| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Because Windows allows a service to be both running and disabled, we now
support that capability. If a service is explicitly requested to be running and
disabled, we will set it to manual start if necessary, start it, and then
disable it. If the service is requested to be running and enabled, we will now
enable it before attempting to start it (previously, this would simply try to
start it and fail).
The exception to this rule is a service which is disabled, and for which we are
not managing the enable property. In that case, we assume that some other
authority has disabled the service, and respect that, failing to start. Thus,
if the user actually wants a service to be running and disabled, they must
explicitly declare that intent.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Because the enable property of the service type uses :true and :false as its
valid values, rather than true and false, we need to return :true and :false
from our enabled? method. Otherwise, the property was being synced every time
it was enabled or disabled, regardless of whether it was actually in sync or
not.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We want to use self.debug for logging in the provider, so that log messages are
properly associated with the resource, rather than generically coming from
Puppet.
Also fix the self.instances method to not use an unnecessary extra variable
when collecting.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \ \ \
| |/ / /
|/| / /
| |/ /
| | |
| | |
| | |
| | | |
* 2.7.x:
Deprecate RestAuthConfig#allowed? in favor of #check_authorization
Fix #6026 - security file should support inline comments
Fix #5010 - Allow leading whitespace in auth.conf
Fix #5777 - rule interpolation broke auth.conf CIDR rules
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
#allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).
Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization. Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
* 'master' of github.com:puppetlabs/puppet:
maint: Suggest where to start troubleshooting SSL error message
maint: Fix cert app to print help and exit if no subcommand
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.7.x:
maint: Suggest where to start troubleshooting SSL error message
maint: Fix cert app to print help and exit if no subcommand
|
| | | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
2.7.x
* ticket/2.7.x/maint-show_help_for_cert_without_subcommand:
maint: Fix cert app to print help and exit if no subcommand
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In 2.6.x this was the behavior, but the changes to the way options
parsing worked in 2.7.x to support faces changed the behavior of how
help was called.
This resulted in the follow unhelpful error message when you just called
`puppet cert`:
/Users/matthewrobinson/work/puppet/lib/puppet/ssl/certificate_authority/interface.rb:85:in `method='
Invalid method to apply
Reviewed-by: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Much like the infamous "hostname was not match" error message, there's
another SSL error that people run into that isn't clear how to
troubleshoot.
err: Could not send report: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed.
As far as I can tell this only ever happens when the clock is off on the
master or client. People seem to think it will happen other times, but
I haven't been able to reproduce it other ways - missing private key,
revoked cert, offline CA all have their own errors. I googled around
and the only thing I've seen for this error in relation to puppet is the
time sync problem.
So the error message text just has some additional info to suggest you
check your clocks.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The environment validates its modulepath and manifestdir settings, but
it uses Dir.getwd to convert a relative path into an absolute path. The
problem is that on Windows, Dir.getwd returns a path with backslashes.
(Interestingly this only happens when puppet is loaded, not in irb for
example.) And since we do not yet support backslashes in Windows paths
or UNC paths, the directory is not included in the environment.
For the time being, I am using File.expand_path to normalize the path.
It has the side-effect of converting backslashes to forward slashes.
This is sufficient to work around backslashes in Dir.getwd. In the near
future, I will be refactoring how paths are split, validated, tested,
etc, and I have a REMIND in place to fix the environment.
But as a result of this change it exposed a bug in our rdoc parser
dealing with the finding the root of a path. The parser assumed that the
root was '/', but caused an infinite loop when passed a Windows path.
I added a test for this case, which is only run on Windows, because on
Unix File.dirname("C:/") == '.'.
After all of that, I had to disable one of the rdoc spec tests, because
it attempted to reproduce a specific bug, which caused rdoc to try to
create a directory of the form: C:/.../files/C:/.... Of course, this
fails because ':' is not a valid filename character on Windows.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
lib/puppet/type/file/source.rb
spec/unit/resource/catalog_spec.rb
|
| | |\ \ \
| | |/ /
| |/| /
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The introduction of composite namevars caused the resource title used in
resource aliases to be set as an array, even when the resource only had one
namevar. This would fail to conflict with non-alias entries in the resource
table, which used a string for the title, even though the single element array
contained the same string.
Now, we flatten the key used in the resource table, so that single element
arrays are represented as strings, and will properly conflict with resource
titles.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* ticket/2.6.x/8418-inspect_respect_run_mode:
(#8418) Fix inspect app to have the correct run_mode
maint: Adding logging to include environment when source fails
maint: Add debug logging when the master receives a report
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Requiring puppet before the run_mode has been set by the application
causes the default run_mode of 'user' to be set instead of what the
application wants. This leads to the incorrect default settings to be
used, which lead to inspect not being able to properly retrieve file
metadata from a fileserver.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | | |
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It's always bothered me that when running puppet inspect (or any
application that produces a report really) the master gives no
indication that anything happened when it processes the report.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
By default, the SSL-related faces should all render a strings,
not with `Object#inspect`.
Reviewed-By: Daniel Pittman
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The additional quotation marks frustrate certain syntax highlighters,
and are completely unnecessary for their use.
Reviewed-By: Daniel Pittman
|
| | |\ \ \ \
| | |/ / /
| |/| | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Commit #7d35a479 changed the default value of the service type's hasstatus
attribute. This was never documented. This commit documents the changed
behavior, which will end up in the type references (and puppet describe) for
version 2.7.2 and greater. (I intend to manually change the cached references
for versions 2.7.[01].)
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The validation for the ca_location option on the certificate
application continued to hang around on the application long
after the face realized its potential to take responsibility
for itself. This change moves (and adds) validation code as
appropriate into the Face.
Reviewed-By: Matt Robinson
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now that we enforce that options must be declared, the model we exposed in the
Ruby API (but not the CLI facade) was that you could pass additional arguments
to the indirection method by passing them as unknown options doesn't work.
Instead, explicitly declare an option, `extra`, that accepts the final
argument to be passed direct to the indirection. This makes things work
smoothly, as well as making it possible (once you can input a hash on the
command line) to invoke extra arguments from the facade too...
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rather than printing directly, we should return the data from the Action and
allow the facade to route that to the user directly.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rewrite the process of validating and updating the options to fully reflect
the contract - we fail if there are unknown options passed, report nicely
errors of duplicate names, pass only the canonical names to the action code,
and generally enforce nicely.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rather than having multiple, separate operations that modify and validate the
arguments to an action, a single pass makes sense. This also means less walks
across the set of data, and a few less expensive method calls in Ruby.
Additionally, we work on a duplicate of the arguments hash rather than
directly modifying the original. Because everything we do is at the top level
key/value mapping, this is sufficient to isolate the original.
While mostly theoretical, we now don't mutilate the hash passed in, so the
user won't get nastily surprised by the fact that we could have done so.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When we define an action on an older version of a Face, we must be sure to
directly load the core of that version, not just define it with the external
Action(s) that it had.
Otherwise we break our contract, which is that any core Actions for a specific
version will be available to your external Action for as long as we support
that core version.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When we first touch a Face, we load all the available Actions from disk.
Given they define themselves against a specific version of a Face, they are
automatically available tied to the correct version; this makes it trivially
possible to locate those on demand and return them.
Now, we have the ability to find and, consequently, invoke Actions on older
versions of Faces. We don't load enough context, though: the older face will
only have external Actions defined, not anything core.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of moving to load actions first, and their associated face, when
invoked from the command line, it makes sense to push the logic for finding
the action and face down into the Puppet::Face implementation.
This means that we can change the logic there without needing to update the
public part of the CLI implementation, and that any further facades can use
the same, correct, logic to locate the action for the face.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* feature/master/8272-windows_service_support:
Add basic service provider for Windows
Regexp escape substituted commands in Windows wrapper script
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This provider allows us to query the system state through "puppet
resource", and manage the ensure, and enabled properties of services on
Windows.
This also adds support for a new enabled value of 'manual' on Windows
only. With this we support the three major start types for services on
Windows, with the following mapping of enabled to start type:
true => Automatic
false => Disabled
manual => Manual (Demand)
We use the win32-service gem to provide access to the Windows APIs for
our operations. This does add a new gem requirement for running Puppet
on Windows, but we were already requiring some gems from the same suite
that win32-service is a part of.
When referring to a service, the simple service name must be used,
instead of the display name. For example, "snmptrap", instead of
"SNMP Trap".
All system services are reported in 'puppet resource service',
including those started prior to run level 3 (system, device drivers,
etc.). These services should probably not be managed, without careful
thought and planning.
This currently does not support being able to move a service from
{enabled => false, ensure => stopped} to {enabled => true, ensure =>
running} (or enabled => manual) in a single Puppet run, since Puppet
currently always tries to sync ensure before any other property.
Because of this, the puppet run will fail every time, and the service
must first be managed as {ensure => stopped, enabled => true} (or
enabled => manual), before it can be managed as running and automatic
start or manual start.
Reviewed by: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
These methods aren't available until Ruby 1.8.6 (Dir.mktmpdir) and Ruby 1.8.7
(Object#tap).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This class was previously using a cached_attr for its 'localhost' attribute,
representing the Puppet::SSL::Host entry corresponding to the cert in
Puppet[:certname]. We now no longer expire this attribute. This has the effect
that a change to certname during the lifetime of an agent will not be reflected
in the certificate it uses. If this behavior is desired, it will need to be
reimplemented another way.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In the past, Puppet::Util::Autoload used a cached_attr for its 'searchpath'.
However, it no longer does that, so its references to Puppet::Util::Cacher are
unnecessary.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Previously, indirections were storing their termini in a cached_attr, so that
they could be easily cleared for tests. Because this provides no value outside
of testing, we instead simply create an attr_reader for termini, and expire
them manually in tests.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Types and parameters were registering their catalog as their expirer, so that
the catalog could expire them between uses. However, because catalogs are never
reused (and neither are types or parameters), there is no need to expire
anything. Thus, we remove the entire cleanup/expire logic from catalog, type,
and parameter.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
These values needn't be cached_attrs, because they can be managed manually.
'stat' does need to be cached, so that we avoid statting the file for each
property we want to check from disk. The 'content' attribute of 'source' also
needs to be cached, because it's retrieved from the server, which we certainly
don't want to do multiple times.
We need a mechanism for invalidating the 'stat' after we've written the file,
so we use a special value :needs_stat, which essentially represented
"undefined". We use this rather than nil so that we can store a failed stat
if it occurs.
Because the content and metadata of our source file will never change, there is
no need to be able to similarly expire the values of those attributes.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The path attribute was being unnecessarily cached. The value is a LoadedFile
instance, which already knows how to check whether it needs to be reloaded. The
act of reparsing was being triggered separately from the cacher mechanism.
The comment indicated this value was only being cached so it could be easily
cleared for tests, but it wasn't being cleared for tests. Thus, there is no
reason for this attribute to be cached, so remove it.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Allowing the singleton_instance value to be expirable is unnecessary, because
there will never be a need for a different CA instance in the lifetime of a
master. Additionally, the master never expired its cache anyway. This was only
using the cacher so it could be expired for tests, so it can safely be removed.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The use of Puppet::Util::Cacher in this module was removed previously, and this
stray, unnecessary require was left around.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Allowing this value to be expirable is superfluous; it is only used on the
master, which never expires its cache. Additionally, it was providing partial
support for an event we don't fully support already (hostname and domain
changing during the lifetime of a master).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This class was using Util::Cacher for its singleton instance, when that was
unnecessary. The FileServing::Configuration instance already manages whether or
not to reparse its config file, based on whether it has changed. Thus, there is
no need for it to be manually expired via the cacher.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | / / / /
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | | |
* 2.7.x:
(#7123) Make `find` the default action...
(#7123) Support runtime setting of 'default' on actions.
(#6787) Add `default_to` for options.
(#6857) Password disclosure when changing a user's password
|
| | |\ \ \ \ \
| | | |_|/ /
| | |/| | |
| | | | | |
| | | | | | |
* 2.6.x:
(#6857) Password disclosure when changing a user's password
|
