| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Raise a failure when Augeas changes cannot be saved (due to invalid layout of
the tree, permissions etc). Fixes a regression.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we only allowed Puppet Clients at a maximum distance of somewhere
between 7,494 and 14,988 kilometers from the master, depending on the variance
in local conditions.
While this gave us good data security against hostile clients connecting from
the dark side of the moon, real world testing shows the moon folks are likely
to just take over a local staging host and attack that way.
So, instead, allow clients sufficient time they should be comfortable able to
connect to a master from the moon. We still refuse clients further out, like
Mars, since it seems unlikely that Puppet management over that distance should
work.
We advise the manned Mars expedition to deploy a local Puppet Master to manage
infrastructure in their base, and to watch out for the martians.
|
| |
|
|
|
|
|
|
|
|
|
| |
vcsrepo is available in a module of its own, is missing tests, and
goes against the long-term goal of moving "extra" types out of core
puppet into modules (an example of this is the nagios types).
This reverts commit 25b967559dfa39eb094008c7a3952c4ee885530b, reversing
changes made to b87a1dea704ed981f2f0af728afac2c63e87b5a8.
Reviewed-by: Michael Stahnke <mike@puppetlabs.com>
|
| |\
| |
| |
| |
| | |
* ticket/2.7.x/8704-fileserverconf_parse_errors:
(#8704) Give better errors for invalid fileserver.conf
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you tried to just put an allow or deny line in the fileserver.conf
without a mount point, you got a really confusing error message:
lib/puppet/network/handler/fileserver.rb:285:in `readconfig': undefined method `info' for nil:NilClass (NoMethodError)
Now instead we give an error saying no mount point was specified.
Reviewed-by: Josh Cooper <josh@puppetlabs.com>
|
| |\ \
| | |
| | |
| | |
| | | |
* tickets/2.7.x/1886:
(Maint.) Disable cleaning of storeconfigs.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This feature (and the corresponding tests) were causing intermittent
failures which we were unable to trace. We will reintroduce this
behavior when we can do so without test fragility.
Reviewed-By: Matt Robinson
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we introduced verification of options, we forgot to handle the case that
global options from the Puppet settings system could be passed to the face.
This, in turn, means that the system would fail if you used any of those.
This remediates that, and now these work as expected.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | |
| |
| |
| |
| | |
This includes various style changes, and assorted fixes to testing.
Paired-With: Matt Robinson
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here is a changeset that adds a new action to the puppet node face.
This application removes all traces of a node on the puppetmaster
(including certs, cached facts and nodes, reports, and storedconfig
entries).
Furthermore it is capable of unexporting exported resources of a
host so that consumers of these resources can remove the exported
resources and we will safely remove the node from our
infrastructure.
Usage:
puppet node clean [--unexport] <host> [<host2> ...]
To achieve this we add different destroy methods to the different
parts of the indirector. So for example for yaml indirections we
already offer read access for the yaml, this changeset adds
the destroy handler which only removes the yaml file for
a request. This can be used to remove cached entries.
This work is based on the initial work of Brice Figureau
<brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).
Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization. Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
| |
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
| |
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\
| |
| |
| |
| |
| |
| | |
2.7.x
* ticket/2.7.x/maint-show_help_for_cert_without_subcommand:
maint: Fix cert app to print help and exit if no subcommand
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In 2.6.x this was the behavior, but the changes to the way options
parsing worked in 2.7.x to support faces changed the behavior of how
help was called.
This resulted in the follow unhelpful error message when you just called
`puppet cert`:
/Users/matthewrobinson/work/puppet/lib/puppet/ssl/certificate_authority/interface.rb:85:in `method='
Invalid method to apply
Reviewed-by: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Much like the infamous "hostname was not match" error message, there's
another SSL error that people run into that isn't clear how to
troubleshoot.
err: Could not send report: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed.
As far as I can tell this only ever happens when the clock is off on the
master or client. People seem to think it will happen other times, but
I haven't been able to reproduce it other ways - missing private key,
revoked cert, offline CA all have their own errors. I googled around
and the only thing I've seen for this error in relation to puppet is the
time sync problem.
So the error message text just has some additional info to suggest you
check your clocks.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The introduction of composite namevars caused the resource title used in
resource aliases to be set as an array, even when the resource only had one
namevar. This would fail to conflict with non-alias entries in the resource
table, which used a string for the title, even though the single element array
contained the same string.
Now, we flatten the key used in the resource table, so that single element
arrays are represented as strings, and will properly conflict with resource
titles.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
* ticket/2.6.x/8418-inspect_respect_run_mode:
(#8418) Fix inspect app to have the correct run_mode
maint: Adding logging to include environment when source fails
maint: Add debug logging when the master receives a report
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Requiring puppet before the run_mode has been set by the application
causes the default run_mode of 'user' to be set instead of what the
application wants. This leads to the incorrect default settings to be
used, which lead to inspect not being able to properly retrieve file
metadata from a fileserver.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | | |
| | |
| | |
| | | |
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's always bothered me that when running puppet inspect (or any
application that produces a report really) the master gives no
indication that anything happened when it processes the report.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
By default, the SSL-related faces should all render a strings,
not with `Object#inspect`.
Reviewed-By: Daniel Pittman
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The additional quotation marks frustrate certain syntax highlighters,
and are completely unnecessary for their use.
Reviewed-By: Daniel Pittman
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commit #7d35a479 changed the default value of the service type's hasstatus
attribute. This was never documented. This commit documents the changed
behavior, which will end up in the type references (and puppet describe) for
version 2.7.2 and greater. (I intend to manually change the cached references
for versions 2.7.[01].)
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* 2.7.x: (23 commits)
Clean up indentation, whitespace, and commented out code
Remove order dependency from functions integration spec
(#7956) Porting cron tests
(#7956) Port resource acceptance tests
(#8048) Gem install puppet no longer fails if rdoc enabled.
Updating for 2.7.1 release.
(#8048) Gem install puppet no longer fails if rdoc enabled.
Readying for release of 2.6.9
Updating CHANGELOG for 2.7.0
(#6854) Update Red Hat spec file
Bumping release in lib/puppet.rb and updating CHANGELOG.
Bumping RPM spec file to 2.6.9rc1.
(#7224) Reword 'hostname was not match' error message
(#7224) Add a helper to Puppet::SSL::Certificate to retrieve alternate names
(#7506) Organize READMEs; specify supported Ruby versions in README.md
(#7506) Specify supported Ruby versions in README.md
(#5641) Help text: document that puppet doc takes modulepath, manifestdir, and environment options
(#6418) Make test 64118 more portable
(#7127) Stop puppet if a prerun command fails
Do not needlessly create multiple reports when creating a transaction
...
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The mis-indented code, extra newlines, and commented out code were
noticed while investigating the order dependent test failure fixed in
4365c8ba.
Reviewed-by: Max Martin <max@puppetlabs.com>
|
| | |\ \ \ \ |
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* 2.7.x:
(#7624) Manually fetch all properties in instances.
(#7193) Fix path issues with acceptance tests that call old shell tests
(#7632) Make secret_agent application compatible with secret_agent face
(#7624) Auditing should not be enabled by default for purged resources.
maint: Confine augeas specs to require the augeas feature
(#2728) Add diff output for changes made by Augeas provider
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* 2.7.x: (40 commits)
(#7746) Fix bootstrap issues from #7717 fix.
(#7683) Use ronn, when available, to render the output.
(#7683) Add a 'man' face and subcommand to Puppet.
maint: remove obsolete work-around code from help face.
(#7699) Don't duplicate inherited action names on faces.
(#7177) Deprecate implicit 'puppet apply' for 2.7.0
(#7717) Layout cleanup for subcommand extraction.
#7211: Test unknown options don't shadow unknown actions.
#7211: nasty logic error with global Face options taking arguments.
#7211: more helpful error messages in various cases.
maint: Fix order dependent test failure
(#5966) Add support for hostname regular expressions in auth.conf
(#7708) Delete extended documentation from configuration reference
(#7707) Document signals in puppet agent and puppet master help
add puppet master polling step for ticket 7117
(#5318) Always notice changes to manifests when compiling.
(#5318) Always notice changes to manifests when compiling.
(#7557) Remove Faces Application
maint: Fix order dependent spec failure for face indirection
(#7690) Don't blow up when listing terminuses available for faces
...
Conflicts (resolved manually):
acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Ruby 1.9 doesn't allow the lambda to walk up the directory structure to
require the spec helper This is the same issue as with commit:
f6da3339f59bbd9243a03dc1e417b1fed7955c7e
Also, you can't call each on a string in Ruby 1.9 directly since it
doesn't implicitly do a split on \n like it did in older Rubies, but
each_line works all the way back to 1.8.5
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* 2.7.x:
(#7502) Fixed parser spec for ruby 1.8.5
(#7507) Add more 1.9 filters
(#6395) Add extpuppet help, eval, and interfaces
maint: move trap call to Signal so we can stub it for specs
Updated CHANGELOG for 2.7.0rc3
(#7259) Remove ActiveRecord requirement from indirector face spec
(#7259) Do not try to load all Terminus classes when configuring the Indirector
Adding a sleep state post starting master
|
| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Adds support for use Archlinux's pacman package manager in Puppet.
Originally written by Miah Johnson, with bug fixes from Thomas Hatch and
myself.
|
| | |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
* 2.7.next:
Revert "(#7220) Add the ability to "inherit" options."
(#7469) Add license to test face so tests pass
(#7264) Docs: Clarify that subscribe/notify imply require/before
(#7468) Stub spec that tries to connect to pypi.python.org
Prevent spec failure caused by network device mock leak
Fix #7299 - do not require net/ssh for running rake spec
|
| | |\ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | | |
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
This is a doc string only commit.
The metaparameter reference was not clear about subscribe and notify being
supersets of require and before, respectively. This commit also cleans up
some unrelated quoting, arrow-alignment, and language flow issues.
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* 2.7.next:
(#3420) Nagios "name" attribute does not output correctly
(#4487) When setting environment on a host, ensure it is a string.
add test for ticket 7101
(#7220) Add the ability to "inherit" options.
(#6487) Add some testing for OS X version support in DirectoryService provider
(#6487) Directoryservice provider will fail in future OS releases
(#6368) Make the File type autorequire its nearest ancestor directory
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
lib/puppet/parser/templatewrapper.rb#script_line was calling .first on a
String object, which in Ruby > 1.8.5 will return the entire string, but
in 1.8.5 will cause an exception. This change (proposed by Markus
Roberts) removes the call to .first and adds a condition for when the
template error involves the file not being found.
Reviewed-by: Jesse Wolfe
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
The validation for the ca_location option on the certificate
application continued to hang around on the application long
after the face realized its potential to take responsibility
for itself. This change moves (and adds) validation code as
appropriate into the Face.
Reviewed-By: Matt Robinson
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Now that we enforce that options must be declared, the model we exposed in the
Ruby API (but not the CLI facade) was that you could pass additional arguments
to the indirection method by passing them as unknown options doesn't work.
Instead, explicitly declare an option, `extra`, that accepts the final
argument to be passed direct to the indirection. This makes things work
smoothly, as well as making it possible (once you can input a hash on the
command line) to invoke extra arguments from the facade too...
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Rather than printing directly, we should return the data from the Action and
allow the facade to route that to the user directly.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Rewrite the process of validating and updating the options to fully reflect
the contract - we fail if there are unknown options passed, report nicely
errors of duplicate names, pass only the canonical names to the action code,
and generally enforce nicely.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Rather than having multiple, separate operations that modify and validate the
arguments to an action, a single pass makes sense. This also means less walks
across the set of data, and a few less expensive method calls in Ruby.
Additionally, we work on a duplicate of the arguments hash rather than
directly modifying the original. Because everything we do is at the top level
key/value mapping, this is sufficient to isolate the original.
While mostly theoretical, we now don't mutilate the hash passed in, so the
user won't get nastily surprised by the fact that we could have done so.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
