diff options
| author | Luke Kanies <luke@madstop.com> | 2007-11-24 14:55:01 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2007-11-24 14:55:01 -0600 |
| commit | 1b7f0ee67a7589e824c705c4f6f06fd6c59bc586 (patch) | |
| tree | 6f8ae366bf64e71e3f37bf73a2664be320b13ab2 /lib/puppet | |
| parent | e53693e3ff244f8e782b5dc863aa659d46f9a286 (diff) | |
| parent | 8de1412d97ac9d80500efb5cb94451ab67908448 (diff) | |
| download | puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.tar.gz puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.tar.xz puppet-1b7f0ee67a7589e824c705c4f6f06fd6c59bc586.zip | |
Merge branch 'wombles-patches'
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/defaults.rb | 5 | ||||
| -rw-r--r-- | lib/puppet/network/client.rb | 6 | ||||
| -rw-r--r-- | lib/puppet/network/client/master.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/network/xmlrpc/client.rb | 105 | ||||
| -rw-r--r-- | lib/puppet/parser/resource/param.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/rails.rb | 6 | ||||
| -rw-r--r-- | lib/puppet/util/settings.rb | 2 |
7 files changed, 86 insertions, 41 deletions
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 9a95c3cab..8edbe31fe 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -55,7 +55,7 @@ module Puppet syslog. Syslog has a fixed list of valid facilities, and you must choose one of those; you cannot just make one up."], :statedir => { :default => "$vardir/state", - :mode => 01777, + :mode => 01755, :desc => "The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts)." @@ -74,7 +74,6 @@ module Puppet :desc => "Where SSL certificates are kept." }, :rundir => { :default => rundir, - :mode => 01777, :desc => "Where Puppet PID files are kept." }, :genconfig => [false, @@ -385,6 +384,8 @@ module Puppet may need to use a FQDN for the server hostname when using a proxy."], :http_proxy_port => [3128, "The HTTP proxy port to use for outgoing connections"], + :http_keepalive => [true, + "Whether to reuse http connections, thus enabling http-keepalive."], :server => ["puppet", "The server to which server puppetd should connect"], :ignoreschedules => [false, diff --git a/lib/puppet/network/client.rb b/lib/puppet/network/client.rb index 7950abe3f..fa48ebfb5 100644 --- a/lib/puppet/network/client.rb +++ b/lib/puppet/network/client.rb @@ -85,9 +85,7 @@ class Puppet::Network::Client @driver = self.class.xmlrpc_client.new(args) - if self.read_cert - @driver.cert_setup(self) - end + self.read_cert # We have to start the HTTP connection manually before we start # sending it requests or keep-alive won't work. @@ -120,7 +118,7 @@ class Puppet::Network::Client # Make sure we set the driver up when we read the cert in. def read_cert if super - @driver.cert_setup(self) if @driver.respond_to?(:cert_setup) + @driver.recycle_connection(self) if @driver.respond_to?(:recycle_connection) return true else return false diff --git a/lib/puppet/network/client/master.rb b/lib/puppet/network/client/master.rb index ea351ddc3..30007d90b 100644 --- a/lib/puppet/network/client/master.rb +++ b/lib/puppet/network/client/master.rb @@ -323,6 +323,7 @@ class Puppet::Network::Client::Master < Puppet::Network::Client :owner => Process.uid, :group => Process.gid, :purge => true, + :force => true, :backup => false } diff --git a/lib/puppet/network/xmlrpc/client.rb b/lib/puppet/network/xmlrpc/client.rb index ab4117b0e..39f149aa8 100644 --- a/lib/puppet/network/xmlrpc/client.rb +++ b/lib/puppet/network/xmlrpc/client.rb @@ -3,6 +3,7 @@ require 'openssl' require 'puppet/external/base64' require 'xmlrpc/client' +require 'net/https' require 'yaml' module Puppet::Network @@ -18,6 +19,42 @@ module Puppet::Network include Puppet::Util::ClassGen end + # Clear our http cache. + def self.clear_http_instances + @@http_cache.clear + end + + # Retrieve a cached http instance of caching is enabled, else return + # a new one. + def self.http_instance(host, port, reset = false) + # We overwrite the uninitialized @http here with a cached one. + key = "%s:%s" % [host, port] + + # Return our cached instance if keepalive is enabled and we've got + # a cache, as long as we're not resetting the instance. + return @@http_cache[key] if ! reset and Puppet[:http_keepalive] and @@http_cache[key] + + args = [host, port] + if Puppet[:http_proxy_host] == "none" + args << nil << nil + else + args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port] + end + @http = Net::HTTP.new(*args) + + # Pop open @http a little; older versions of Net::HTTP(s) didn't + # give us a reader for ca_file... Grr... + class << @http; attr_accessor :ca_file; end + + @http.use_ssl = true + @http.read_timeout = 120 + @http.open_timeout = 120 + + @@http_cache[key] = @http if Puppet[:http_keepalive] + + return @http + end + # Create a netclient for each handler def self.mkclient(handler) interface = handler.interface @@ -25,7 +62,7 @@ module Puppet::Network # Create a subclass for every client type. This is # so that all of the methods are on their own class, - # so that they namespaces can define the same methods if + # so that their namespaces can define the same methods if # they want. constant = handler.name.to_s.capitalize name = namespace.downcase @@ -43,13 +80,14 @@ module Puppet::Network begin call("%s.%s" % [namespace, method.to_s],*args) rescue OpenSSL::SSL::SSLError => detail + if detail.message =~ /bad write retry/ + Puppet.warning "Transient SSL write error; restarting connection and retrying" + self.recycle_connection(@cert_client) + retry + end raise XMLRPCClientError, "Certificates were not trusted: %s" % detail rescue ::XMLRPC::FaultException => detail - #Puppet.err "Could not call %s.%s: %s" % - # [namespace, method, detail.faultString] - #raise XMLRPCClientError, - # "XMLRPC Error: %s" % detail.faultString raise XMLRPCClientError, detail.faultString rescue Errno::ECONNREFUSED => detail msg = "Could not connect to %s on port %s" % @@ -57,13 +95,21 @@ module Puppet::Network raise XMLRPCClientError, msg rescue SocketError => detail Puppet.err "Could not find server %s: %s" % - [@puppet_server, detail.to_s] + [@host, detail.to_s] error = XMLRPCClientError.new( - "Could not find server %s" % @puppet_server + "Could not find server %s" % @host ) error.set_backtrace detail.backtrace raise error + rescue Errno::EPIPE, EOFError + Puppet.warning "Other end went away; restarting connection and retrying" + self.recycle_connection(@cert_client) + retry rescue => detail + if detail.message =~ /^Wrong size\. Was \d+, should be \d+$/ + Puppet.warning "XMLRPC returned wrong size. Retrying." + retry + end Puppet.err "Could not call %s.%s: %s" % [namespace, method, detail.inspect] error = XMLRPCClientError.new(detail.to_s) @@ -82,22 +128,25 @@ module Puppet::Network # Use cert information from a Puppet client to set up the http object. def cert_setup(client) - unless FileTest.exists?(Puppet[:localcacert]) + # Cache it for next time + @cert_client = client + + unless FileTest.exist?(Puppet[:localcacert]) raise Puppet::SSLCertificates::Support::MissingCertificate, "Could not find ca certificate %s" % Puppet[:localcacert] end - # Don't want to overwrite certificates, @http will freeze itself + # We can't overwrite certificates, @http will freeze itself # once started. unless @http.ca_file - @http.ca_file = Puppet[:localcacert] - store = OpenSSL::X509::Store.new - store.add_file Puppet[:localcacert] - store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT - @http.cert_store = store - @http.cert = client.cert - @http.verify_mode = OpenSSL::SSL::VERIFY_PEER - @http.key = client.key + @http.ca_file = Puppet[:localcacert] + store = OpenSSL::X509::Store.new + store.add_file Puppet[:localcacert] + store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT + @http.cert_store = store + @http.cert = client.cert + @http.verify_mode = OpenSSL::SSL::VERIFY_PEER + @http.key = client.key end end @@ -113,30 +162,26 @@ module Puppet::Network hash[:HTTPProxyPort] = nil end - @puppet_server = hash[:Server] - @puppet_port = hash[:Port] - super( hash[:Server], hash[:Path], hash[:Port], - hash[:HTTPProxyHost], # proxy_host - hash[:HTTPProxyPort], # proxy_port + hash[:HTTPProxyHost], + hash[:HTTPProxyPort], nil, # user nil, # password true, # use_ssl 120 # a two minute timeout, instead of 30 seconds ) - - # We overwrite the uninitialized @http here with a cached one. - key = "%s%s" % [hash[:Server], hash[:Port]] - if @@http_cache[key] - @http = @@http_cache[key] - else - @@http_cache[key] = @http - end + @http = self.class.http_instance(@host, @port) end + + def recycle_connection(client) + @http = self.class.http_instance(@host, @port, true) # reset the instance + cert_setup(client) + end + def start @http.start unless @http.started? end diff --git a/lib/puppet/parser/resource/param.rb b/lib/puppet/parser/resource/param.rb index 6bde0674e..9352311d6 100644 --- a/lib/puppet/parser/resource/param.rb +++ b/lib/puppet/parser/resource/param.rb @@ -51,7 +51,7 @@ class Puppet::Parser::Resource::Param #dev_warn if db_values.nil? || db_values.empty? values_to_remove(db_values).each { |remove_me| - Puppet::Rails::ParamValue.delete(remove_me) + Puppet::Rails::ParamValue.delete(remove_me.id) } line_number = line_to_i() values_to_add(db_values).each { |add_me| diff --git a/lib/puppet/rails.rb b/lib/puppet/rails.rb index 55d03b878..bdb3a3cdc 100644 --- a/lib/puppet/rails.rb +++ b/lib/puppet/rails.rb @@ -41,9 +41,9 @@ module Puppet::Rails when "sqlite3": args[:dbfile] = Puppet[:dblocation] when "mysql", "postgresql": - args[:host] = Puppet[:dbserver] - args[:username] = Puppet[:dbuser] - args[:password] = Puppet[:dbpassword] + args[:host] = Puppet[:dbserver] unless Puppet[:dbserver].empty? + args[:username] = Puppet[:dbuser] unless Puppet[:dbuser].empty? + args[:password] = Puppet[:dbpassword] unless Puppet[:dbpassword].empty? args[:database] = Puppet[:dbname] args[:args] = Puppet[:dbsocket] unless Puppet[:dbsocket] == "" else diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index 1db396dc4..bac832812 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -896,7 +896,7 @@ Generated on #{Time.now}. result[section][:_meta] ||= {} when /^\s*#/: next # Skip comments when /^\s*$/: next # Skip blanks - when /^\s*(\w+)\s*=\s*(.+)$/: # settings + when /^\s*(\w+)\s*=\s*(.*)$/: # settings var = $1.intern # We don't want to munge modes, because they're specified in octal, so we'll |