| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The setting enable_post_connection_check doesn't exist on very many
versions of ruby, and on those systems there's no way to disable domain
name checking on HTTPS.
The recommended work-around is to replace certificates when they have
incorrect hostnames.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was built to be used with etckeeper to version control
files in /etc, but can be used for essentially anything.
This patch was built to be added to 0.25.4, so it's a least-modify
approach. A better approach would be to refactor application/puppet.rb
just a bit so it uses Configurer more.
This is a simple patch - it just defines 'prerun_command' and 'postrun_command'
settings, and runs the appropriate command around each transaction
if they're set.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disables the b64_zlib_yaml format if zlib cannot be loaded.
I've added a --no-zlib to make it possible to test this on a single
machine, but it might also be useful if someone finds themselves failing
to connect to a server that doesn't have zlib installed.
FactHandler' format is still hard-coded to YAML rather than using
facts.class.default_format
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since "preferred_serialization_format" was introduced, the older
"catalog_format" setting (yaml|marshal), when provided, has been
silently ignored and the default for "preferred_serialization_format"
used. This re-introduces "catalog_format," logs a deprecation notice,
and passes on any provided value to "preferred_serialization_format."
Signed-off-by: Bruce Williams <bruce@codefluency.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| | |
This sets the ActiveRecords connection pool size, when connecting to remote databases (mysql, postgres). default is 0; the 'pool' argument is only passed to ActiveRecords when the value is 1 or greater.
|
| |/
|
|
|
|
|
|
| |
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bundeling and renaming the pure ruby json library to addresses a
number of cross version serliaization bugs (#2615, et al).
This patch adds a subset of the files from the json_pure gem to
lib/puppet/external/pson (renamed to avoid conflicts with rails) so
that we will always have a known-good erialization format available.
The pure ruby json gem as distibuted defers to the compiled version
if it is installed. This is problematic in some circumstances so the
files that have been brought over have been modified to always and
only use the bundled version.
It's a large patch, so here's a breakdown of the change categories:
The majority of the lines are only marginally interesting:
* The json lib itself (in lib/puppet/external/pson) make up the bulk
of the lines.
* Renaming of json to pson make up the second largest group.
Somewhat more interesting are the following, which can be located by
searching the diffs for the indicated strings:
* Adjusting tests to reflect the changes
* Changing the encoding/decoding behavior so that nested structures
(e.g. resources) don't serialize as escaped strings. This should
make it much easier to process the results with external tools, if
needed. Search for "to_pson" and "to_pson_data_hash"
* Cleaning up the envelope/metadata
* Now provides a document_type (as opposed to a ruby class name) by
using a symple registration scheme instead of constant lookup
(search for "document_type")
* Added an api_version (search for "api_version")
* Added a hash for document metadata (search for "metadata")
* Removing the yaml monkeypatch and instead disabling yaml serialization
on ruby 1.8.1 in favor of pson (search for "yaml")
* Cleaning up the json/rails feature interaction (they're now totally
independent) (search for "feature")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This follows on to the previous commits which made Puppet
resilient to the service user being absent. This just
changes the default owner of all of the cert-related files
to now be the service user, which means that on the server
all of these files will be owned by that user and on
the client, at least when the service user does not exist,
they will be owned by root.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously allowed the owner and group to be set to
arbitrary values but we never actually used it -- we always
just set them to '$user' or '$group'. This commit changes
the model to allow 'root' or 'service', where 'service'
is converted to the actual service user/group.
This has the potential to have backward compatibility concerns,
because users could have changed the owner/group in puppet.conf,
but the chances of that are fantastically small.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This isn't really a refactor, just moving code around.
I did some simple method renaming, also.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
report_port setting. Add tests.
|
| |
|
|
|
|
|
|
| |
This allows you to specify a command used to determine
the catalog version. Also added an integration test
to verify the version cascades.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
This feature has been broken since who knows when,
yet no one's noticed. Thus, it's a good
candidate for removal.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thin storeconfigs is a limited version of storeconfigs that is
more performant and still allows the exported/collected resources
system wich is the primary use of storeconfigs.
It works by storing to the database only the exported resources, tags
and host facts.
Since usually those exported resources are less than the number
of total resources for a node, it is expected to be faster than
regular storeconfigs (especially for the first run).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Nigel Kersten <nigelk@google.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
This won't affect most people, but it's a good
default to have for those who can support it.
Signed-off-by: Luke Kanies <luke@madstop.com>
Minor changes to previous commit
|
| |
|
|
|
|
| |
This provides about a 75x speedup, so it's totally
worth it. The downside is that queueing requires json,
but only on the server side.
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
This is the last step to fixing #2189.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new configuration file (and configuration
setting to set it).
Each REST request is checked against this configuration file, and is
either allowed or denied.
The configuration file has the following format:
path /uripath
method <methods>
allow <ip> or <name>
deny <ip> or <name>
or
path ~ <regex>
method <methods>
allow <ip> or <name>
deny <ip> or <name>
where regex is a ruby regex.
This last syntax allows deny/allow interpolation from
the regex captures:
path ~ /files[^/]+/files/([^/]+)/([^/])/
method find
allow $2.$1
If you arrange your files/ directory to have files in
'domain.com/host/', then only the referenced host will
be able to access their files, other hosts will be denied.
For instance:
files/reductivelabs.com/dns/...
files/reductivelabs.com/www/...
then only files in dns can be accessible by dns.reductivelabs.com
and so on...
If the auth.conf file doesn't exist puppet uses sane defaults that allows
clients to check-in and ask for their configurations...
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
| |
This isn't that great, but at least it provides
basic tuning of the format.
Also removing the catalog_format default, since it's
no longer used.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
I missed some of the Catalog mentions, and its
constant changed.
I've also added tests so this will get caught
next time.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
These are all of the defaults needed to configure queueing.
|
| |
|
|
|
|
|
| |
Removing class methods and such, and switching to
relying solely on a setting for the queue configuration.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mostly a configuration change, with some
code getting removed.
Also adding an extra require in Format;
Puppet::Provider requires Puppet::Provider::Confiner,
so the constant lookup is weird.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
With the new 'strict_hostname_checking' option enabled,
the compiler will only search for the literal certificate
name in its list of nodes.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bin/ralsh
lib/puppet/executables/client/certhandler.rb
lib/puppet/parser/functions/versioncmp.rb
lib/puppet/parser/resource/reference.rb
lib/puppet/provider/augeas/augeas.rb
lib/puppet/provider/nameservice/directoryservice.rb
lib/puppet/provider/ssh_authorized_key/parsed.rb
lib/puppet/type.rb
lib/puppet/type/file/checksum.rb
spec/integration/defaults.rb
spec/integration/transaction/report.rb
spec/unit/executables/client/certhandler.rb
spec/unit/indirector/ssl_rsa/file.rb
spec/unit/node/catalog.rb
spec/unit/provider/augeas/augeas.rb
spec/unit/rails.rb
spec/unit/type/ssh_authorized_key.rb
spec/unit/type/tidy.rb
test/executables/filebucket.rb
test/executables/puppetbin.rb
|
| | |
| |
| |
| |
| |
| |
| | |
This is a trivial fix but seems to crop up more often
than it should.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The main aspect of this solution is to create a site-wide
Puppet::SSL::Host instance to cache ssl key and certificate,
so that by the time we've switched UIDs, we've got the key and
cert in memory. Then webrick just uses that, rather than creating
a new Host instance.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was a complicated project because TransObject had made its
way into too many classes. The usage by Util::Settings
was particularly nefarious. Refactoring and fixing this
exposed some other issues.
The main complication, though, was the extent to which the
Puppet::Type class depended on TransObject.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bin/puppetca
lib/puppet/type/group.rb
lib/puppet/type/tidy.rb
lib/puppet/util/settings.rb
Also edited the following files so tests will pass:
lib/puppet/type/component.rb
spec/unit/ssl/certificate_request.rb
spec/unit/type/computer.rb
spec/unit/type/mcx.rb
spec/unit/type/resources.rb
spec/unit/util/settings.rb
spec/unit/util/storage.rb
test/ral/type/zone.rb
|
| | |
| |
| |
| |
| |
| |
| | |
It now automatically switches values depending on server type,
while still allowing overriding.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
since that method is deprecated.
Conflicts:
CHANGELOG
bin/puppetca
lib/puppet/file_serving/fileset.rb
lib/puppet/network/xmlrpc/client.rb
lib/puppet/type/file/selcontext.rb
spec/unit/file_serving/metadata.rb
spec/unit/type/file.rb
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/metatype/container.rb
lib/puppet/metatype/instances.rb
lib/puppet/metatype/metaparams.rb
lib/puppet/metatype/relationships.rb
lib/puppet/metatype/schedules.rb
|
| | |
| |
| |
| |
| |
| | |
templatedir as a path
Signed-off-by: Paul Nasrat <pnasrat@googlemail.com>
|
