| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
move Util::CommandLine methods into instances instead of on the class,
as suggested by Markus
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds HTTP response decompression (both gzip and deflate streams).
This feature is disabled by default, and enabled with --http_compression.
This feature can be activated only if the local ruby version supports the
zlib ruby extension.
HTTP response decompression is active for all REST communications and file
sourcing.
To enable http compression on the server side, it is needed to use a
reverse proxy like Apache or Nginx with adhoc configuration:
Nginx:
gzip on;
gzip_types text/pson text/json text/marshall text/yaml application/x-raw text/plain;
Apache:
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
AddOutputFilterByType DEFLATE text/plain text/pson text/json text/marshall text/yaml application/x-raw
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Luke Kanies <luke@puppetlabs.com>
Conflicts:
lib/puppet/ssl/host.rb
|
| |
|
|
|
|
| |
Extract the logic to determine the subcommand name into a method.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
| |
Puppet's defaults change depending on which command invokes them.
This patch makes sure that we use the maintain the current behavior.
This is a temporary fix until I implement feature #2935.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
|
| | |
|
| |
|
|
| |
modules
|
| |
|
|
| |
/var/lib/puppet
|
| |
|
|
|
|
|
|
|
|
| |
This will rarely be used, but it enables even more architectural
flexibility, such as precompiling catalogs and storing them in memcached
or equivalent. With this setup, a single host can probably serve all
catalogs and you would then just have as many compiling hosts as
needed.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |
|
|
|
|
|
|
|
| |
This basically allows a sysadmin to control when a client
will compile a new catalog - with this option enabled,
the client will use the cached catalog as long as it has
one, only recompiling when run with the option disabled.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is a setting that was added years ago as a backward
compatibility option and even if it still works, which
is questionable, it has no purpose any longer.
It just complicated the code and didn't do much, so it's gone
now.
Also simplified the interface of Leaf#evaluate_match, since it
was now using none of the passed-in options.
Finally, removed/migrated the last of the Selector/CaseStatement
test/unit tests.
Signed-off-by: Luke Kanies <luke@puppetlabs.com>
|
| |
|
|
|
|
|
| |
These were also set to true and are holdovers
from YAGNI stuff from years ago.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
These replace the yaml and file dirs,
since in #1943 we're merging the file and yaml
Terminus classes.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The setting enable_post_connection_check doesn't exist on very many
versions of ruby, and on those systems there's no way to disable domain
name checking on HTTPS.
The recommended work-around is to replace certificates when they have
incorrect hostnames.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was built to be used with etckeeper to version control
files in /etc, but can be used for essentially anything.
This patch was built to be added to 0.25.4, so it's a least-modify
approach. A better approach would be to refactor application/puppet.rb
just a bit so it uses Configurer more.
This is a simple patch - it just defines 'prerun_command' and 'postrun_command'
settings, and runs the appropriate command around each transaction
if they're set.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disables the b64_zlib_yaml format if zlib cannot be loaded.
I've added a --no-zlib to make it possible to test this on a single
machine, but it might also be useful if someone finds themselves failing
to connect to a server that doesn't have zlib installed.
FactHandler' format is still hard-coded to YAML rather than using
facts.class.default_format
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since "preferred_serialization_format" was introduced, the older
"catalog_format" setting (yaml|marshal), when provided, has been
silently ignored and the default for "preferred_serialization_format"
used. This re-introduces "catalog_format," logs a deprecation notice,
and passes on any provided value to "preferred_serialization_format."
Signed-off-by: Bruce Williams <bruce@codefluency.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| | |
This sets the ActiveRecords connection pool size, when connecting to remote databases (mysql, postgres). default is 0; the 'pool' argument is only passed to ActiveRecords when the value is 1 or greater.
|
| |/
|
|
|
|
|
|
| |
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bundeling and renaming the pure ruby json library to addresses a
number of cross version serliaization bugs (#2615, et al).
This patch adds a subset of the files from the json_pure gem to
lib/puppet/external/pson (renamed to avoid conflicts with rails) so
that we will always have a known-good erialization format available.
The pure ruby json gem as distibuted defers to the compiled version
if it is installed. This is problematic in some circumstances so the
files that have been brought over have been modified to always and
only use the bundled version.
It's a large patch, so here's a breakdown of the change categories:
The majority of the lines are only marginally interesting:
* The json lib itself (in lib/puppet/external/pson) make up the bulk
of the lines.
* Renaming of json to pson make up the second largest group.
Somewhat more interesting are the following, which can be located by
searching the diffs for the indicated strings:
* Adjusting tests to reflect the changes
* Changing the encoding/decoding behavior so that nested structures
(e.g. resources) don't serialize as escaped strings. This should
make it much easier to process the results with external tools, if
needed. Search for "to_pson" and "to_pson_data_hash"
* Cleaning up the envelope/metadata
* Now provides a document_type (as opposed to a ruby class name) by
using a symple registration scheme instead of constant lookup
(search for "document_type")
* Added an api_version (search for "api_version")
* Added a hash for document metadata (search for "metadata")
* Removing the yaml monkeypatch and instead disabling yaml serialization
on ruby 1.8.1 in favor of pson (search for "yaml")
* Cleaning up the json/rails feature interaction (they're now totally
independent) (search for "feature")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This follows on to the previous commits which made Puppet
resilient to the service user being absent. This just
changes the default owner of all of the cert-related files
to now be the service user, which means that on the server
all of these files will be owned by that user and on
the client, at least when the service user does not exist,
they will be owned by root.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously allowed the owner and group to be set to
arbitrary values but we never actually used it -- we always
just set them to '$user' or '$group'. This commit changes
the model to allow 'root' or 'service', where 'service'
is converted to the actual service user/group.
This has the potential to have backward compatibility concerns,
because users could have changed the owner/group in puppet.conf,
but the chances of that are fantastically small.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This isn't really a refactor, just moving code around.
I did some simple method renaming, also.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
report_port setting. Add tests.
|
| |
|
|
|
|
|
|
| |
This allows you to specify a command used to determine
the catalog version. Also added an integration test
to verify the version cascades.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
This feature has been broken since who knows when,
yet no one's noticed. Thus, it's a good
candidate for removal.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thin storeconfigs is a limited version of storeconfigs that is
more performant and still allows the exported/collected resources
system wich is the primary use of storeconfigs.
It works by storing to the database only the exported resources, tags
and host facts.
Since usually those exported resources are less than the number
of total resources for a node, it is expected to be faster than
regular storeconfigs (especially for the first run).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Nigel Kersten <nigelk@google.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
This won't affect most people, but it's a good
default to have for those who can support it.
Signed-off-by: Luke Kanies <luke@madstop.com>
Minor changes to previous commit
|
| |
|
|
|
|
| |
This provides about a 75x speedup, so it's totally
worth it. The downside is that queueing requires json,
but only on the server side.
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
This is the last step to fixing #2189.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new configuration file (and configuration
setting to set it).
Each REST request is checked against this configuration file, and is
either allowed or denied.
The configuration file has the following format:
path /uripath
method <methods>
allow <ip> or <name>
deny <ip> or <name>
or
path ~ <regex>
method <methods>
allow <ip> or <name>
deny <ip> or <name>
where regex is a ruby regex.
This last syntax allows deny/allow interpolation from
the regex captures:
path ~ /files[^/]+/files/([^/]+)/([^/])/
method find
allow $2.$1
If you arrange your files/ directory to have files in
'domain.com/host/', then only the referenced host will
be able to access their files, other hosts will be denied.
For instance:
files/reductivelabs.com/dns/...
files/reductivelabs.com/www/...
then only files in dns can be accessible by dns.reductivelabs.com
and so on...
If the auth.conf file doesn't exist puppet uses sane defaults that allows
clients to check-in and ask for their configurations...
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
| |
This isn't that great, but at least it provides
basic tuning of the format.
Also removing the catalog_format default, since it's
no longer used.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
I missed some of the Catalog mentions, and its
constant changed.
I've also added tests so this will get caught
next time.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
