summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xbin/puppetca8
-rwxr-xr-xbin/puppetd2
-rwxr-xr-xbin/puppetmasterd2
-rwxr-xr-xlib/puppet/daemon.rb1
-rw-r--r--lib/puppet/metric.rb22
-rw-r--r--lib/puppet/parser/interpreter.rb7
-rw-r--r--lib/puppet/server.rb1
-rwxr-xr-xlib/puppet/server/authstore.rb1
-rw-r--r--lib/puppet/server/ca.rb54
-rw-r--r--lib/puppet/server/servlet.rb33
-rwxr-xr-xlib/puppet/sslcertificates.rb5
-rw-r--r--lib/puppet/statechange.rb4
-rw-r--r--lib/puppet/transportable.rb2
-rw-r--r--lib/puppet/type/package.rb30
-rwxr-xr-xlib/puppet/type/pfile/group.rb38
-rwxr-xr-xlib/puppet/type/pfile/source.rb2
-rw-r--r--lib/puppet/type/service.rb7
-rw-r--r--lib/puppet/type/state.rb16
-rwxr-xr-xtest/executables/tc_puppetca.rb4
-rwxr-xr-xtest/executables/tc_puppetd.rb5
-rw-r--r--test/other/tc_metrics.rb4
-rw-r--r--test/puppettest.rb10
-rw-r--r--test/server/tc_bucket.rb2
-rw-r--r--test/server/tc_ca.rb53
-rw-r--r--test/tagging/tc_tagging.rb3
25 files changed, 193 insertions, 123 deletions
diff --git a/bin/puppetca b/bin/puppetca
index af04f12a2..af1c94576 100755
--- a/bin/puppetca
+++ b/bin/puppetca
@@ -11,6 +11,7 @@
# puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
# [--cadir <ca directory>] [-g|--generate] [-l|--list]
# [-s|--sign] [--ssldir <cert directory>]
+# [-c|--confdir <configuration directory>]
#
# = Description
#
@@ -27,6 +28,10 @@
# cadir::
# Where to look for the ca directory. Defaults to /etc/puppet/ssl/ca.
#
+# confdir::
+# The configuration root directory, where +puppetmasterd+ defaults to looking
+# for all of its configuration files. Defaults to +/etc/puppet+.
+#
# debug::
# Enable full debugging.
#
@@ -80,6 +85,7 @@ end
result = GetoptLong.new(
[ "--all", "-a", GetoptLong::NO_ARGUMENT ],
[ "--cadir", GetoptLong::REQUIRED_ARGUMENT ],
+ [ "--confdir", "-c", GetoptLong::REQUIRED_ARGUMENT ],
[ "--debug", "-d", GetoptLong::NO_ARGUMENT ],
[ "--generate", "-g", GetoptLong::NO_ARGUMENT ],
[ "--help", "-h", GetoptLong::NO_ARGUMENT ],
@@ -100,6 +106,8 @@ begin
all = true
when "--cadir"
Puppet[:cadir] = arg
+ when "--confdir"
+ Puppet[:puppetconf] = arg
when "--debug"
Puppet[:loglevel] = :debug
when "--generate"
diff --git a/bin/puppetd b/bin/puppetd
index aba1ebe79..2d11f4d7e 100755
--- a/bin/puppetd
+++ b/bin/puppetd
@@ -11,7 +11,7 @@
# puppetd [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
# [--ssldir <cert directory>] [-l|--logdest <syslog|<file>|console>]
# [--fqdn <host name>] [-p|--port <port>] [-s|--server <server>]
-# [-w|--waitforcert <seconds>]
+# [-w|--waitforcert <seconds>] [-c|--confdir <configuration directory>]
#
# = Description
#
diff --git a/bin/puppetmasterd b/bin/puppetmasterd
index 33b3d1c8f..cd1800927 100755
--- a/bin/puppetmasterd
+++ b/bin/puppetmasterd
@@ -193,8 +193,6 @@ end
bg = false
-Puppet[:autosign] = true
-
unless Puppet[:loglevel] == :debug or Puppet[:loglevel] == :info
bg = true
end
diff --git a/lib/puppet/daemon.rb b/lib/puppet/daemon.rb
index 040292b36..509d6a69d 100755
--- a/lib/puppet/daemon.rb
+++ b/lib/puppet/daemon.rb
@@ -127,6 +127,7 @@ module Puppet
Puppet.err "Cannot request a certificate without a defined target"
return false
end
+
Puppet.info "Creating a new certificate request for %s" % @fqdn
name = OpenSSL::X509::Name.new([["CN", @fqdn]])
diff --git a/lib/puppet/metric.rb b/lib/puppet/metric.rb
index f2d754a57..3feb4484c 100644
--- a/lib/puppet/metric.rb
+++ b/lib/puppet/metric.rb
@@ -1,15 +1,12 @@
-#!/usr/local/bin/ruby -w
-
-# $Id$
-
# included so we can test object types
require 'puppet'
-module Puppet
+module Puppet # :nodoc:
+ # A class for handling metrics. This is currently ridiculously hackish.
class Metric
def Metric.init
- @@typemetrics = Hash.new { |typehash,type|
- typehash[type] = Hash.new(0)
+ @@typemetrics = Hash.new { |typehash,typename|
+ typehash[typename] = Hash.new(0)
}
@@eventmetrics = Hash.new(0)
@@ -27,9 +24,10 @@ module Puppet
# first gather stats about all of the types
Puppet::Type.eachtype { |type|
type.each { |instance|
- @@typemetrics[type][:total] += 1
+ hash = @@typemetrics[type]
+ hash[:total] += 1
if instance.managed?
- @@typemetrics[type][:managed] += 1
+ hash[:managed] += 1
end
}
}
@@ -46,7 +44,7 @@ module Puppet
@@typemetrics[type][:changed] += 1
@@typemetrics[type][:totalchanges] += count
else
- raise "Unknown metric %s" % metric
+ raise Puppet::DevError, "Unknown metric %s" % metric
end
end
@@ -58,12 +56,14 @@ module Puppet
}
end
+ # Iterate across all of the metrics
def Metric.each
@@metrics.each { |name,metric|
yield metric
}
end
+ # I'm nearly positive this method is used only for testing
def Metric.load(ary)
@@typemetrics = ary[0]
@@eventmetrics = ary[1]
@@ -246,3 +246,5 @@ module Puppet
end
end
end
+
+# $Id$
diff --git a/lib/puppet/parser/interpreter.rb b/lib/puppet/parser/interpreter.rb
index e076bc1ca..e6a0bdc2b 100644
--- a/lib/puppet/parser/interpreter.rb
+++ b/lib/puppet/parser/interpreter.rb
@@ -41,6 +41,13 @@ module Puppet
# Really, we should stick multiple names in here
# but for now just make a simple array
names = [client]
+
+ # if the client name is fully qualied (which is normally will be)
+ # add the short name
+ if client =~ /\./
+ names << client.sub(/\..+/,'')
+ end
+
begin
if @usenodes
unless client
diff --git a/lib/puppet/server.rb b/lib/puppet/server.rb
index 6737b2664..b7ed97799 100644
--- a/lib/puppet/server.rb
+++ b/lib/puppet/server.rb
@@ -98,6 +98,7 @@ module Puppet
class Server
# the base class for the different handlers
class Handler
+ attr_accessor :server
@subclasses = []
def self.each
diff --git a/lib/puppet/server/authstore.rb b/lib/puppet/server/authstore.rb
index 966bc8372..075f1f9a1 100755
--- a/lib/puppet/server/authstore.rb
+++ b/lib/puppet/server/authstore.rb
@@ -66,6 +66,7 @@ class Server
}
}
+ Puppet.info "Defaulting to false for %s" % name
# default to false
return false
end
diff --git a/lib/puppet/server/ca.rb b/lib/puppet/server/ca.rb
index 04096a216..df2614e7c 100644
--- a/lib/puppet/server/ca.rb
+++ b/lib/puppet/server/ca.rb
@@ -19,65 +19,42 @@ class Server
# FIXME autosign? should probably accept both hostnames and IP addresses
def autosign?(hostname)
# simple values are easy
- asign = Puppet[:autosign]
- if asign == true or asign == false
- return asign
+ if @autosign == true or @autosign == false
+ return @autosign
end
# we only otherwise know how to handle files
- unless asign =~ /^\//
+ unless @autosign =~ /^\//
raise Puppet::Error, "Invalid autosign value %s" %
- asign
+ @autosign
end
- unless FileTest.exists?(asign)
- Puppet.warning "Autosign is enabled but %s is missing" % asign
+ unless FileTest.exists?(@autosign)
+ Puppet.info "Autosign is enabled but %s is missing" % @autosign
return false
end
auth = Puppet::Server::AuthStore.new
- File.open(asign) { |f|
+ File.open(@autosign) { |f|
f.each { |line|
auth.allow(line.chomp)
-# if line =~ /^[.\w-]+$/ and line == hostname
-# Puppet.info "%s exactly matched %s" % [hostname, line]
-# return true
-# else
-# begin
-# rx = Regexp.new(line)
-# rescue => detail
-# Puppet.err(
-# "Could not create regexp out of autosign line %s: %s" %
-# [line, detail]
-# )
-# next
-# end
-#
-# if hostname =~ rx
-# Puppet.info "%s matched %s" % [hostname, line]
-# return true
-# end
-# end
}
}
# for now, just cheat and pass a fake IP address to allowed?
- return auth.allowed?(hostname, "127.0.0.1")
+ return auth.allowed?(hostname, "127.1.1.1")
end
def initialize(hash = {})
+ @autosign = hash[:autosign] || Puppet[:autosign]
@ca = Puppet::SSLCertificates::CA.new()
end
# our client sends us a csr, and we either store it for later signing,
# or we sign it right away
def getcert(csrtext, client = nil, clientip = nil)
- # okay, i need to retrieve the hostname from the csr, and then
- # verify that i get the same hostname through reverse lookup or
- # something
-
- Puppet.info "Someone's trying for a cert"
csr = OpenSSL::X509::Request.new(csrtext)
+ # Use the hostname from the CSR, not from the network.
subject = csr.subject
nameary = subject.to_a.find { |ary|
@@ -85,7 +62,9 @@ class Server
}
if nameary.nil?
- Puppet.err "Invalid certificate request"
+ Puppet.err(
+ "Invalid certificate request: could not retrieve server name"
+ )
return "invalid"
end
@@ -129,10 +108,13 @@ class Server
cert, cacert = ca.getclientcert(hostname)
if cert and cacert
Puppet.info "Retrieving existing certificate for %s" % hostname
- Puppet.info "Cert: %s; Cacert: %s" % [cert.class, cacert.class]
+ #Puppet.info "Cert: %s; Cacert: %s" % [cert.class, cacert.class]
return [cert.to_pem, cacert.to_pem]
elsif @ca
- if self.autosign?(hostname)
+ if self.autosign?(hostname) or client.nil?
+ if client.nil?
+ Puppet.info "Signing certificate for CA server"
+ end
# okay, we don't have a signed cert
# if we're a CA and autosign is turned on, then go ahead and sign
# the csr and return the results
diff --git a/lib/puppet/server/servlet.rb b/lib/puppet/server/servlet.rb
index ce962b4ea..703e984b0 100644
--- a/lib/puppet/server/servlet.rb
+++ b/lib/puppet/server/servlet.rb
@@ -66,13 +66,18 @@ class Server
@loadedhandlers = []
handlers.each { |handler|
- Puppet.debug "adding handler for %s" % handler.class
+ #Puppet.debug "adding handler for %s" % handler.class
self.add_handler(handler.class.interface, handler)
}
+ # Initialize these to nil, but they will get set to values
+ # by the 'service' method. These have to instance variables
+ # because I don't have a clear line from the service method to
+ # the service hook.
@request = nil
@client = nil
@clientip = nil
+
self.set_service_hook { |obj, *args|
#raise "crap!"
if @client and @clientip
@@ -81,6 +86,8 @@ class Server
end
begin
obj.call(*args)
+ rescue XMLRPC::FaultException
+ raise
rescue Puppet::Server::AuthorizationError => detail
#Puppet.warning obj.inspect
#Puppet.warning args.inspect
@@ -99,13 +106,17 @@ class Server
#Puppet.warning obj.inspect
#Puppet.warning args.inspect
Puppet.err "Could not call: %s" % detail.to_s
- raise error
+ raise XMLRPC::FaultException.new(1, detail.to_s)
end
}
end
+ # Handle the actual request. This does some basic collection of
+ # data, and then just calls the parent method.
def service(request, response)
@request = request
+
+ # The only way that @client can be nil is if the request is local.
if peer = request.peeraddr
@client = peer[2]
@clientip = peer[3]
@@ -120,17 +131,17 @@ class Server
# then we get the hostname from the cert, instead of via IP
# info
if cert = request.client_cert
- name = cert.subject
- #Puppet.info name.inspect
- if name.to_s =~ /CN=(\w+)/
- Puppet.info "Overriding %s with cert name %s" %
- [@client, $1]
- @client = $1
+ nameary = cert.subject.to_a.find { |ary|
+ ary[0] == "CN"
+ }
+
+ if nameary.nil?
+ Puppet.warning "Could not retrieve server name from cert"
else
- Puppet.warning "Could not match against %s(%s)" %
- [name, name.class]
+ Puppet.debug "Overriding %s with cert name %s" %
+ [@client, nameary[1]]
+ @client = nameary[1]
end
- #Puppet.info "client cert is %s" % request.client_cert
end
#if request.server_cert
# Puppet.info "server cert is %s" % @request.server_cert
diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb
index bc3382ab6..6dcd25656 100755
--- a/lib/puppet/sslcertificates.rb
+++ b/lib/puppet/sslcertificates.rb
@@ -207,7 +207,7 @@ module SSLCertificates
:serial => [:cadir, "serial"],
:privatedir => [:ssldir, "private"],
:passfile => [:privatedir, "password"],
- :autosign => [:ssldir, "autosign.conf"],
+ :autosign => [:puppetconf, "autosign.conf"],
:ca_crl_days => 365,
:ca_days => 1825,
:ca_md => "md5",
@@ -443,7 +443,8 @@ module SSLCertificates
certfile = host2certfile(host)
if File.exists?(certfile)
- Puppet.notice "Overwriting signed certificate for %s" % host
+ Puppet.notice "Overwriting signed certificate %s for %s" %
+ [certfile, host]
end
File.open(certfile, "w", 0660) { |f|
diff --git a/lib/puppet/statechange.rb b/lib/puppet/statechange.rb
index e1b59e019..902f2ee04 100644
--- a/lib/puppet/statechange.rb
+++ b/lib/puppet/statechange.rb
@@ -36,8 +36,8 @@ module Puppet
end
if @state.noop
- @state.parent.log "%s should be %s" %
- [@state, state.should_to_s]
+ @state.parent.log "%s is %s, should be %s" %
+ [@state, state.is_to_s, state.should_to_s]
#Puppet.debug "%s is noop" % @state
return nil
end
diff --git a/lib/puppet/transportable.rb b/lib/puppet/transportable.rb
index d86e775cd..23bfecee3 100644
--- a/lib/puppet/transportable.rb
+++ b/lib/puppet/transportable.rb
@@ -43,7 +43,7 @@ module Puppet
end
if defined? @tags and @tags
- Puppet.warning "%s(%s) tags: %s" % [@type, @name, @tags.join(" ")]
+ Puppet.debug "%s(%s) tags: %s" % [@type, @name, @tags.join(" ")]
end
return retobj
diff --git a/lib/puppet/type/package.rb b/lib/puppet/type/package.rb
index ab5b797c6..296e8af54 100644
--- a/lib/puppet/type/package.rb
+++ b/lib/puppet/type/package.rb
@@ -25,10 +25,8 @@ module Puppet
# Override the parent method, because we've got all kinds of
# funky definitions of 'in sync'.
def insync?
- Puppet.debug "is: %s" % @is
# Iterate across all of the should values, and see how they turn out.
@should.each { |should|
- Puppet.debug "should: %s" % should
case should
when :installed
unless @is == :notinstalled
@@ -39,7 +37,7 @@ module Puppet
if @is == latest
return true
else
- Puppet.warning "latest is %s" % latest
+ Puppet.debug "latest is %s" % latest
end
when :notinstalled
if @is == :notinstalled
@@ -65,6 +63,7 @@ module Puppet
case value
when "latest":
unless @parent.respond_to?(:latest)
+ Puppet.err @parent.inspect
raise Puppet::Error,
"Package type %s does not support querying versions" %
@parent[:type]
@@ -326,6 +325,9 @@ module Puppet
# be set in 'should', or through comparing against the system, in which
# case the hash's values should be set in 'is'
def initialize(hash)
+ type = hash["type"] || hash[:type] || self.class.default
+ self.type2module(type)
+
super
unless @states.include?(:install)
@@ -338,18 +340,6 @@ module Puppet
end
end
- # Set the package type parameter. Looks up the corresponding
- # module and then extends the 'install' state.
- def paramtype=(typename)
- if type = self.class.pkgtype(typename)
- Puppet.debug "Extending %s with %s" % [self.name, type]
- self.extend(type)
- @parameters[:type] = type
- else
- raise Puppet::Error, "Invalid package type %s" % typename
- end
- end
-
def retrieve
if hash = self.query
hash.each { |param, value|
@@ -367,6 +357,16 @@ module Puppet
}
end
end
+
+ # Extend the package with the appropriate package type.
+ def type2module(typename)
+ if type = self.class.pkgtype(typename)
+ Puppet.debug "Extending to package type %s" % [type]
+ self.extend(type)
+ else
+ raise Puppet::Error, "Invalid package type %s" % typename
+ end
+ end
end # Puppet::Type::Package
end
diff --git a/lib/puppet/type/pfile/group.rb b/lib/puppet/type/pfile/group.rb
index f38860259..3444d2ec3 100755
--- a/lib/puppet/type/pfile/group.rb
+++ b/lib/puppet/type/pfile/group.rb
@@ -54,15 +54,14 @@ module Puppet
"Could not retrieve gid for %s" % @parent.name)
end
- # now make sure the user is allowed to change to that group
- unless Process.uid == 0
- groups = %x{groups}.chomp.split(/\s/)
- unless groups.include?(gname)
- Puppet.notice "Cannot chgrp: not in group %s" % gname
- raise Puppet::Error.new(
- "Cannot chgrp: not in group %s" % gname)
- end
- end
+ #unless Process.uid == 0
+ # groups = %x{groups}.chomp.split(/\s/)
+ # unless groups.include?(gname)
+ # Puppet.notice "Cannot chgrp: not in group %s" % gname
+ # raise Puppet::Error.new(
+ # "Cannot chgrp: not in group %s" % gname)
+ # end
+ #end
if gid.nil?
raise Puppet::Error.new(
@@ -76,15 +75,18 @@ module Puppet
# we'll just let it fail, but we should probably set things up so
# that users get warned if they try to change to an unacceptable group.
def sync
- #unless Process.uid == 0
- # unless defined? @@notifiedgroup
- # Puppet.notice(
- # "Cannot manage group ownership unless running as root"
- # )
- # @@notifiedgroup = true
- # end
- # return nil
- #end
+ # now make sure the user is allowed to change to that group
+ # We don't do this in the should section, so it can still be used
+ # for noop.
+ unless Process.uid == 0
+ unless defined? @@notifiedgroup
+ Puppet.notice(
+ "Cannot manage group ownership unless running as root"
+ )
+ @@notifiedgroup = true
+ end
+ return nil
+ end
if @is == :notfound
@parent.stat(true)
diff --git a/lib/puppet/type/pfile/source.rb b/lib/puppet/type/pfile/source.rb
index ec4f7107b..db2055172 100755
--- a/lib/puppet/type/pfile/source.rb
+++ b/lib/puppet/type/pfile/source.rb
@@ -125,7 +125,7 @@ module Puppet
@parent.state(:create).retrieve
end
# we'll let the :create state do our work
- @should = nil
+ @should.clear
@is = true
# FIXME We should at least support symlinks, I would think...
else
diff --git a/lib/puppet/type/service.rb b/lib/puppet/type/service.rb
index df3609af3..49da3ce00 100644
--- a/lib/puppet/type/service.rb
+++ b/lib/puppet/type/service.rb
@@ -179,8 +179,6 @@ module Puppet
end
end
- Puppet.err @defsvctype
-
return @defsvctype
end
@@ -236,6 +234,11 @@ module Puppet
super
+ unless @parameters.include?(:pattern)
+ # default to using the service name as the pattern
+ self[:pattern] = self.name
+ end
+
# and then see if it needs to be checked
if self.respond_to?(:configchk)
self.configchk
diff --git a/lib/puppet/type/state.rb b/lib/puppet/type/state.rb
index 7f74f7344..34ffd63e7 100644
--- a/lib/puppet/type/state.rb
+++ b/lib/puppet/type/state.rb
@@ -56,6 +56,11 @@ class State < Puppet::Element
raise Puppet::DevError, "%s's should is not array" % self.class.name
end
+ # an empty array is analogous to no should values
+ if @should.empty?
+ return true
+ end
+
# Look for a matching value
@should.each { |val|
if @is == val
@@ -93,7 +98,16 @@ class State < Puppet::Element
# Only return the first value
def should
- return @should[0]
+ if defined? @should
+ unless @should.is_a?(Array)
+ Puppet.warning @should.inspect
+ raise Puppet::DevError, "should for %s on %s is not an array" %
+ [self.class.name, @parent.name]
+ end
+ return @should[0]
+ else
+ return nil
+ end
end
# Set the should value.
diff --git a/test/executables/tc_puppetca.rb b/test/executables/tc_puppetca.rb
index 61b83b178..2fed58557 100755
--- a/test/executables/tc_puppetca.rb
+++ b/test/executables/tc_puppetca.rb
@@ -49,7 +49,9 @@ class TestPuppetCA < Test::Unit::TestCase
cert = mkcert("host.test.com")
resp = nil
assert_nothing_raised {
- resp = ca.getcert(cert.csr.to_pem)
+ # We need to use a fake name so it doesn't think the cert is from
+ # itself.
+ resp = ca.getcert(cert.csr.to_pem, "fakename", "127.0.0.1")
}
assert_equal(["",""], resp)
#Puppet.warning "SSLDir is %s" % Puppet[:ssldir]
diff --git a/test/executables/tc_puppetd.rb b/test/executables/tc_puppetd.rb
index e7a55b480..72cf1f031 100755
--- a/test/executables/tc_puppetd.rb
+++ b/test/executables/tc_puppetd.rb
@@ -36,7 +36,7 @@ class TestPuppetDExe < Test::Unit::TestCase
cmd = "puppetd"
cmd += " --verbose"
- cmd += " --fqdn %s" % fqdn
+ #cmd += " --fqdn %s" % fqdn
cmd += " --port %s" % @@port
cmd += " --ssldir %s" % Puppet[:ssldir]
cmd += " --server localhost"
@@ -44,11 +44,10 @@ class TestPuppetDExe < Test::Unit::TestCase
# and verify our daemon runs
assert_nothing_raised {
output = %x{#{cmd}}.chomp
+ puts output
}
sleep 1
assert($? == 0, "Puppetd exited with code %s" % $?)
- #puts output
- #assert_equal("", output, "Puppetd produced output %s" % output)
assert(FileTest.exists?(@createdfile),
"Failed to create config'ed file")
diff --git a/test/other/tc_metrics.rb b/test/other/tc_metrics.rb
index 9db8683e9..dbae3cf54 100644
--- a/test/other/tc_metrics.rb
+++ b/test/other/tc_metrics.rb
@@ -9,8 +9,6 @@ require 'puppet'
require 'puppet/type'
require 'test/unit'
-# $Id$
-
$haverrd = true
begin
require 'RRD'
@@ -90,3 +88,5 @@ if $haverrd
else
$stderr.puts "Missing RRD library -- skipping metric tests"
end
+
+# $Id$
diff --git a/test/puppettest.rb b/test/puppettest.rb
index 2aba1f7c6..daa13e3d9 100644
--- a/test/puppettest.rb
+++ b/test/puppettest.rb
@@ -16,6 +16,11 @@ module TestPuppet
end
def setup
+ if defined? @@testcount
+ @@testcount += 1
+ else
+ @@testcount = 0
+ end
if $0 =~ /tc_.+\.rb/
Puppet[:loglevel] = :debug
$VERBOSE = 1
@@ -24,7 +29,10 @@ module TestPuppet
Puppet[:httplog] = "/dev/null"
end
- @configpath = File.join(tmpdir, self.class.to_s + "configdir")
+ @configpath = File.join(tmpdir,
+ self.class.to_s + "configdir" + @@testcount.to_s
+ )
+
Puppet[:puppetconf] = @configpath
Puppet[:puppetvar] = @configpath
diff --git a/test/server/tc_bucket.rb b/test/server/tc_bucket.rb
index 658b8fcce..5d45eedb2 100644
--- a/test/server/tc_bucket.rb
+++ b/test/server/tc_bucket.rb
@@ -204,7 +204,7 @@ class TestBucket < Test::Unit::TestCase
client = nil
port = Puppet[:masterport]
- pid = mkserver(:CA => nil, :FileBucket => { :Bucket => @bucket})
+ pid = mkserver(:CA => {}, :FileBucket => { :Bucket => @bucket})
assert_nothing_raised {
client = Puppet::Client::Dipper.new(
diff --git a/test/server/tc_ca.rb b/test/server/tc_ca.rb
index 39c476675..b48cb42c7 100644
--- a/test/server/tc_ca.rb
+++ b/test/server/tc_ca.rb
@@ -26,14 +26,14 @@ class TestCA < Test::Unit::TestCase
print "\n\n" if Puppet[:debug]
end
- # verify that we're autosigning
- def test_zautocertgeneration
- Puppet[:autosign] = true
+ # Verify that we're autosigning. We have to autosign a "different" machine,
+ # since we always autosign the CA server's certificate.
+ def test_autocertgeneration
ca = nil
# create our ca
assert_nothing_raised {
- ca = Puppet::Server::CA.new()
+ ca = Puppet::Server::CA.new(:autosign => true)
}
# create a cert with a fake name
@@ -74,7 +74,9 @@ class TestCA < Test::Unit::TestCase
# and pull it again, just to make sure we're getting the same thing
newtext = nil
assert_nothing_raised {
- newtext, cacerttext = ca.getcert(cert.csr.to_s)
+ newtext, cacerttext = ca.getcert(
+ cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
+ )
}
assert_equal(certtext,newtext)
@@ -82,15 +84,12 @@ class TestCA < Test::Unit::TestCase
# this time don't use autosign
def test_storeAndSign
- assert_nothing_raised {
- Puppet[:autosign] = false
- }
ca = nil
caserv = nil
# make our CA server
assert_nothing_raised {
- caserv = Puppet::Server::CA.new()
+ caserv = Puppet::Server::CA.new(:autosign => false)
}
# retrieve the actual ca object
@@ -116,7 +115,9 @@ class TestCA < Test::Unit::TestCase
# retrieve them
certtext = nil
assert_nothing_raised {
- certtext, cacerttext = caserv.getcert(cert.csr.to_s)
+ certtext, cacerttext = caserv.getcert(
+ cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
+ )
}
# verify we got nothing back, since autosign is off
@@ -151,7 +152,6 @@ class TestCA < Test::Unit::TestCase
# and now test the autosign file
def test_autosign
autosign = File.join(tmpdir, "autosigntesting")
- Puppet[:autosign] = autosign
@@tmpfiles << autosign
File.open(autosign, "w") { |f|
f.puts "hostmatch.domain.com"
@@ -160,7 +160,7 @@ class TestCA < Test::Unit::TestCase
caserv = nil
assert_nothing_raised {
- caserv = Puppet::Server::CA.new()
+ caserv = Puppet::Server::CA.new(:autosign => autosign)
}
# make sure we know what's going on
@@ -169,4 +169,33 @@ class TestCA < Test::Unit::TestCase
assert(!caserv.autosign?("kirby.reductivelabs.com"))
assert(!caserv.autosign?("culain.domain.com"))
end
+
+ # verify that things aren't autosigned by default
+ def test_nodefaultautosign
+ caserv = nil
+ assert_nothing_raised {
+ caserv = Puppet::Server::CA.new()
+ }
+
+ # make sure we know what's going on
+ assert(!caserv.autosign?("hostmatch.domain.com"))
+ assert(!caserv.autosign?("fakehost.other.com"))
+ assert(!caserv.autosign?("kirby.reductivelabs.com"))
+ assert(!caserv.autosign?("culain.domain.com"))
+ end
+
+ # We want the CA to autosign its own certificate, because otherwise
+ # the puppetmasterd CA does not autostart.
+ def test_caautosign
+ server = nil
+ assert_nothing_raised {
+ server = Puppet::Server.new(
+ :Port => @@port,
+ :Handlers => {
+ :CA => {}, # so that certs autogenerate
+ :Status => nil
+ }
+ )
+ }
+ end
end
diff --git a/test/tagging/tc_tagging.rb b/test/tagging/tc_tagging.rb
index a3bc9592b..260e0e53a 100644
--- a/test/tagging/tc_tagging.rb
+++ b/test/tagging/tc_tagging.rb
@@ -38,7 +38,8 @@ class TestTagging < Test::Unit::TestCase
}
assert_nothing_raised {
- assert_equal(%w{solaris apache}, scope.tags, "Incorrect scope tags")
+ # Scopes put their own tags first
+ assert_equal(%w{apache solaris}, scope.tags, "Incorrect scope tags")
}
end
generated by cgit (git 2.34.1) at 2025-10-04 02:25:33 +0000