| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This bring a new container syntax to the Puppet DSL: hashes.
Hashes are defined like Ruby Hash:
{ key1 => val1, ... }
Hash keys are strings, but hash values can be any possible right
values admitted in Puppet DSL (ie function call, variables access...)
Currently it is possible:
1) to assign hashes to variable
$myhash = { key1 => "myval", key2 => $b }
2) to access hash members (recursively) from a variable containing
a hash (works for array too):
$myhash = { key => { subkey => "b" }}
notice($myhash[key][subjey]]
3) to use hash member access as resource title
4) to use hash in default definition parameter or resource parameter if
the type supports it (known for the moment).
It is not possible to string interpolate an hash access. If it proves
to be an issue it can be added or work-arounded with a string concatenation
operator easily.
It is not possible to use an hash as a resource title. This might be
possible once we support compound resource title.
Unlike the proposed syntax in the ticket it is not possible to assign
individual hash member (mostly to respect write once nature of variable
in puppet).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
File checksum is "md5" by default. When managing local files (not sourced
or content) it might be desirable to not checksum files, especially
when managing deep hierarchies containing many files.
This patch allows to write such manifests:
file {
"/path/to/deep/hierarchy":
owner => brice, recurse => true, checksum => none
}
Then puppet(d) won't checksum those files, just manage their ownership.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
| |
Due to the fact that resource.set_parameter is overwriting the previous
set_parameters, we were losing the previous relationships we set there,
either in a previous call of require or in the same call.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| |
|
|
| |
exception logic
|
| |
|
|
| |
This actually fixes a bug in the patch, not a conflict per se, but it was small and this was the easiest way to fix it.
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds support for the native AIX package manager.
It allows installation from either the name of an lpp_source (if you
have a NIM environment configured, or from a directory containing .bff
files.
Signed-off-by: Andrew Forgue <andrew.forgue@gmail.com>
|
| |
|
|
|
|
|
| |
Some tests didn't define this setting which caused this method
to fail.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This refactor fixes about a quarter of the test failures on master and (I
hope) will simplify some of the integration issues on the testing branch.
It is my best guess at The Right Thing To Do (or at least a step in that
direction) but I could be persuaded otherwise.
The basic idea is to take responsibility for maintaining scope hierarchy and
class_name -> class_scope mapping out of the compiler class and put it in the
scope class where it arguably belongs. To maintain the semantics, class
scopes are all tracked by the "top level" scope, though this could be relaxed
if the nesting semantics were ever needed.
If this winds up being the right thing to do, related routines (e.g. newscope)
should be sorted out as well.
|
| |
|
|
|
|
|
|
|
| |
A naked rescue in Puppet::Node::Environment was hiding expectation
violations from the Mocha mocks.
Specifically, 'modulepath' expectations were failing, as Puppet::Module now calls
Puppet::Node::Environment#modulepath internally.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a limitation in Ruby 1.8.x that makes constants behave
differently than developers seem to expect:
Constants defined inside a do/end block do not get inserted into the
namespace of 'self', they instead go into the toplevel (Object)
namespace.
These providers exhibit bugs since they use constants with the same
name in the same namespace.
Other providers and other dynamically generated classes using constants
without an explicit namespace should be considered to have a code smell.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| | |
Thanks to Stig Sandbeck Mathisen for the fix
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513309
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Actually, File::PATH_SEPARATOR, which is generally, but not always, ":").
Since libdir is also the default for the plugin handler, users will need to
specify it explicitly if a multipart libdir is given (and it will need to be
one of the segments given in the libdir for the plugins to be found).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The setting enable_post_connection_check doesn't exist on very many
versions of ruby, and on those systems there's no way to disable domain
name checking on HTTPS.
The recommended work-around is to replace certificates when they have
incorrect hostnames.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Redhat services generated a slew of errors because they "duplicated" the same
services from the init provider on which the redhat provider is based (cf yum).
Declaring the source suppresses these erroneous errors.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
In some circumstances ruby's arbitrary limit on process groups is too
low (32). This patch raises the limit in the recommended manner, to
a value which should suffice in all practical cases (1024).
|
| | |
| |
| |
| |
| |
| |
| | |
In my patch for #3088 I made a erroneous assumption about the ruby exception
hierarchy and thus missed the fact that Timeout::error descends from both
SignalError and Interrupt. This is a partial reversion of the patch for #3088
to let these through so that more useful error messages can be produced.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changing rescues from the default to Exception (to catch errors that don't
descend from StandardError) had the unintended consequence of catching (and
suppressing) SystemExit.
This patch restores the behavior of by reraising the exception.
Of the other exceptions that fall through the same crack (NoMemoryError,
SignalException, LoadError, Interrupt, NotImplementedError, and ScriptError)
this patch also reraises NoMemoryError, SignalException, and Interrupt in the
same way and leaves the rest captured.
|
| | |
| |
| |
| | |
Fixed to deal with scopig issues.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
FileTest.exists? returns false if the target of a symlink is missing; in such
cases we still want to continue if the resource is a symlink, as we may be
managing a dangling symlink. Continuing in such case either gives the desired
behavior or a more specific/informative error message.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was built to be used with etckeeper to version control
files in /etc, but can be used for essentially anything.
This patch was built to be added to 0.25.4, so it's a least-modify
approach. A better approach would be to refactor application/puppet.rb
just a bit so it uses Configurer more.
This is a simple patch - it just defines 'prerun_command' and 'postrun_command'
settings, and runs the appropriate command around each transaction
if they're set.
Signed-off-by: Luke Kanies <luke@reductivelabs.com>
|
| | |
| |
| |
| |
| |
| |
| | |
In the alias --> host_aliases conversion, I overlooked parsed file
provider for sshkeys.
Now with tests.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
when changed"
This reverts commit c99f394bf8c10d13f3fa7d3ab7ab43ecf454c081.
The fix broke cron jobs in 0.25.3 and was reverted for the 0.25.4 release.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::Digest.hexdigest is not available on older ruby versions.
This patch accesses directly to the digest instead (which hopefully
support hexdigest).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| | |
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This refactors how reports, catalogs, configurers, and transactions
are all related - the Configurer class manages the report, both
creating and sending it, so the transaction is now just responsible
for adding data to it. I'm still a bit uncomfortable of the coupling
between transactions, the report, and configurer, but it's better than
it was.
This also fixes #2944 and #2973.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Selinux modules files also ends in ".pp".
Puppetdoc tries to parse them as if they are regular puppet files and
then fails.
This patch makes sure puppetdoc tells RDoc to exclude parsing .pp
files in the modules files section.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When the definition/hostclass/node AST types were removed, the
parentclass method was renamed to 'parent'.
This patch fixes the incorrect rdoc usage (and some deeper
integration test so that it won't happen again).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds two things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates
It is also possible to use --digest to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As the ticket says:
"the certificates would still be valid even if cleaned,
therefore, it makes more sense revoke them instead."
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This family of errors could appear because Puppet parses every line in
fstab into resources, even lines that are not specifically managed by
Puppet, and fstab files are much more permissive than Puppet in what
constitutes a valid mount.
This change makes several fields optional that were previously mandatory.
Also, it ignores lines in fstab that have fewer than the required number
of parameters.
Includes a more readable regex than the previous patch.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Merged the "freebsd_special" pattern into the other crontab records,
since its definition was incomplete
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'service' type was testing to see if init script directories exist
too early, causing failures if you expected to be able to create those
directories via puppet.
This patch moves that logic into the 'init' provider.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We create temporary files in /tmp/ with predictable names. These
could be used by an attacker to DoS a box by setting a symlink to
some other file (say, /etc/shadow) and waiting for us to overwrite
it.
The minimalistic solution employed by this patch is to wrap all such
file writing with a paranoid wrapper that:
1) Check to see if the target exists
2) Issues a warning if it was a symlink
3) Deletes it
4) Waits (0.1 seconds if it was a file, 5 seconds if it was a symlink)
5) Opens the file with EXCL, which will fail if the file has come back.
If this succeeds (as it normally will) it has exactly the same semantics
as the original code (a must, as we are right at a release boundary).
However, under no circumstances will it follow a preexisting symlink (the
operating system guarantees this with EXCL) so the danger of an exploit
has been converted into the possibility of a failure, with an appropriate
warning.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix for #2940 resulted in a behavior change that could be seen as a
bug. This was consistent with many of the other providers (see #3000)
but was not the desired behavior.
This patch enhances the patch for #2940 to return {:ensure => :absent} as
the present state in the case that the failure was due to the package not
being installed (as opposed to a source/index failure, etc.). The other
possibility would have been {:ensure => :purged}.
|
| | | |
|
