."], - :templatedir => ["$vardir/templates", - "Where Puppet looks for template files." - ] - ) - Puppet::Util.logmethods(self) include Enumerable diff --git a/lib/puppet/rails.rb b/lib/puppet/rails.rb index 7f73fcf55..6664d8bac 100644 --- a/lib/puppet/rails.rb +++ b/lib/puppet/rails.rb @@ -4,36 +4,12 @@ require 'facter' require 'puppet' module Puppet::Rails - Puppet.config.setdefaults(:puppetmaster, - :dblocation => { :default => "$statedir/clientconfigs.sqlite3", - :mode => 0660, - :owner => "$user", - :group => "$group", - :desc => "The database cache for client configurations. Used for - querying within the language." - }, - :dbadapter => [ "sqlite3", "The type of database to use." ], - :dbmigrate => [ false, "Whether to automatically migrate the database." ], - :dbname => [ "puppet", "The name of the database to use." ], - :dbserver => [ "localhost", "The database server for Client caching. Only - used when networked databases are used."], - :dbuser => [ "puppet", "The database user for Client caching. Only - used when networked databases are used."], - :dbpassword => [ "puppet", "The database password for Client caching. Only - used when networked databases are used."], - :railslog => {:default => "$logdir/rails.log", - :mode => 0600, - :owner => "$user", - :group => "$group", - :desc => "Where Rails-specific logs are sent" - } - ) def self.connect # This global init does not work for testing, because we remove # the state dir on every test. unless ActiveRecord::Base.connected? - Puppet.config.use(:puppet) + Puppet.config.use(:main) ActiveRecord::Base.logger = Logger.new(Puppet[:railslog]) ActiveRecord::Base.allow_concurrency = true @@ -88,7 +64,7 @@ module Puppet::Rails # For now, we have to use :puppet, too, since non-puppetmasterd processes # (including testing) put the logdir in :puppet, not in :puppetmasterd. - Puppet.config.use(:puppetmaster, :puppet) + Puppet.config.use(:rails, :main, :puppetmasterd) # This has to come after we create the logdir with the :use above. ActiveRecord::Base.logger = Logger.new(Puppet[:railslog]) @@ -127,7 +103,7 @@ module Puppet::Rails raise Puppet::DevError, "No activerecord, cannot init Puppet::Rails" end - Puppet.config.use(:puppetmaster) + Puppet.config.use(:puppetmasterd, :rails) begin ActiveRecord::Base.establish_connection(database_arguments()) diff --git a/lib/puppet/reports/tagmail.rb b/lib/puppet/reports/tagmail.rb index c2225bf7d..b62a6d2d3 100644 --- a/lib/puppet/reports/tagmail.rb +++ b/lib/puppet/reports/tagmail.rb @@ -30,6 +30,9 @@ Puppet::Network::Handler.report.newreport(:tagmail) do webservers that are not also from mailservers to ``httpadmins@domain.com``. " + + Puppet.config.use(:tagmail) + # Find all matching messages. def match(taglists) reports = [] diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb index 2f1f40b40..357959d0b 100755 --- a/lib/puppet/sslcertificates.rb +++ b/lib/puppet/sslcertificates.rb @@ -9,54 +9,6 @@ rescue LoadError end module Puppet::SSLCertificates - hostname = Facter["hostname"].value - domain = Facter["domain"].value - if domain and domain != "" - fqdn = [hostname, domain].join(".") - else - fqdn = hostname - end - - Puppet.setdefaults("certificates", - :certname => [fqdn, "The name to use when handling certificates. Defaults - to the fully qualified domain name."], - :certdir => ["$ssldir/certs", "The certificate directory."], - :publickeydir => ["$ssldir/public_keys", "The public key directory."], - :privatekeydir => { :default => "$ssldir/private_keys", - :mode => 0750, - :desc => "The private key directory." - }, - :privatedir => { :default => "$ssldir/private", - :mode => 0750, - :desc => "Where the client stores private certificate information." - }, - :passfile => { :default => "$privatedir/password", - :mode => 0640, - :desc => "Where puppetd stores the password for its private key. - Generally unused." - }, - :hostcsr => { :default => "$ssldir/csr_$certname.pem", - :mode => 0644, - :desc => "Where individual hosts store and look for their certificates." - }, - :hostcert => { :default => "$certdir/$certname.pem", - :mode => 0644, - :desc => "Where individual hosts store and look for their certificates." - }, - :hostprivkey => { :default => "$privatekeydir/$certname.pem", - :mode => 0600, - :desc => "Where individual hosts store and look for their private key." - }, - :hostpubkey => { :default => "$publickeydir/$certname.pem", - :mode => 0644, - :desc => "Where individual hosts store and look for their public key." - }, - :localcacert => { :default => "$certdir/ca.pem", - :mode => 0644, - :desc => "Where each client stores the CA certificate." - } - ) - #def self.mkcert(type, name, ttl, issuercert, issuername, serial, publickey) def self.mkcert(hash) [:type, :name, :ttl, :issuer, :serial, :publickey].each { |param| diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index 723a0444b..018640d36 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -4,83 +4,6 @@ class Puppet::SSLCertificates::CA Certificate = Puppet::SSLCertificates::Certificate attr_accessor :keyfile, :file, :config, :dir, :cert, :crl - Puppet.setdefaults(:ca, - :cadir => { :default => "$ssldir/ca", - :owner => "$user", - :group => "$group", - :mode => 0770, - :desc => "The root directory for the certificate authority." - }, - :cacert => { :default => "$cadir/ca_crt.pem", - :owner => "$user", - :group => "$group", - :mode => 0660, - :desc => "The CA certificate." - }, - :cakey => { :default => "$cadir/ca_key.pem", - :owner => "$user", - :group => "$group", - :mode => 0660, - :desc => "The CA private key." - }, - :capub => { :default => "$cadir/ca_pub.pem", - :owner => "$user", - :group => "$group", - :desc => "The CA public key." - }, - :cacrl => { :default => "$cadir/ca_crl.pem", - :owner => "$user", - :group => "$group", - :mode => 0664, - :desc => "The certificate revocation list (CRL) for the CA. Set this to 'none' if you do not want to use a CRL." - }, - :caprivatedir => { :default => "$cadir/private", - :owner => "$user", - :group => "$group", - :mode => 0770, - :desc => "Where the CA stores private certificate information." - }, - :csrdir => { :default => "$cadir/requests", - :owner => "$user", - :group => "$group", - :desc => "Where the CA stores certificate requests" - }, - :signeddir => { :default => "$cadir/signed", - :owner => "$user", - :group => "$group", - :mode => 0770, - :desc => "Where the CA stores signed certificates." - }, - :capass => { :default => "$caprivatedir/ca.pass", - :owner => "$user", - :group => "$group", - :mode => 0660, - :desc => "Where the CA stores the password for the private key" - }, - :serial => { :default => "$cadir/serial", - :owner => "$user", - :group => "$group", - :desc => "Where the serial number for certificates is stored." - }, - :autosign => { :default => "$confdir/autosign.conf", - :mode => 0644, - :desc => "Whether to enable autosign. Valid values are true (which - autosigns any key request, and is a very bad idea), false (which - never autosigns any key request), and the path to a file, which - uses that configuration file to determine which keys to sign."}, - :ca_days => ["", "How long a certificate should be valid. - This parameter is deprecated, use ca_ttl instead"], - :ca_ttl => ["5y", "The default TTL for new certificates; valid values - must be an integer, optionally followed by one of the units - 'y' (years of 365 days), 'd' (days), 'h' (hours), or - 's' (seconds). The unit defaults to seconds. If this parameter - is set, ca_days is ignored. Examples are '3600' (one hour) - and '1825d', which is the same as '5y' (5 years) "], - :ca_md => ["md5", "The type of hash used in certificates."], - :req_bits => [2048, "The bit length of the certificates."], - :keylength => [1024, "The bit length of keys."] - ) - def certfile @config[:cacert] end @@ -128,7 +51,7 @@ class Puppet::SSLCertificates::CA end def initialize(hash = {}) - Puppet.config.use(:puppet, :certificates, :ca) + Puppet.config.use(:main, :ca, :ssl) self.setconfig(hash) if Puppet[:capass] diff --git a/lib/puppet/sslcertificates/inventory.rb b/lib/puppet/sslcertificates/inventory.rb index 045780a69..156fff7ec 100644 --- a/lib/puppet/sslcertificates/inventory.rb +++ b/lib/puppet/sslcertificates/inventory.rb @@ -3,16 +3,6 @@ module Puppet::SSLCertificates module Inventory - Puppet.config.setdefaults(:ca, - :cert_inventory => { - :default => "$cadir/inventory.txt", - :mode => 0644, - :owner => "$user", - :group => "$group", - :desc => "A Complete listing of all certificates" - } - ) - # Add CERT to the inventory of issued certs in '$cadir/inventory.txt' # If no inventory exists yet, build an inventory and list all the # certificates that have been signed so far diff --git a/lib/puppet/transaction.rb b/lib/puppet/transaction.rb index 9eaca63a6..75332c145 100644 --- a/lib/puppet/transaction.rb +++ b/lib/puppet/transaction.rb @@ -15,24 +15,6 @@ class Transaction include Puppet::Util - Puppet.config.setdefaults(:puppet, - :graph => [false, "Whether to create dot graph files for the different - configuration graphs. These dot files can be interpreted by tools - like OmniGraffle or dot (which is part of ImageMagick)."], - :graphdir => ["$statedir/graphs", "Where to store dot-outputted graphs."] - ) - Puppet.config.setdefaults(:transaction, - :tags => ["", "Tags to use to find resources. If this is set, then - only resources tagged with the specified tags will be applied. - Values must be comma-separated."], - :evaltrace => [false, "Whether each resource should log when it is - being evaluated. This allows you to interactively see exactly - what is being done."], - :summarize => [false, - "Whether to print a transaction summary." - ] - ) - # Add some additional times for reporting def addtimes(hash) hash.each do |name, num| @@ -435,6 +417,8 @@ class Transaction return unless Puppet[:graph] + Puppet.config.use(:graphing) + file = File.join(Puppet[:graphdir], "%s.dot" % name.to_s) File.open(file, "w") { |f| f.puts gr.to_dot("name" => name.to_s.capitalize) diff --git a/lib/puppet/util/loadedfile.rb b/lib/puppet/util/loadedfile.rb index 362b5df09..ceb53bca4 100755 --- a/lib/puppet/util/loadedfile.rb +++ b/lib/puppet/util/loadedfile.rb @@ -12,13 +12,6 @@ module Puppet # have to depend on the granularity of the filesystem. attr_writer :tstamp - Puppet.config.setdefaults(:puppet, - :filetimeout => [ 15, - "The minimum time to wait between checking for updates in - configuration files." - ] - ) - # Determine whether the file has changed and thus whether it should # be reparsed. def changed? diff --git a/lib/puppet/util/metric.rb b/lib/puppet/util/metric.rb index 73a1618e2..19d56c543 100644 --- a/lib/puppet/util/metric.rb +++ b/lib/puppet/util/metric.rb @@ -3,18 +3,6 @@ require 'puppet' # A class for handling metrics. This is currently ridiculously hackish. class Puppet::Util::Metric - Puppet.config.setdefaults("metrics", - :rrddir => {:default => "$vardir/rrd", - :owner => "$user", - :group => "$group", - :desc => "The directory where RRD database files are stored. - Directories for each reporting host will be created under - this directory." - }, - :rrdgraph => [false, "Whether RRD information should be graphed."], - :rrdinterval => ["$runinterval", "How often RRD should expect data. - This should match how often the hosts report back to the server."] - ) # Load the library as a feature, so we can test its presence. Puppet.features.add :rrd, :libs => 'RRD' diff --git a/lib/puppet/util/storage.rb b/lib/puppet/util/storage.rb index d76c67433..a10183615 100644 --- a/lib/puppet/util/storage.rb +++ b/lib/puppet/util/storage.rb @@ -46,7 +46,7 @@ class Puppet::Util::Storage self.init def self.load - Puppet.config.use(:puppet) + Puppet.config.use(:main) unless File.exists?(Puppet[:statefile]) unless defined? @@state and ! @@state.nil? diff --git a/test/language/snippets.rb b/test/language/snippets.rb index 67c5b1f4f..5fb11e8cd 100755 --- a/test/language/snippets.rb +++ b/test/language/snippets.rb @@ -14,7 +14,6 @@ class TestSnippets < Test::Unit::TestCase include ObjectSpace def setup - require 'profile' super @file = Puppet::Type.type(:file) end diff --git a/test/network/client/client.rb b/test/network/client/client.rb index 75f36c81b..b33048281 100755 --- a/test/network/client/client.rb +++ b/test/network/client/client.rb @@ -115,7 +115,7 @@ class TestClient < Test::Unit::TestCase Puppet[:ssldir] = confdir Puppet.config.mkdir(:ssldir) Puppet.config.clearused - Puppet.config.use(:certificates, :ca) + Puppet.config.use(:ssl, :ca) mkserver diff --git a/test/network/handler/master.rb b/test/network/handler/master.rb index 7e1a32396..917e5d8d9 100755 --- a/test/network/handler/master.rb +++ b/test/network/handler/master.rb @@ -124,7 +124,7 @@ class TestMaster < Test::Unit::TestCase assert(! client.fresh?(facts), "Client is incorrectly up to date") - Puppet.config.use(:puppet) + Puppet.config.use(:main) assert_nothing_raised { client.getconfig client.apply diff --git a/test/other/transactions.rb b/test/other/transactions.rb index 64d312aec..00241c93e 100755 --- a/test/other/transactions.rb +++ b/test/other/transactions.rb @@ -884,7 +884,7 @@ class TestTransactions < Test::Unit::TestCase end def test_graph - Puppet.config.use(:puppet) + Puppet.config.use(:main) # Make a graph graph = Puppet::PGraph.new graph.add_edge!("a", "b") diff --git a/test/ral/manager/type.rb b/test/ral/manager/type.rb index 139db76e2..6c1d6156c 100755 --- a/test/ral/manager/type.rb +++ b/test/ral/manager/type.rb @@ -414,6 +414,9 @@ end def test_newproperty_options # Create a type with a fake provider providerclass = Class.new do + def self.supports_parameter?(prop) + return true + end def method_missing(method, *args) return method end |