| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Mattias Saou ran into a serious bug cause by 9dff71 (Use -p option to
killproc). The puppetmaster init script lacked a pidfile variable,
which ended up with /usr/sbin/puppetmasterd being removed.
Signed-off-by: Todd Zullinger <tmz@pobox.com>
|
| |
|
|
| |
preflight
|
| |
|
|
|
|
|
|
|
|
|
| |
If a puppetd run was started manually and 'service puppet stop' was run
the killproc function used would kill the manually started puppetd. On
Fedora and newer RHEL (>= 5) we now use the -p option to prevent this.
This fixes #2751 (Red Hat initscripts kill an independently started
puppetd/puppetmasterd)
Signed-off-by: Todd Zullinger <tmz@pobox.com>
|
| |
|
|
|
|
|
|
| |
Minor packaging fixes included since 0.25.0:
- Include the pi program and man page (R.I.Pienaar)
- Move puppetca to puppet package, it has uses on client systems
- Drop redundant %doc from manpage %file listings
|
| |
|
|
| |
Thanks to Allan Marcus for the fix.
|
| |
|
|
|
|
|
|
|
|
| |
The sysconfig file shipped on Red Hat systems includes a PUPPET_PORT
variable. When set, this should specify the port used by puppet to
connect to the puppetmaster. The init script was incorrectly passing
this argument via the --port option, which sets the port on which
puppetd listens.
Signed-off-by: Todd Zullinger <tmz@pobox.com>
|
| |
|
|
| |
Thanks to Todd Zullinger for the patch and the updates.
|
| |
|
|
| |
Signed-off-by: John A. Barbuto <jbarbuto@corp.sourceforge.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, the Red Hat init scripts used the $pidfile or $lockfile as a
test for whether to restart the daemons. This caused condrestart to
start the daemons even when they were not running, in cases where they
had died or been killed without cleaning up the $pidfile/$lockfile.
This was reported by Ingvar Hagelund in Red Hat bug #480600.
Signed-off-by: Todd Zullinger <tmz@pobox.com>
|
| |
|
|
|
|
|
|
| |
On RHEL < 5, the status function does not accept a -p option. Using it
causes 'service puppet status' to produce erroneous output. This was
also reported by Aaron Dummer in Red Hat bug #501577.
Signed-off-by: Todd Zullinger <tmz@pobox.com>
|
| | |
|
| | |
|
| |
|
|
| |
in bindir
|
| |
|
|
| |
tests.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The install.rb script is now used for installation. The spec file is
also updated for the 0.25.0beta1 release.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, unauthenticated REST requests where inconditionnaly
allowed, as long as they were to the certificate terminus.
This could be a security hole, so now the REST requests, authenticated
or unauthenticated are all submitted to the REST authorization
layer.
The default authorizations now contains directives to allow unauthenticated
requests to the various certificate terminus to allow new hosts.
The conf/auth.conf file has been modified to match such defaults.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
| |
With the help of the new auth.conf directive 'environment',
any ACL can now be restricted to a specific environment.
Omission of the directive means that the ACL will apply
to all the defined environment.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new configuration file (and configuration
setting to set it).
Each REST request is checked against this configuration file, and is
either allowed or denied.
The configuration file has the following format:
path /uripath
method <methods>
allow <ip> or <name>
deny <ip> or <name>
or
path ~ <regex>
method <methods>
allow <ip> or <name>
deny <ip> or <name>
where regex is a ruby regex.
This last syntax allows deny/allow interpolation from
the regex captures:
path ~ /files[^/]+/files/([^/]+)/([^/])/
method find
allow $2.$1
If you arrange your files/ directory to have files in
'domain.com/host/', then only the referenced host will
be able to access their files, other hosts will be denied.
For instance:
files/reductivelabs.com/dns/...
files/reductivelabs.com/www/...
then only files in dns can be accessible by dns.reductivelabs.com
and so on...
If the auth.conf file doesn't exist puppet uses sane defaults that allows
clients to check-in and ask for their configurations...
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
conf/redhat/puppet.spec
|
| | | |
|
| |/
|
|
|
|
| |
To build a new debian package use:
apt-get source puppet; cd puppet-<curver>; uupdate ../puppet-<newver>.tgz
|
| |
|
|
| |
puppetmaster as a mongrel cluster
|
| | |
|
| |
|
|
| |
cleaning out prior versions
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
files
|
