diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-02-08 01:39:39 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-02-08 01:39:39 +0000 |
| commit | 7e07e3dc843798bdbc7a03428ca054adaff2fb72 (patch) | |
| tree | 34d0f9f8c2ee11bdc281e6e4d18cad444253fe36 /lib/puppet | |
| parent | 6d8068eddd0d29ec53f62557eb53f6ebb8e40591 (diff) | |
| download | puppet-7e07e3dc843798bdbc7a03428ca054adaff2fb72.tar.gz puppet-7e07e3dc843798bdbc7a03428ca054adaff2fb72.tar.xz puppet-7e07e3dc843798bdbc7a03428ca054adaff2fb72.zip | |
Moving all of the client and server code into a single network/ directory. In other words, more code structure cleanup.
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2179 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib/puppet')
43 files changed, 831 insertions, 892 deletions
diff --git a/lib/puppet/client.rb b/lib/puppet/client.rb deleted file mode 100644 index e668aa27a..000000000 --- a/lib/puppet/client.rb +++ /dev/null @@ -1,194 +0,0 @@ -# the available clients - -require 'puppet' -require 'puppet/networkclient' - -module Puppet - # FIXME this still isn't a good design, because none of the handlers overlap - # so i could just as easily include them all in the main module - # but at least it's better organized for now - class Client - include Puppet - include Puppet::Daemon - - include Puppet::Util - - # FIXME The cert stuff should only come up with networking, so it - # should be in the network client, not the normal client. But if i do - # that, it's hard to tell whether the certs have been initialized. - include Puppet::Daemon - attr_reader :secureinit - attr_accessor :schedule, :lastrun, :local, :stopping - - class << self - attr_reader :drivername, :handler - attr_accessor :netclient - end - - def initcerts - unless self.readcert - #if self.is_a? Puppet::Client::CA - unless self.requestcert - return nil - end - #else - # return nil - #end - #unless self.requestcert - #end - end - - # unless we have a driver, we're a local client and we can't add - # certs anyway, so it doesn't matter - unless @driver - return true - end - - self.setcerts - end - - def initialize(hash) - # to whom do we connect? - @server = nil - @nil = nil - @secureinit = hash[:NoSecureInit] || true - - if hash.include?(:FQDN) - @fqdn = hash[:FQDN] - else - self.fqdn - end - - if hash.include?(:Cache) - @cache = hash[:Cache] - else - @cache = true - end - - driverparam = self.class.drivername - if hash.include?(:Server) - if $noclientnetworking - raise NetworkClientError.new("Networking not available: %s" % - $nonetworking) - end - - args = {:Server => hash[:Server]} - args[:Port] = hash[:Port] || Puppet[:masterport] - - if self.readcert - args[:Certificate] = @cert - args[:Key] = @key - args[:CAFile] = @cacertfile - end - - netclient = nil - unless netclient = self.class.netclient - unless handler = self.class.handler - raise Puppet::DevError, - "Class %s has no handler defined" % self.class - end - namespace = self.class.handler.interface.prefix - netclient = Puppet::NetworkClient.netclient(namespace) - self.class.netclient = netclient - end - @driver = netclient.new(args) - @local = false - elsif hash.include?(driverparam) - @driver = hash[driverparam] - @local = true - else - raise ClientError, "%s must be passed a Server or %s" % - [self.class, driverparam] - end - end - - # Are we a local client? - def local? - if defined? @local and @local - true - else - false - end - end - - # A wrapper method to run and then store the last run time - def runnow - if self.stopping - Puppet.notice "In shutdown progress; skipping run" - return - end - begin - self.run - self.lastrun = Time.now.to_i - rescue => detail - if Puppet[:trace] - puts detail.backtrace - end - Puppet.err "Could not run %s: %s" % [self.class, detail] - end - end - - def run - raise Puppet::DevError, "Client type %s did not override run" % - self.class - end - - def scheduled? - if sched = self.schedule - return sched.match?(self.lastrun) - else - return true - end - end - - def setcerts - @driver.cert = @cert - @driver.key = @key - @driver.ca_file = @cacertfile - end - - def shutdown - if self.stopping - Puppet.notice "Already in shutdown" - else - self.stopping = true - if self.respond_to? :running? and self.running? - Puppet::Util::Storage.store - end - rmpidfile() - end - end - - # Start listening for events. We're pretty much just listening for - # timer events here. - def start - setpidfile() - # Create our timer. Puppet will handle observing it and such. - timer = Puppet.newtimer( - :interval => Puppet[:runinterval], - :tolerance => 1, - :start? => true - ) do - if self.scheduled? - self.runnow - end - end - - # Run once before we start following the timer - self.runnow - end - - require 'puppet/client/proxy' - require 'puppet/client/ca' - require 'puppet/client/dipper' - require 'puppet/client/file' - require 'puppet/client/log' - require 'puppet/client/master' - require 'puppet/client/runner' - require 'puppet/client/status' - require 'puppet/client/reporter' - require 'puppet/client/resource' - end -end - -# $Id$ diff --git a/lib/puppet/client/ca.rb b/lib/puppet/client/ca.rb deleted file mode 100644 index 8904c4a13..000000000 --- a/lib/puppet/client/ca.rb +++ /dev/null @@ -1,21 +0,0 @@ -class Puppet::Client::CA < Puppet::Client::ProxyClient - @drivername = :CA - - # set up the appropriate interface methods - @handler = Puppet::Server::CA - self.mkmethods - - def initialize(hash = {}) - if hash.include?(:CA) - if hash[:CA].is_a? Hash - hash[:CA] = Puppet::Server::CA.new(hash[:CA]) - else - hash[:CA] = Puppet::Server::CA.new() - end - end - - super(hash) - end -end - -# $Id$ diff --git a/lib/puppet/client/dipper.rb b/lib/puppet/client/dipper.rb deleted file mode 100644 index 1422c24f2..000000000 --- a/lib/puppet/client/dipper.rb +++ /dev/null @@ -1,80 +0,0 @@ -module Puppet - class Client - # The client class for filebuckets. - class Dipper < Puppet::Client - @drivername = :Bucket - - @handler = Puppet::Server::FileBucket - - attr_accessor :name - - # Create our bucket client - def initialize(hash = {}) - if hash.include?(:Path) - bucket = Puppet::Server::FileBucket.new( - :Path => hash[:Path] - ) - hash.delete(:Path) - hash[:Bucket] = bucket - end - - super(hash) - end - - # Back up a file to our bucket - def backup(file) - unless FileTest.exists?(file) - raise(BucketError, "File %s does not exist" % file) - end - contents = File.read(file) - unless local? - contents = Base64.encode64(contents) - end - return @driver.addfile(contents,file) - end - - # Restore the file - def restore(file,sum) - restore = true - if FileTest.exists?(file) - cursum = Digest::MD5.hexdigest(File.read(file)) - - # if the checksum has changed... - # this might be extra effort - if cursum == sum - restore = false - end - end - - if restore - if newcontents = @driver.getfile(sum) - unless local? - newcontents = Base64.decode64(newcontents) - end - tmp = "" - newsum = Digest::MD5.hexdigest(newcontents) - changed = nil - unless FileTest.writable?(file) - changed = File.stat(file).mode - File.chmod(changed | 0200, file) - end - File.open(file,File::WRONLY|File::TRUNC) { |of| - of.print(newcontents) - } - if changed - File.chmod(changed, file) - end - else - Puppet.err "Could not find file with checksum %s" % sum - return nil - end - return newsum - else - return nil - end - end - end - end -end - -# $Id$ diff --git a/lib/puppet/client/status.rb b/lib/puppet/client/status.rb deleted file mode 100644 index ed1445e04..000000000 --- a/lib/puppet/client/status.rb +++ /dev/null @@ -1,7 +0,0 @@ -class Puppet::Client::StatusClient < Puppet::Client::ProxyClient - # set up the appropriate interface methods - @handler = Puppet::Server::ServerStatus - self.mkmethods -end - -# $Id$ diff --git a/lib/puppet/daemon.rb b/lib/puppet/daemon.rb index 9fdb33bcf..91661e9e7 100755 --- a/lib/puppet/daemon.rb +++ b/lib/puppet/daemon.rb @@ -189,7 +189,7 @@ module Puppet # to create one if we don't already have one (or if we're not a CA # server). caclient = nil - if @driver.is_a? Puppet::Client::CA or @driver.is_a? Puppet::Server::CA + if @driver.is_a? Puppet::Network::Client::CA or @driver.is_a? Puppet::Network::Server::CA caclient = @driver else # Create a CA client with which to request the cert. @@ -197,7 +197,7 @@ module Puppet raise Puppet::DevError, "Incorrect setup for a local CA request" end - caclient = Puppet::Client::CA.new( + caclient = Puppet::Network::Client::CA.new( :Port => @driver.puppet_port, :Server => @driver.puppet_server ) diff --git a/lib/puppet/dsl.rb b/lib/puppet/dsl.rb index 44c03e8a9..09a4e2b61 100644 --- a/lib/puppet/dsl.rb +++ b/lib/puppet/dsl.rb @@ -68,7 +68,7 @@ module Puppet def apply bucket = export() objects = bucket.to_type - master = Puppet::Client::MasterClient.new :Master => "whatever" + master = Puppet::Network::Client::MasterClient.new :Master => "whatever" master.objects = objects master.apply diff --git a/lib/puppet/network/client.rb b/lib/puppet/network/client.rb new file mode 100644 index 000000000..604912025 --- /dev/null +++ b/lib/puppet/network/client.rb @@ -0,0 +1,190 @@ +# the available clients + +require 'puppet' +require 'puppet/network/networkclient' + +# FIXME this still isn't a good design, because none of the handlers overlap +# so i could just as easily include them all in the main module +# but at least it's better organized for now +class Puppet::Network::Client + include Puppet::Daemon + include Puppet::Util + + # FIXME The cert stuff should only come up with networking, so it + # should be in the network client, not the normal client. But if i do + # that, it's hard to tell whether the certs have been initialized. + include Puppet::Daemon + attr_reader :secureinit + attr_accessor :schedule, :lastrun, :local, :stopping + + class << self + attr_reader :drivername, :handler + attr_accessor :netclient + end + + def initcerts + unless self.readcert + #if self.is_a? Puppet::Network::Client::CA + unless self.requestcert + return nil + end + #else + # return nil + #end + #unless self.requestcert + #end + end + + # unless we have a driver, we're a local client and we can't add + # certs anyway, so it doesn't matter + unless @driver + return true + end + + self.setcerts + end + + def initialize(hash) + # to whom do we connect? + @server = nil + @nil = nil + @secureinit = hash[:NoSecureInit] || true + + if hash.include?(:FQDN) + @fqdn = hash[:FQDN] + else + self.fqdn + end + + if hash.include?(:Cache) + @cache = hash[:Cache] + else + @cache = true + end + + driverparam = self.class.drivername + if hash.include?(:Server) + if $noclientnetworking + raise NetworkClientError.new("Networking not available: %s" % + $nonetworking) + end + + args = {:Server => hash[:Server]} + args[:Port] = hash[:Port] || Puppet[:masterport] + + if self.readcert + args[:Certificate] = @cert + args[:Key] = @key + args[:CAFile] = @cacertfile + end + + netclient = nil + unless netclient = self.class.netclient + unless handler = self.class.handler + raise Puppet::DevError, + "Class %s has no handler defined" % self.class + end + namespace = self.class.handler.interface.prefix + netclient = Puppet::Network::NetworkClient.netclient(namespace) + self.class.netclient = netclient + end + @driver = netclient.new(args) + @local = false + elsif hash.include?(driverparam) + @driver = hash[driverparam] + @local = true + else + raise ClientError, "%s must be passed a Server or %s" % + [self.class, driverparam] + end + end + + # Are we a local client? + def local? + if defined? @local and @local + true + else + false + end + end + + # A wrapper method to run and then store the last run time + def runnow + if self.stopping + Puppet.notice "In shutdown progress; skipping run" + return + end + begin + self.run + self.lastrun = Time.now.to_i + rescue => detail + if Puppet[:trace] + puts detail.backtrace + end + Puppet.err "Could not run %s: %s" % [self.class, detail] + end + end + + def run + raise Puppet::DevError, "Client type %s did not override run" % + self.class + end + + def scheduled? + if sched = self.schedule + return sched.match?(self.lastrun) + else + return true + end + end + + def setcerts + @driver.cert = @cert + @driver.key = @key + @driver.ca_file = @cacertfile + end + + def shutdown + if self.stopping + Puppet.notice "Already in shutdown" + else + self.stopping = true + if self.respond_to? :running? and self.running? + Puppet::Util::Storage.store + end + rmpidfile() + end + end + + # Start listening for events. We're pretty much just listening for + # timer events here. + def start + setpidfile() + # Create our timer. Puppet will handle observing it and such. + timer = Puppet.newtimer( + :interval => Puppet[:runinterval], + :tolerance => 1, + :start? => true + ) do + if self.scheduled? + self.runnow + end + end + + # Run once before we start following the timer + self.runnow + end + + require 'puppet/network/client/proxy' + require 'puppet/network/client/ca' + require 'puppet/network/client/dipper' + require 'puppet/network/client/file' + require 'puppet/network/client/log' + require 'puppet/network/client/master' + require 'puppet/network/client/runner' + require 'puppet/network/client/status' + require 'puppet/network/client/reporter' + require 'puppet/network/client/resource' +end + +# $Id$ diff --git a/lib/puppet/network/client/ca.rb b/lib/puppet/network/client/ca.rb new file mode 100644 index 000000000..9a99c1145 --- /dev/null +++ b/lib/puppet/network/client/ca.rb @@ -0,0 +1,23 @@ +require 'puppet/network/client/proxy' + +class Puppet::Network::Client::CA < Puppet::Network::Client::ProxyClient + @drivername = :CA + + # set up the appropriate interface methods + @handler = Puppet::Network::Server::CA + self.mkmethods + + def initialize(hash = {}) + if hash.include?(:CA) + if hash[:CA].is_a? Hash + hash[:CA] = Puppet::Network::Server::CA.new(hash[:CA]) + else + hash[:CA] = Puppet::Network::Server::CA.new() + end + end + + super(hash) + end +end + +# $Id$ diff --git a/lib/puppet/network/client/dipper.rb b/lib/puppet/network/client/dipper.rb new file mode 100644 index 000000000..8eaffc1a0 --- /dev/null +++ b/lib/puppet/network/client/dipper.rb @@ -0,0 +1,76 @@ +# The client class for filebuckets. +class Puppet::Network::Client::Dipper < Puppet::Network::Client + @drivername = :Bucket + + @handler = Puppet::Network::Server::FileBucket + + attr_accessor :name + + # Create our bucket client + def initialize(hash = {}) + if hash.include?(:Path) + bucket = Puppet::Network::Server::FileBucket.new( + :Path => hash[:Path] + ) + hash.delete(:Path) + hash[:Bucket] = bucket + end + + super(hash) + end + + # Back up a file to our bucket + def backup(file) + unless FileTest.exists?(file) + raise(BucketError, "File %s does not exist" % file) + end + contents = File.read(file) + unless local? + contents = Base64.encode64(contents) + end + return @driver.addfile(contents,file) + end + + # Restore the file + def restore(file,sum) + restore = true + if FileTest.exists?(file) + cursum = Digest::MD5.hexdigest(File.read(file)) + + # if the checksum has changed... + # this might be extra effort + if cursum == sum + restore = false + end + end + + if restore + if newcontents = @driver.getfile(sum) + unless local? + newcontents = Base64.decode64(newcontents) + end + tmp = "" + newsum = Digest::MD5.hexdigest(newcontents) + changed = nil + unless FileTest.writable?(file) + changed = File.stat(file).mode + File.chmod(changed | 0200, file) + end + File.open(file,File::WRONLY|File::TRUNC) { |of| + of.print(newcontents) + } + if changed + File.chmod(changed, file) + end + else + Puppet.err "Could not find file with checksum %s" % sum + return nil + end + return newsum + else + return nil + end + end +end + +# $Id$ diff --git a/lib/puppet/client/file.rb b/lib/puppet/network/client/file.rb index 116624003..7596aec1f 100644 --- a/lib/puppet/client/file.rb +++ b/lib/puppet/network/client/file.rb @@ -1,14 +1,14 @@ -class Puppet::Client::FileClient < Puppet::Client::ProxyClient +class Puppet::Network::Client::FileClient < Puppet::Network::Client::ProxyClient @drivername = :FileServer # set up the appropriate interface methods - @handler = Puppet::Server::FileServer + @handler = Puppet::Network::Server::FileServer self.mkmethods def initialize(hash = {}) if hash.include?(:FileServer) - unless hash[:FileServer].is_a?(Puppet::Server::FileServer) + unless hash[:FileServer].is_a?(Puppet::Network::Server::FileServer) raise Puppet::DevError, "Must pass an actual FS object" end end diff --git a/lib/puppet/client/log.rb b/lib/puppet/network/client/log.rb index e20c0532c..eddb8e0ca 100644 --- a/lib/puppet/client/log.rb +++ b/lib/puppet/network/client/log.rb @@ -1,13 +1,13 @@ -class Puppet::Client::LogClient < Puppet::Client::ProxyClient +class Puppet::Network::Client::LogClient < Puppet::Network::Client::ProxyClient @drivername = :Logger # set up the appropriate interface methods - @handler = Puppet::Server::Logger + @handler = Puppet::Network::Server::Logger self.mkmethods def initialize(hash = {}) if hash.include?(:Logger) - hash[:Logger] = Puppet::Server::Logger.new() + hash[:Logger] = Puppet::Network::Server::Logger.new() end super(hash) diff --git a/lib/puppet/client/master.rb b/lib/puppet/network/client/master.rb index 046e0c5aa..9f07f48ef 100644 --- a/lib/puppet/client/master.rb +++ b/lib/puppet/network/client/master.rb @@ -2,12 +2,12 @@ require 'sync' require 'timeout' -class Puppet::Client::MasterClient < Puppet::Client +class Puppet::Network::Client::MasterClient < Puppet::Network::Client unless defined? @@sync @@sync = Sync.new end - @handler = Puppet::Server::Master + @handler = Puppet::Network::Server::Master Puppet.setdefaults("puppetd", :puppetdlockfile => [ "$statedir/puppetdlock", @@ -244,7 +244,7 @@ class Puppet::Client::MasterClient < Puppet::Client facts = self.class.facts unless facts.length > 0 - raise Puppet::ClientError.new( + raise Puppet::Network::ClientError.new( "Could not retrieve any facts" ) end @@ -551,7 +551,7 @@ class Puppet::Client::MasterClient < Puppet::Client def reportclient unless defined? @reportclient - @reportclient = Puppet::Client::Reporter.new( + @reportclient = Puppet::Network::Client::Reporter.new( :Server => Puppet[:reportserver] ) end diff --git a/lib/puppet/client/proxy.rb b/lib/puppet/network/client/proxy.rb index 6aff635f4..e1295a96f 100644 --- a/lib/puppet/client/proxy.rb +++ b/lib/puppet/network/client/proxy.rb @@ -1,7 +1,7 @@ # unlike the other client classes (again, this design sucks) this class # is basically just a proxy class -- it calls its methods on the driver # and that's about it -class Puppet::Client::ProxyClient < Puppet::Client +class Puppet::Network::Client::ProxyClient < Puppet::Network::Client def self.mkmethods interface = @handler.interface namespace = interface.prefix diff --git a/lib/puppet/client/reporter.rb b/lib/puppet/network/client/reporter.rb index a92842e7c..dd340da02 100644 --- a/lib/puppet/client/reporter.rb +++ b/lib/puppet/network/client/reporter.rb @@ -1,12 +1,12 @@ -class Puppet::Client::Reporter < Puppet::Client +class Puppet::Network::Client::Reporter < Puppet::Network::Client @drivername = :Report # set up the appropriate interface methods - @handler = Puppet::Server::Report + @handler = Puppet::Network::Server::Report def initialize(hash = {}) if hash.include?(:Report) - hash[:Report] = Puppet::Server::Report.new() + hash[:Report] = Puppet::Network::Server::Report.new() end super(hash) diff --git a/lib/puppet/client/resource.rb b/lib/puppet/network/client/resource.rb index 6081b2b66..71a19bf91 100644 --- a/lib/puppet/client/resource.rb +++ b/lib/puppet/network/client/resource.rb @@ -1,7 +1,7 @@ -class Puppet::Client::Resource < Puppet::Client +class Puppet::Network::Client::Resource < Puppet::Network::Client @drivername = :ResourceServer - @handler = Puppet::Server::Resource + @handler = Puppet::Network::Server::Resource def apply(bucket) @@ -43,7 +43,7 @@ class Puppet::Client::Resource < Puppet::Client def initialize(hash = {}) if hash.include?(:ResourceServer) - unless hash[:ResourceServer].is_a?(Puppet::Server::Resource) + unless hash[:ResourceServer].is_a?(Puppet::Network::Server::Resource) raise Puppet::DevError, "Must pass an actual PElement server object" end end diff --git a/lib/puppet/client/runner.rb b/lib/puppet/network/client/runner.rb index 9bedf2374..40d13ac86 100644 --- a/lib/puppet/client/runner.rb +++ b/lib/puppet/network/client/runner.rb @@ -1,13 +1,13 @@ -class Puppet::Client::Runner < Puppet::Client::ProxyClient +class Puppet::Network::Client::Runner < Puppet::Network::Client::ProxyClient @drivername = :Runner # set up the appropriate interface methods - @handler = Puppet::Server::Runner + @handler = Puppet::Network::Server::Runner self.mkmethods def initialize(hash = {}) if hash.include?(:Runner) - hash[:Runner] = Puppet::Server::Runner.new() + hash[:Runner] = Puppet::Network::Server::Runner.new() end super(hash) diff --git a/lib/puppet/network/client/status.rb b/lib/puppet/network/client/status.rb new file mode 100644 index 000000000..6c1a96e85 --- /dev/null +++ b/lib/puppet/network/client/status.rb @@ -0,0 +1,7 @@ +class Puppet::Network::Client::StatusClient < Puppet::Network::Client::ProxyClient + # set up the appropriate interface methods + @handler = Puppet::Network::Server::ServerStatus + self.mkmethods +end + +# $Id$ diff --git a/lib/puppet/networkclient.rb b/lib/puppet/network/networkclient.rb index f082665c0..62d8906e0 100644 --- a/lib/puppet/networkclient.rb +++ b/lib/puppet/network/networkclient.rb @@ -1,33 +1,19 @@ -require 'puppet' require 'puppet/sslcertificates' -require 'puppet/type' -require 'facter' require 'openssl' -require 'puppet/transaction' -require 'puppet/transportable' require 'puppet/daemon' -require 'puppet/server' +require 'puppet/network/server' require 'puppet/external/base64' -$noclientnetworking = false -begin - require 'webrick' - require 'cgi' - require 'xmlrpc/client' - require 'xmlrpc/server' - require 'yaml' -rescue LoadError => detail - $noclientnetworking = detail - raise Puppet::Error, "You must have the Ruby XMLRPC, CGI, and Webrick libraries installed" -end +require 'webrick' +require 'cgi' +require 'xmlrpc/client' +require 'xmlrpc/server' +require 'yaml' module Puppet - class NetworkClientError < Puppet::Error; end - class ClientError < Puppet::Error; end - #--------------------------------------------------------------- - if $noclientnetworking - Puppet.err "Could not load client network libs: %s" % $noclientnetworking - else + module Network + class ClientError < Puppet::Error; end + class NetworkClientError < Puppet::Error; end class NetworkClient < XMLRPC::Client attr_accessor :puppet_server, :puppet_port @clients = {} @@ -40,7 +26,7 @@ module Puppet # Create a netclient for each handler def self.mkclients # add the methods associated with each namespace - Puppet::Server::Handler.each { |handler| + Puppet::Network::Server::Handler.each { |handler| interface = handler.interface namespace = interface.prefix diff --git a/lib/puppet/server.rb b/lib/puppet/network/server.rb index aabc87b50..e9205d48b 100644 --- a/lib/puppet/server.rb +++ b/lib/puppet/network/server.rb @@ -4,26 +4,15 @@ require 'puppet' require 'puppet/daemon' - -$noservernetworking = false - -begin - require 'webrick' - require 'webrick/https' - require 'cgi' - require 'xmlrpc/server' - require 'xmlrpc/client' -rescue LoadError => detail - $noservernetworking = detail -end +require 'webrick' +require 'webrick/https' +require 'cgi' +require 'xmlrpc/server' +require 'xmlrpc/client' module Puppet class ServerError < RuntimeError; end - #--------------------------------------------------------------- - if $noservernetworking - Puppet.err "Could not create server: %s" % $noservernetworking - class Server; end - else + module Network class Server < WEBrick::HTTPServer include Puppet::Daemon @@ -39,7 +28,7 @@ module Puppet # there's no configuration file. def authconfig unless defined? @authconfig - @authconfig = Puppet::Server::AuthConfig.new() + @authconfig = Puppet::Network::AuthConfig.new() end @authconfig @@ -99,7 +88,7 @@ module Puppet # okay, i need to retrieve my cert and set it up, somehow # the default case will be that i'm also the ca - if ca = @handlers.find { |handler| handler.is_a?(Puppet::Server::CA) } + if ca = @handlers.find { |handler| handler.is_a?(Puppet::Network::Server::CA) } @driver = ca @secureinit = true self.fqdn @@ -137,7 +126,7 @@ module Puppet # have a global state # mount has to be called after the server is initialized - self.mount("/RPC2", Puppet::Server::Servlet, @handlers) + self.mount("/RPC2", Puppet::Network::Server::Servlet, @handlers) end # the base class for the different handlers @@ -198,24 +187,21 @@ module Puppet return 1 end end - end end - - #--------------------------------------------------------------- end -require 'puppet/server/authstore' -require 'puppet/server/authconfig' -require 'puppet/server/servlet' -require 'puppet/server/master' -require 'puppet/server/ca' -require 'puppet/server/fileserver' -require 'puppet/server/filebucket' -require 'puppet/server/resource' -require 'puppet/server/runner' -require 'puppet/server/logger' -require 'puppet/server/report' -require 'puppet/client' +require 'puppet/network/server/authstore' +require 'puppet/network/server/authconfig' +require 'puppet/network/server/servlet' +require 'puppet/network/server/master' +require 'puppet/network/server/ca' +require 'puppet/network/server/fileserver' +require 'puppet/network/server/filebucket' +require 'puppet/network/server/resource' +require 'puppet/network/server/runner' +require 'puppet/network/server/logger' +require 'puppet/network/server/report' +require 'puppet/network/client' # $Id$ diff --git a/lib/puppet/network/server/authconfig.rb b/lib/puppet/network/server/authconfig.rb new file mode 100644 index 000000000..e4d31d8d8 --- /dev/null +++ b/lib/puppet/network/server/authconfig.rb @@ -0,0 +1,173 @@ +require 'puppet/util/loadedfile' +require 'puppet/network/server/rights' + +module Puppet + class ConfigurationError < Puppet::Error; end + class Network::AuthConfig < Puppet::Util::LoadedFile + Puppet.config.setdefaults(:puppet, + :authconfig => [ "$confdir/namespaceauth.conf", + "The configuration file that defines the rights to the different + namespaces and methods. This can be used as a coarse-grained + authorization system for both ``puppetd`` and ``puppetmasterd``." + ] + ) + + # Just proxy the setting methods to our rights stuff + [:allow, :deny].each do |method| + define_method(method) do |*args| + @rights.send(method, *args) + end + end + + # Here we add a little bit of semantics. They can set auth on a whole namespace + # or on just a single method in the namespace. + def allowed?(name, host, ip) + namespace, method = name.to_s.split(".") + unless namespace and method + raise ArgumentError, "Invalid method name %s" % name + end + + name = name.intern if name.is_a? String + namespace = namespace.intern + method = method.intern + + read() + + if @rights.include?(name) + return @rights[name].allowed?(host, ip) + elsif @rights.include?(namespace) + return @rights[namespace].allowed?(host, ip) + else + return false + end + end + + # Does the file exist? Puppetmasterd does not require it, but + # puppetd does. + def exists? + FileTest.exists?(@file) + end + + def initialize(file = nil, parsenow = true) + @file ||= Puppet[:authconfig] + + unless @file + raise Puppet::DevError, "No authconfig file defined" + end + return unless self.exists? + super(@file) + @rights = Puppet::Network::Rights.new + @configstamp = @configstatted = nil + @configtimeout = 60 + + if parsenow + read() + end + end + + # Read the configuration file. + def read + return unless FileTest.exists?(@file) + + if @configstamp + if @configtimeout and @configstatted + if Time.now - @configstatted > @configtimeout + @configstatted = Time.now + tmp = File.stat(@file).ctime + + if tmp == @configstamp + return + else + Puppet.notice "%s vs %s" % [tmp, @configstamp] + end + else + return + end + else + Puppet.notice "%s and %s" % [@configtimeout, @configstatted] + end + end + + parse() + + @configstamp = File.stat(@file).ctime + @configstatted = Time.now + end + + private + + def parse + newrights = Puppet::Network::Rights.new + begin + File.open(@file) { |f| + right = nil + count = 1 + f.each { |line| + case line + when /^\s*#/: next # skip comments + when /^\s*$/: next # skip blank lines + when /\[([\w.]+)\]/: # "namespace" or "namespace.method" + name = $1 + if newrights.include?(name) + raise FileServerError, "%s is already set at %s" % + [newrights[name], name] + end + newrights.newright(name) + right = newrights[name] + when /^\s*(\w+)\s+(.+)$/: + var = $1 + value = $2 + case var + when "allow": + value.split(/\s*,\s*/).each { |val| + begin + right.info "allowing %s access" % val + right.allow(val) + rescue AuthStoreError => detail + raise ConfigurationError, "%s at line %s of %s" % + [detail.to_s, count, @config] + end + } + when "deny": + value.split(/\s*,\s*/).each { |val| + begin + right.info "denying %s access" % val + right.deny(val) + rescue AuthStoreError => detail + raise ConfigurationError, "%s at line %s of %s" % + [detail.to_s, count, @config] + end + } + else + raise ConfigurationError, + "Invalid argument '%s' at line %s" % [var, count] + end + else + raise ConfigurationError, "Invalid line %s: %s" % [count, line] + end + count += 1 + } + } + rescue Errno::EACCES => detail + Puppet.err "Configuration error: Cannot read %s; cannot serve" % @file + #raise Puppet::Error, "Cannot read %s" % @config + rescue Errno::ENOENT => detail + Puppet.err "Configuration error: '%s' does not exit; cannot serve" % + @file + #raise Puppet::Error, "%s does not exit" % @config + #rescue FileServerError => detail + # Puppet.err "FileServer error: %s" % detail + end + + # Verify each of the rights are valid. + # We let the check raise an error, so that it can raise an error + # pointing to the specific problem. + newrights.each { |name, right| + right.valid? + } + @rights = newrights + end + end +end + +# $Id$ diff --git a/lib/puppet/server/authstore.rb b/lib/puppet/network/server/authstore.rb index b0f63b68a..51ce93d46 100755 --- a/lib/puppet/server/authstore.rb +++ b/lib/puppet/network/server/authstore.rb @@ -4,11 +4,10 @@ require 'ipaddr' module Puppet -class Server class AuthStoreError < Puppet::Error; end class AuthorizationError < Puppet::Error; end - class AuthStore + class Network::AuthStore # This has to be an array, not a hash, else it loses its ordering. ORDER = [ [:ip, [:ip]], @@ -224,6 +223,5 @@ class Server end end end -end -# + # $Id$ diff --git a/lib/puppet/server/ca.rb b/lib/puppet/network/server/ca.rb index 10fafc940..8a61399ba 100644 --- a/lib/puppet/server/ca.rb +++ b/lib/puppet/network/server/ca.rb @@ -6,9 +6,7 @@ require 'xmlrpc/server' # Much of this was taken from QuickCert: # http://segment7.net/projects/ruby/QuickCert/ -module Puppet -class Server - class CAError < Puppet::Error; end +class Puppet::Network::Server class CA < Handler attr_reader :ca @@ -44,7 +42,7 @@ class Server end return false end - auth = Puppet::Server::AuthStore.new + auth = Puppet::Network::AuthStore.new File.open(autosign) { |f| f.each { |line| next if line =~ /^\s*#/ @@ -150,6 +148,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/server/filebucket.rb b/lib/puppet/network/server/filebucket.rb index 56d994366..77dbbde5e 100755 --- a/lib/puppet/server/filebucket.rb +++ b/lib/puppet/network/server/filebucket.rb @@ -9,8 +9,7 @@ require 'facter' require 'digest/md5' require 'puppet/external/base64' -module Puppet -class Server +class Puppet::Network::Server class BucketError < RuntimeError; end class FileBucket < Handler Puppet.config.setdefaults("puppetmasterd", @@ -164,6 +163,5 @@ class Server end end end -end -# + # $Id$ diff --git a/lib/puppet/server/fileserver.rb b/lib/puppet/network/server/fileserver.rb index 3ea44d785..904d497ca 100755 --- a/lib/puppet/server/fileserver.rb +++ b/lib/puppet/network/server/fileserver.rb @@ -3,9 +3,8 @@ require 'webrick/httpstatus' require 'cgi' require 'delegate' -module Puppet -class FileServerError < Puppet::Error; end -class Server +class Puppet::Network::Server + class FileServerError < Puppet::Error; end class FileServer < Handler attr_accessor :local @@ -27,7 +26,7 @@ class Server links = links.intern if links.is_a? String if links == :manage - raise Puppet::FileServerError, "Cannot currently copy links" + raise Puppet::Network::Server::FileServerError, "Cannot currently copy links" end mount, path = convert(url, client, clientip) @@ -200,7 +199,7 @@ class Server unless mount.allowed?(client, clientip) mount.warning "%s cannot access %s" % [client, file] - raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount + raise Puppet::AuthorizationError, "Cannot access %s" % mount end end @@ -399,7 +398,7 @@ class Server # A simple class for wrapping mount points. Instances of this class # don't know about the enclosing object; they're mainly just used for # authorization. - class Mount < AuthStore + class Mount < Puppet::Network::AuthStore attr_reader :name Puppet::Util.logmethods(self, true) @@ -586,6 +585,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/server/logger.rb b/lib/puppet/network/server/logger.rb index aa3521573..f6bf9ba88 100755 --- a/lib/puppet/server/logger.rb +++ b/lib/puppet/network/server/logger.rb @@ -1,7 +1,6 @@ require 'yaml' -module Puppet -class Server +class Puppet::Network::Server class LoggerError < RuntimeError; end # Receive logs from remote hosts. @@ -49,6 +48,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/server/master.rb b/lib/puppet/network/server/master.rb index cda6027d0..b7096cd6d 100644 --- a/lib/puppet/server/master.rb +++ b/lib/puppet/network/server/master.rb @@ -5,8 +5,7 @@ require 'puppet/sslcertificates' require 'xmlrpc/server' require 'yaml' -module Puppet -class Server +class Puppet::Network::Server class MasterError < Puppet::Error; end class Master < Handler include Puppet::Util @@ -209,6 +208,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/server/report.rb b/lib/puppet/network/server/report.rb index 4298f8ee6..cd0214e30 100755 --- a/lib/puppet/server/report.rb +++ b/lib/puppet/network/server/report.rb @@ -1,6 +1,5 @@ -module Puppet -class Server - # A simple server for triggering a new run on a Puppet client. +# A simple server for triggering a new run on a Puppet client. +class Puppet::Network::Server class Report < Handler class << self include Puppet::Util::ClassGen @@ -171,6 +170,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/network/server/resource.rb b/lib/puppet/network/server/resource.rb new file mode 100755 index 000000000..37e331a13 --- /dev/null +++ b/lib/puppet/network/server/resource.rb @@ -0,0 +1,190 @@ +require 'puppet' +require 'puppet/network/server' + +# Serve Puppet elements. Useful for querying, copying, and, um, other stuff. +class Puppet::Network::Server + class Resource < Handler + attr_accessor :local + + @interface = XMLRPC::Service::Interface.new("resource") { |iface| + iface.add_method("string apply(string, string)") + iface.add_method("string describe(string, string, array, array)") + iface.add_method("string list(string, array, string)") + } + + # Apply a TransBucket as a transaction. + def apply(bucket, format = "yaml", client = nil, clientip = nil) + unless @local + begin + case format + when "yaml": + bucket = YAML::load(Base64.decode64(bucket)) + else + raise Puppet::Error, "Unsupported format '%s'" % format + end + rescue => detail + raise Puppet::Error, "Could not load YAML TransBucket: %s" % detail + end + end + + component = bucket.to_type + + # Create a client, but specify the remote machine as the server + # because the class requires it, even though it's unused + client = Puppet::Network::Client::MasterClient.new(:Server => client||"localhost") + + # Set the objects + client.objects = component + + # And then apply the configuration. This way we're reusing all + # the code in there. It should probably just be separated out, though. + transaction = client.apply + + # And then clean up + component.remove + + # It'd be nice to return some kind of report, but... at this point + # we have no such facility. + return "success" + end + + # Describe a given object. This returns the 'is' values for every property + # available on the object type. + def describe(type, name, retrieve = nil, ignore = [], format = "yaml", client = nil, clientip = nil) + Puppet.info "Describing %s[%s]" % [type.to_s.capitalize, name] + @local = true unless client + typeklass = nil + unless typeklass = Puppet.type(type) + raise Puppet::Error, "Puppet type %s is unsupported" % type + end + + obj = nil + + retrieve ||= :all + ignore ||= [] + + if obj = typeklass[name] + obj[:check] = retrieve + else + begin + obj = typeklass.create(:name => name, :check => retrieve) + rescue Puppet::Error => detail + raise Puppet::Error, "%s[%s] could not be created: %s" % + [type, name, detail] + end + end + + unless obj + raise XMLRPC::FaultException.new( + 1, "Could not create %s[%s]" % [type, name] + ) + end + + trans = obj.to_trans + + # Now get rid of any attributes they specifically don't want + ignore.each do |st| + if trans.include? st + trans.delete(st) + end + end + + # And get rid of any attributes that are nil + trans.each do |attr, value| + if value.nil? + trans.delete(attr) + end + end + + unless @local + case format + when "yaml": + trans = Base64.encode64(YAML::dump(trans)) + else + raise XMLRPC::FaultException.new( + 1, "Unavailable config format %s" % format + ) + end + end + + return trans + end + + # Create a new fileserving module. + def initialize(hash = {}) + if hash[:Local] + @local = hash[:Local] + else + @local = false + end + end + + # List all of the elements of a given type. + def list(type, ignore = [], base = nil, format = "yaml", client = nil, clientip = nil) + @local = true unless client + typeklass = nil + unless typeklass = Puppet.type(type) + raise Puppet::Error, "Puppet type %s is unsupported" % type + end + + # They can pass in false + ignore ||= [] + ignore = [ignore] unless ignore.is_a? Array + bucket = Puppet::TransBucket.new + bucket.type = typeklass.name + + typeklass.list.each do |obj| + next if ignore.include? obj.name + + object = Puppet::TransObject.new(obj.name, typeklass.name) + bucket << object + end + + unless @local + case format + when "yaml": + begin + bucket = Base64.encode64(YAML::dump(bucket)) + rescue => detail + Puppet.err detail + raise XMLRPC::FaultException.new( + 1, detail.to_s + ) + end + else + raise XMLRPC::FaultException.new( + 1, "Unavailable config format %s" % format + ) + end + end + + return bucket + end + + private + + def authcheck(file, mount, client, clientip) + unless mount.allowed?(client, clientip) + mount.warning "%s cannot access %s" % + [client, file] + raise Puppet::AuthorizationError, "Cannot access %s" % mount + end + end + + # Deal with ignore parameters. + def handleignore(children, path, ignore) + ignore.each { |ignore| + Dir.glob(File.join(path,ignore), File::FNM_DOTMATCH) { |match| + children.delete(File.basename(match)) + } + } + return children + end + + def to_s + "resource" + end + end +end + +# $Id$ diff --git a/lib/puppet/network/server/rights.rb b/lib/puppet/network/server/rights.rb new file mode 100755 index 000000000..11da3b705 --- /dev/null +++ b/lib/puppet/network/server/rights.rb @@ -0,0 +1,74 @@ +require 'ipaddr' +require 'puppet/network/server/authstore' + +# Define a set of rights and who has access to them. +class Puppet::Network::Rights < Hash + # We basically just proxy directly to our rights. Each Right stores + # its own auth abilities. + [:allow, :allowed?, :deny].each do |method| + define_method(method) do |name, *args| + name = name.intern if name.is_a? String + + if obj = right(name) + obj.send(method, *args) + else + raise ArgumentError, "Unknown right '%s'" % name + end + end + end + + def [](name) + name = name.intern if name.is_a? String + super(name) + end + + # Define a new right to which access can be provided. + def newright(name) + name = name.intern if name.is_a? String + shortname = Right.shortname(name) + if self.include? name + raise ArgumentError, "Right '%s' is already defined" % name + else + self[name] = Right.new(name, shortname) + end + end + + private + + # Retrieve a right by name. + def right(name) + name = name.intern if name.is_a? String + self[name] + end + + # A right. + class Right < Puppet::Network::AuthStore + attr_accessor :name, :shortname + + Puppet::Util.logmethods(self, true) + + def self.shortname(name) + name.to_s[0..0] + end + + def initialize(name, shortname = nil) + @name = name + @shortname = shortname + unless @shortname + @shortname = Right.shortname(name) + end + super() + end + + def to_s + "access[%s]" % @name + end + + # There's no real check to do at this point + def valid? + true + end + end +end + +# $Id$ diff --git a/lib/puppet/server/runner.rb b/lib/puppet/network/server/runner.rb index 46fd7a7ae..c0ec8fb9d 100755 --- a/lib/puppet/server/runner.rb +++ b/lib/puppet/network/server/runner.rb @@ -1,7 +1,5 @@ -module Puppet -class Server - class MissingMasterError < RuntimeError # Cannot find the master client - end +class Puppet::Network::Server + class MissingMasterError < RuntimeError; end # Cannot find the master client # A simple server for triggering a new run on a Puppet client. class Runner < Handler @interface = XMLRPC::Service::Interface.new("puppetrunner") { |iface| @@ -12,7 +10,7 @@ class Server # tags and whether to ignore schedules def run(tags = nil, ignoreschedules = false, fg = true, client = nil, clientip = nil) # We need to retrieve the client - master = Puppet::Client::MasterClient.instance + master = Puppet::Network::Client::MasterClient.instance unless master raise MissingMasterError, "Could not find the master client" @@ -59,6 +57,5 @@ class Server end end end -end # $Id$ diff --git a/lib/puppet/server/servlet.rb b/lib/puppet/network/server/servlet.rb index 81219ef44..0a7253eff 100644 --- a/lib/puppet/server/servlet.rb +++ b/lib/puppet/network/server/servlet.rb @@ -1,7 +1,6 @@ require 'xmlrpc/server' -module Puppet -class Server +class Puppet::Network::Server class ServletError < RuntimeError; end class Servlet < XMLRPC::WEBrickServlet ERR_UNAUTHORIZED = 30 @@ -127,7 +126,7 @@ class Server obj.call(*args) rescue XMLRPC::FaultException raise - rescue Puppet::Server::AuthorizationError => detail + rescue Puppet::AuthorizationError => detail #Puppet.warning obj.inspect #Puppet.warning args.inspect Puppet.err "Permission denied: %s" % detail.to_s @@ -274,4 +273,5 @@ class Server end end end -end + +# $Id$ diff --git a/lib/puppet/reports/log.rb b/lib/puppet/reports/log.rb index 614a07c7a..c33bf0a67 100644 --- a/lib/puppet/reports/log.rb +++ b/lib/puppet/reports/log.rb @@ -1,6 +1,6 @@ require 'puppet' -Puppet::Server::Report.newreport(:log) do +Puppet::Network::Server::Report.newreport(:log) do desc "Send all received logs to the local log destinations." def process diff --git a/lib/puppet/reports/rrdgraph.rb b/lib/puppet/reports/rrdgraph.rb index ef353a1b9..0fbe6e5ca 100644 --- a/lib/puppet/reports/rrdgraph.rb +++ b/lib/puppet/reports/rrdgraph.rb @@ -1,6 +1,6 @@ require 'puppet' -Puppet::Server::Report.newreport(:rrdgraph) do +Puppet::Network::Server::Report.newreport(:rrdgraph) do desc "Graph all available data about hosts using the RRD library. You must have the RRD binary library installed to use this report, which you can get from [Tobias Oetiker's site](http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/contrib/). diff --git a/lib/puppet/reports/store.rb b/lib/puppet/reports/store.rb index 23bbc037e..ed4f08a9e 100644 --- a/lib/puppet/reports/store.rb +++ b/lib/puppet/reports/store.rb @@ -1,6 +1,6 @@ require 'puppet' -Puppet::Server::Report.newreport(:store, :useyaml => true) do +Puppet::Network::Server::Report.newreport(:store, :useyaml => true) do Puppet.config.use(:reporting) desc "Store the yaml report on disk. Each host sends its report as a YAML dump diff --git a/lib/puppet/reports/tagmail.rb b/lib/puppet/reports/tagmail.rb index fef01bb39..238de4538 100644 --- a/lib/puppet/reports/tagmail.rb +++ b/lib/puppet/reports/tagmail.rb @@ -14,7 +14,7 @@ Puppet.config.setdefaults(:reporting, require 'net/smtp' -Puppet::Server::Report.newreport(:tagmail) do +Puppet::Network::Server::Report.newreport(:tagmail) do desc "This report sends specific log messages to specific email addresses based on the tags in the log messages. See the [tag documentation](/trac/puppet/wiki/UsingTags) for more information diff --git a/lib/puppet/server/authconfig.rb b/lib/puppet/server/authconfig.rb deleted file mode 100644 index d43371a77..000000000 --- a/lib/puppet/server/authconfig.rb +++ /dev/null @@ -1,177 +0,0 @@ -require 'puppet/util/loadedfile' -require 'puppet/server/rights' - -module Puppet -class Server - -class ConfigurationError < Puppet::Error; end - -class AuthConfig < Puppet::Util::LoadedFile - Puppet.config.setdefaults(:puppet, - :authconfig => [ "$confdir/namespaceauth.conf", - "The configuration file that defines the rights to the different - namespaces and methods. This can be used as a coarse-grained - authorization system for both ``puppetd`` and ``puppetmasterd``." - ] - ) - - # Just proxy the setting methods to our rights stuff - [:allow, :deny].each do |method| - define_method(method) do |*args| - @rights.send(method, *args) - end - end - - # Here we add a little bit of semantics. They can set auth on a whole namespace - # or on just a single method in the namespace. - def allowed?(name, host, ip) - namespace, method = name.to_s.split(".") - unless namespace and method - raise ArgumentError, "Invalid method name %s" % name - end - - name = name.intern if name.is_a? String - namespace = namespace.intern - method = method.intern - - read() - - if @rights.include?(name) - return @rights[name].allowed?(host, ip) - elsif @rights.include?(namespace) - return @rights[namespace].allowed?(host, ip) - else - return false - end - end - - # Does the file exist? Puppetmasterd does not require it, but - # puppetd does. - def exists? - FileTest.exists?(@file) - end - - def initialize(file = nil, parsenow = true) - @file ||= Puppet[:authconfig] - - unless @file - raise Puppet::DevError, "No authconfig file defined" - end - return unless self.exists? - super(@file) - @rights = Rights.new - @configstamp = @configstatted = nil - @configtimeout = 60 - - if parsenow - read() - end - end - - # Read the configuration file. - def read - return unless FileTest.exists?(@file) - - if @configstamp - if @configtimeout and @configstatted - if Time.now - @configstatted > @configtimeout - @configstatted = Time.now - tmp = File.stat(@file).ctime - - if tmp == @configstamp - return - else - Puppet.notice "%s vs %s" % [tmp, @configstamp] - end - else - return - end - else - Puppet.notice "%s and %s" % [@configtimeout, @configstatted] - end - end - - parse() - - @configstamp = File.stat(@file).ctime - @configstatted = Time.now - end - - private - - def parse - newrights = Puppet::Server::Rights.new - begin - File.open(@file) { |f| - right = nil - count = 1 - f.each { |line| - case line - when /^\s*#/: next # skip comments - when /^\s*$/: next # skip blank lines - when /\[([\w.]+)\]/: # "namespace" or "namespace.method" - name = $1 - if newrights.include?(name) - raise FileServerError, "%s is already set at %s" % - [newrights[name], name] - end - newrights.newright(name) - right = newrights[name] - when /^\s*(\w+)\s+(.+)$/: - var = $1 - value = $2 - case var - when "allow": - value.split(/\s*,\s*/).each { |val| - begin - right.info "allowing %s access" % val - right.allow(val) - rescue AuthStoreError => detail - raise ConfigurationError, "%s at line %s of %s" % - [detail.to_s, count, @config] - end - } - when "deny": - value.split(/\s*,\s*/).each { |val| - begin - right.info "denying %s access" % val - right.deny(val) - rescue AuthStoreError => detail - raise ConfigurationError, "%s at line %s of %s" % - [detail.to_s, count, @config] - end - } - else - raise ConfigurationError, - "Invalid argument '%s' at line %s" % [var, count] - end - else - raise ConfigurationError, "Invalid line %s: %s" % [count, line] - end - count += 1 - } - } - rescue Errno::EACCES => detail - Puppet.err "Configuration error: Cannot read %s; cannot serve" % @file - #raise Puppet::Error, "Cannot read %s" % @config - rescue Errno::ENOENT => detail - Puppet.err "Configuration error: '%s' does not exit; cannot serve" % - @file - #raise Puppet::Error, "%s does not exit" % @config - #rescue FileServerError => detail - # Puppet.err "FileServer error: %s" % detail - end - - # Verify each of the rights are valid. - # We let the check raise an error, so that it can raise an error - # pointing to the specific problem. - newrights.each { |name, right| - right.valid? - } - @rights = newrights - end -end -end -end - -# $Id$ diff --git a/lib/puppet/server/resource.rb b/lib/puppet/server/resource.rb deleted file mode 100755 index d2bad52f3..000000000 --- a/lib/puppet/server/resource.rb +++ /dev/null @@ -1,191 +0,0 @@ -require 'puppet' -require 'puppet/server' - -module Puppet - -# Serve Puppet elements. Useful for querying, copying, and, um, other stuff. -class Server::Resource < Server::Handler - attr_accessor :local - - @interface = XMLRPC::Service::Interface.new("resource") { |iface| - iface.add_method("string apply(string, string)") - iface.add_method("string describe(string, string, array, array)") - iface.add_method("string list(string, array, string)") - } - - # Apply a TransBucket as a transaction. - def apply(bucket, format = "yaml", client = nil, clientip = nil) - unless @local - begin - case format - when "yaml": - bucket = YAML::load(Base64.decode64(bucket)) - else - raise Puppet::Error, "Unsupported format '%s'" % format - end - rescue => detail - raise Puppet::Error, "Could not load YAML TransBucket: %s" % detail - end - end - - component = bucket.to_type - - # Create a client, but specify the remote machine as the server - # because the class requires it, even though it's unused - client = Puppet::Client::MasterClient.new(:Server => client||"localhost") - - # Set the objects - client.objects = component - - # And then apply the configuration. This way we're reusing all - # the code in there. It should probably just be separated out, though. - transaction = client.apply - - # And then clean up - component.remove - - # It'd be nice to return some kind of report, but... at this point - # we have no such facility. - return "success" - end - - # Describe a given object. This returns the 'is' values for every property - # available on the object type. - def describe(type, name, retrieve = nil, ignore = [], format = "yaml", client = nil, clientip = nil) - Puppet.info "Describing %s[%s]" % [type.to_s.capitalize, name] - @local = true unless client - typeklass = nil - unless typeklass = Puppet.type(type) - raise Puppet::Error, "Puppet type %s is unsupported" % type - end - - obj = nil - - retrieve ||= :all - ignore ||= [] - - if obj = typeklass[name] - obj[:check] = retrieve - else - begin - obj = typeklass.create(:name => name, :check => retrieve) - rescue Puppet::Error => detail - raise Puppet::Error, "%s[%s] could not be created: %s" % - [type, name, detail] - end - end - - unless obj - raise XMLRPC::FaultException.new( - 1, "Could not create %s[%s]" % [type, name] - ) - end - - trans = obj.to_trans - - # Now get rid of any attributes they specifically don't want - ignore.each do |st| - if trans.include? st - trans.delete(st) - end - end - - # And get rid of any attributes that are nil - trans.each do |attr, value| - if value.nil? - trans.delete(attr) - end - end - - unless @local - case format - when "yaml": - trans = Base64.encode64(YAML::dump(trans)) - else - raise XMLRPC::FaultException.new( - 1, "Unavailable config format %s" % format - ) - end - end - - return trans - end - - # Create a new fileserving module. - def initialize(hash = {}) - if hash[:Local] - @local = hash[:Local] - else - @local = false - end - end - - # List all of the elements of a given type. - def list(type, ignore = [], base = nil, format = "yaml", client = nil, clientip = nil) - @local = true unless client - typeklass = nil - unless typeklass = Puppet.type(type) - raise Puppet::Error, "Puppet type %s is unsupported" % type - end - - # They can pass in false - ignore ||= [] - ignore = [ignore] unless ignore.is_a? Array - bucket = TransBucket.new - bucket.type = typeklass.name - - typeklass.list.each do |obj| - next if ignore.include? obj.name - - object = TransObject.new(obj.name, typeklass.name) - bucket << object - end - - unless @local - case format - when "yaml": - begin - bucket = Base64.encode64(YAML::dump(bucket)) - rescue => detail - Puppet.err detail - raise XMLRPC::FaultException.new( - 1, detail.to_s - ) - end - else - raise XMLRPC::FaultException.new( - 1, "Unavailable config format %s" % format - ) - end - end - - return bucket - end - - private - - def authcheck(file, mount, client, clientip) - unless mount.allowed?(client, clientip) - mount.warning "%s cannot access %s" % - [client, file] - raise Puppet::Server::AuthorizationError, "Cannot access %s" % mount - end - end - - # Deal with ignore parameters. - def handleignore(children, path, ignore) - ignore.each { |ignore| - Dir.glob(File.join(path,ignore), File::FNM_DOTMATCH) { |match| - children.delete(File.basename(match)) - } - } - return children - end - - def to_s - "resource" - end -end -end - -# $Id$ diff --git a/lib/puppet/server/rights.rb b/lib/puppet/server/rights.rb deleted file mode 100755 index 0ed12a122..000000000 --- a/lib/puppet/server/rights.rb +++ /dev/null @@ -1,78 +0,0 @@ -require 'ipaddr' -require 'puppet/server/authstore' - -module Puppet -class Server - # Define a set of rights and who has access to them. - class Rights < Hash - # We basically just proxy directly to our rights. Each Right stores - # its own auth abilities. - [:allow, :allowed?, :deny].each do |method| - define_method(method) do |name, *args| - name = name.intern if name.is_a? String - - if obj = right(name) - obj.send(method, *args) - else - raise ArgumentError, "Unknown right '%s'" % name - end - end - end - - def [](name) - name = name.intern if name.is_a? String - super(name) - end - - # Define a new right to which access can be provided. - def newright(name) - name = name.intern if name.is_a? String - shortname = Right.shortname(name) - if self.include? name - raise ArgumentError, "Right '%s' is already defined" % name - else - self[name] = Right.new(name, shortname) - end - end - - private - - # Retrieve a right by name. - def right(name) - name = name.intern if name.is_a? String - self[name] - end - - # A right. - class Right < AuthStore - attr_accessor :name, :shortname - - Puppet::Util.logmethods(self, true) - - def self.shortname(name) - name.to_s[0..0] - end - - def initialize(name, shortname = nil) - @name = name - @shortname = shortname - unless @shortname - @shortname = Right.shortname(name) - end - super() - end - - def to_s - "access[%s]" % @name - end - - # There's no real check to do at this point - def valid? - true - end - end - end -end -end -# -# $Id$ diff --git a/lib/puppet/type/pfile.rb b/lib/puppet/type/pfile.rb index 89e94d140..ad21c5c55 100644 --- a/lib/puppet/type/pfile.rb +++ b/lib/puppet/type/pfile.rb @@ -4,7 +4,7 @@ require 'etc' require 'uri' require 'fileutils' require 'puppet/type/property' -require 'puppet/server/fileserver' +require 'puppet/network/server/fileserver' module Puppet newtype(:file) do @@ -101,7 +101,7 @@ module Puppet @parent.bucket = value value end - when Puppet::Client::Dipper: value.name + when Puppet::Network::Client::Dipper: value.name else self.fail "Invalid backup type %s" % value.inspect @@ -300,7 +300,7 @@ module Puppet # This sets the @value on :backup, too self.bucket = obj elsif bucket == "puppet" - obj = Puppet::Client::Dipper.new( + obj = Puppet::Network::Client::Dipper.new( :Path => Puppet[:clientbucketdir] ) self.bucket = obj @@ -311,7 +311,7 @@ module Puppet else self.fail "Could not find filebucket %s" % bucket end - when Puppet::Client::Dipper: # things are hunky-dorey + when Puppet::Network::Client::Dipper: # things are hunky-dorey else self.fail "Invalid bucket type %s" % bucket.class end @@ -346,7 +346,7 @@ module Puppet else backup = self.bucket || self[:backup] case backup - when Puppet::Client::Dipper: + when Puppet::Network::Client::Dipper: notice "Recursively backing up to filebucket" require 'find' Find.find(self[:path]) do |f| @@ -385,7 +385,7 @@ module Puppet when "file": backup = self.bucket || self[:backup] case backup - when Puppet::Client::Dipper: + when Puppet::Network::Client::Dipper: sum = backup.backup(file) self.info "Filebucketed to %s with sum %s" % [backup.name, sum] @@ -957,7 +957,7 @@ module Puppet case uri.scheme when "file": unless defined? @@localfileserver - @@localfileserver = Puppet::Server::FileServer.new( + @@localfileserver = Puppet::Network::Server::FileServer.new( :Local => true, :Mount => { "/" => "localhost" }, :Config => false @@ -972,9 +972,9 @@ module Puppet args[:Port] = uri.port end # FIXME We should cache a copy of this server - #sourceobj.server = Puppet::NetworkClient.new(args) + #sourceobj.server = Puppet::Network::NetworkClient.new(args) unless @clients.include?(source) - @clients[source] = Puppet::Client::FileClient.new(args) + @clients[source] = Puppet::Network::Client::FileClient.new(args) end sourceobj.server = @clients[source] diff --git a/lib/puppet/type/pfile/source.rb b/lib/puppet/type/pfile/source.rb index d06366a79..8416107a2 100755 --- a/lib/puppet/type/pfile/source.rb +++ b/lib/puppet/type/pfile/source.rb @@ -1,4 +1,4 @@ -require 'puppet/server/fileserver' +require 'puppet/network/server/fileserver' module Puppet # Copy files from a local or remote source. This state *only* does any work @@ -7,7 +7,7 @@ module Puppet # this state, during retrieval, modifies the appropriate other states # so that things get taken care of appropriately. Puppet.type(:file).newproperty(:source) do - PINPARAMS = Puppet::Server::FileServer::CHECKPARAMS + PINPARAMS = Puppet::Network::Server::FileServer::CHECKPARAMS attr_accessor :source, :local desc "Copy a file over the current file. Uses ``checksum`` to @@ -86,7 +86,7 @@ module Puppet begin desc = server.describe(path, @parent[:links]) - rescue NetworkClientError => detail + rescue Puppet::Network::NetworkClientError => detail self.err "Could not describe %s: %s" % [path, detail] return nil @@ -231,7 +231,7 @@ module Puppet begin contents = sourceobj.server.retrieve(path, @parent[:links]) - rescue NetworkClientError => detail + rescue Puppet::Network::NetworkClientError => detail self.err "Could not retrieve %s: %s" % [path, detail] return nil diff --git a/lib/puppet/type/pfilebucket.rb b/lib/puppet/type/pfilebucket.rb index 6f9da3112..5ec7e790f 100755 --- a/lib/puppet/type/pfilebucket.rb +++ b/lib/puppet/type/pfilebucket.rb @@ -1,4 +1,4 @@ -require 'puppet/server/filebucket' +require 'puppet/network/server/filebucket' module Puppet newtype(:filebucket) do @@ -86,7 +86,7 @@ module Puppet def mkbucket if self[:server] begin - @bucket = Puppet::Client::Dipper.new( + @bucket = Puppet::Network::Client::Dipper.new( :Server => self[:server], :Port => self[:port] ) @@ -97,7 +97,7 @@ module Puppet end else begin - @bucket = Puppet::Client::Dipper.new( + @bucket = Puppet::Network::Client::Dipper.new( :Path => self[:path] ) rescue => detail diff --git a/lib/puppet/type/tidy.rb b/lib/puppet/type/tidy.rb index bc622f682..2827c1be3 100755 --- a/lib/puppet/type/tidy.rb +++ b/lib/puppet/type/tidy.rb @@ -270,7 +270,7 @@ module Puppet end # only allow backing up into filebuckets - unless self[:backup].is_a? Puppet::Client::Dipper + unless self[:backup].is_a? Puppet::Network::Client::Dipper self[:backup] = false end end diff --git a/lib/puppet/util/log.rb b/lib/puppet/util/log.rb index dd7544dae..5ee60b959 100644 --- a/lib/puppet/util/log.rb +++ b/lib/puppet/util/log.rb @@ -306,7 +306,7 @@ class Puppet::Util::Log @name = host - @driver = Puppet::Client::LogClient.new(args) + @driver = Puppet::Network::Client::LogClient.new(args) end def handle(msg) |