| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
When running as root, puppet will by default manage internal file
permissions for file-related settings. However, ruby does not support
chown/chgrp functionality on Windows, so puppet will fail to run
(puppet apply generates an exception while trying to set the owner,
etc).
This commit disables internal file permissions handling on Windows
until we add support for chown (at least) as part of the larger file
type effort on Windows.
|
| |
|
|
|
|
|
|
|
|
| |
When running as root, puppet will generate a catalog from its settings
to create the various directories, e.g. var, ssl. If mkusers is true
and a setting implements owner and/or group methods, then puppet will
automatically add user and group resources to the catalog (provided
the user name is not root and the group names are not root or
wheel). This functionality will not be supported on Windows, and so
this step is skipped.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes Puppet::Util::SUIDManager.root? (and
Puppet.features.root?) to only return true if the user is running with
elevated privileges (granted via UAC). If this check fails because
elevated privileges are not supported, e.g. pre-Vista, then we fall
back to checking if the user is a member of the builtin Administrators
group.
This means if you are logged in as Administrator on 2008,
Puppet.features.root? will return false, unless you are explicitly
running puppet as an administrator, e.g.
runas /user:Administrator "puppet apply manifest.pp"
This commit also adds tests to ensure SUIDManager.asuser is a no-op on
Windows, since Windows does not (easily) support switching user
contexts without providing a password.
|
| |
|
|
|
|
|
|
|
|
| |
The resource_spec was failing because /etc is not considered a
fully-qualified path on Windows. Using File.expand_path fixes that.
The suidmanager_spec was failing because we weren't stubbing the
microsoft_windows feature, so SUIDManager.asuser was a no-op when
running as root, and our expectations weren't being met.
(cherry picked from commit af87f32a016a5ed48353f516f9558f95c54c50b4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module (Puppet::Util::ADSI) provides access to Active Directory Services
Interfaces, using win32ole. The base module has methods for generating resource
URIs and connecting to ADSI.
It also provides classes Puppet::Util::ADSI::User and Puppet::Util::ADSI::Group
for managing Active Directory users and groups, along with their properties and
group memberships. This will be used to implement the Windows ADSI user and
group providers.
Based on work by: Joel Rosario <joel.r@.internal.directi.com>
Based on work by: Cameron Thomas <cameron@puppetlabs.com>
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
(cherry picked from commit b5fd95336e71ad428109cddf6cd2f33bdd31e025)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The puppet install.rb script now defaults the config directory to
%PROGRAMDATA%\PuppetLabs\puppet\etc on Windows. This is more inline
with Windows best-practices, as this directory is used to store
application data across all users. The PROGRAMDATA environment
variable also takes into account alternate system drives, by using the
SYSTEMDRIVE environment variable.
Note that the Dir::COMMON_APPDATA constant is so named because it
corresponds to the CSIDL_COMMON_APPDATA constant, which on 2000, XP,
and 2003 is %ALLUSERSPROFILE%\Application Data, and on Vista, Win7 and
2008 is %SYSTEMDRIVE%\ProgramData.
This commit also updates puppet's default run_mode var and conf
directories when running as "root" to match the install script, and
fixes the spec test, which was looking in the Dir::WINDOWS directory.
Reviewed-by: Cameron Thomas <cameron@puppetlabs.com>
(cherry picked from commit 95b21dfde7d77a61633555f20f2e3b9675d48415)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running as root, the default conf and var directories on Windows
are currently puppet/etc and puppet/var within the windows
directory. Updated the spec tests to match what the code does on
Windows.
Whether or not this is the correct behavior is something that will be
addressed in the future. See #8660.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit f883648d2f6e4c357263c0cf3aa39afd63d852d7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The environment validates its modulepath and manifestdir settings, but
it uses Dir.getwd to convert a relative path into an absolute path. The
problem is that on Windows, Dir.getwd returns a path with backslashes.
(Interestingly this only happens when puppet is loaded, not in irb for
example.) And since we do not yet support backslashes in Windows paths
or UNC paths, the directory is not included in the environment.
For the time being, I am using File.expand_path to normalize the path.
It has the side-effect of converting backslashes to forward slashes.
This is sufficient to work around backslashes in Dir.getwd. In the near
future, I will be refactoring how paths are split, validated, tested,
etc, and I have a REMIND in place to fix the environment.
But as a result of this change it exposed a bug in our rdoc parser
dealing with the finding the root of a path. The parser assumed that the
root was '/', but caused an infinite loop when passed a Windows path.
I added a test for this case, which is only run on Windows, because on
Unix File.dirname("C:/") == '.'.
After all of that, I had to disable one of the rdoc spec tests, because
it attempted to reproduce a specific bug, which caused rdoc to try to
create a directory of the form: C:/.../files/C:/.... Of course, this
fails because ':' is not a valid filename character on Windows.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 9279d0954eb20d75e18a666fd572b5492e157608)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d198fedf65e472b384666fc9ae3bef487852068a)
Conflicts:
spec/integration/node/facts_spec.rb
spec/unit/node_spec.rb
|
| |
|
|
|
|
|
|
|
| |
In the past, Puppet::Util::Autoload used a cached_attr for its 'searchpath'.
However, it no longer does that, so its references to Puppet::Util::Cacher are
unnecessary.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit ce08cba9eb92abce7f7ab77dcf7eb9f9435d4040)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The path attribute was being unnecessarily cached. The value is a LoadedFile
instance, which already knows how to check whether it needs to be reloaded. The
act of reparsing was being triggered separately from the cacher mechanism.
The comment indicated this value was only being cached so it could be easily
cleared for tests, but it wasn't being cleared for tests. Thus, there is no
reason for this attribute to be cached, so remove it.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit bdcb9be3b5d7cd54548cbeb7b13bee6fe4e730f7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:
rspec --tag ~fails_on_windows spec
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)
Conflicts:
spec/unit/resource/catalog_spec.rb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Absolute paths on Unix, e.g. /foo/bar, are not absolute on Windows,
which breaks many test cases. This commit adds a method to
PuppetSpec::Files.make_absolute that makes the path absolute in
test cases.
On Unix (Puppet.features.posix?) it is a no-op. On Windows,
(Puppet.features.microsoft_windows?) the drive from the current
working directory is prepended.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 462a95e3d077b1915a919399b846068816c84583)
Conflicts:
spec/unit/parser/functions/extlookup_spec.rb
|
| |
|
|
|
|
|
|
|
|
|
| |
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.6.x:
Reset indirector state after configurer tests.
(#8770) Don't fail to set supplementary groups when changing user to root
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
(#8740) Do not enumerate files in the root directory.
(#3553) Explain that cron resources require time attributes
Conflicts:
lib/puppet/application/resource.rb
test/puppet/tc_suidmanager.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.
This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.
Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.
This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On Mac OS X, it is only possible to directly change the euid of a process, and
not the uid. Thus, when a puppet master started as root on OS X would change to
the service user (puppet), it would leave the uid of its process set to 0.
This allowed any type of Ruby plugin executed on the master (a type, provider,
function, etc.) to trivially regain root privileges (by setting the euid of
its process back to 0) and potentially compromise the master.
Now, when permanently changing user, we will first try
Process::UID.change_privilege, before falling back to setting the euid/uid
ourselves. change_privilege correctly sets the uid of the process to the
desired new uid, preventing the process from later escalating itself back to
root. Similar behavior is also used when changing group. This has no effect on
the behavior when temporarily changing user/group (for instance, to execute a
single command or create a file as a particular user).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We're trying to move away from the legacy Test::Unit tests, and toward rspec
specs, so rewrite this file as specs.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.6.x:
(maint) Cleanup and strengthen acceptance tests
(#7144) Update Settings#writesub to convert mode to Fixnum
(maint) Fix platform dection for RHEL
Manually Resolved Conflicts:
acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
spec/unit/util/settings_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Settings#writesub was not checking the type of the mode value passed in
from the defaults, causing it to pass a string for mode to File.open,
leading to failures. This commit resolves that issue.
Paired-with: Matt Robinson <matt@puppetlabs.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
lib/puppet/application/apply.rb
lib/puppet/configurer.rb
lib/puppet/configurer/fact_handler.rb
spec/unit/application/apply_spec.rb
spec/unit/configurer/fact_handler_spec.rb
spec/unit/configurer_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, pointing a setting like 'confdir' at a symlink to a directory would
replace the symlink with a directory. This was because files created by
settings implicitly managed links, rather than following them. This behavior is
now changed so that file settings will follow links.
The behavior of these symlinks is the same as any other file resource. That is,
if the target of the symlink doesn't exist, Puppet will consider this an
error. Similarly, if the target of the symlink is a file, then the symlink
will still be replaced with a directory, rather than replacing its target.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-By: Dominic Maraglia <dominic@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "send" method in the stomp gem has been deprecated since:
http://gitorious.org/stomp/mainline/commit/d542a976028cb4c5badcbb69e3383e746721e44c
It's been replaced with the "publish" method.
Also renamed the send_message method to publish_message more in
keeping with language used in queuing.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The watch_file mechanism would refuse to monitor paths to files that
didn't exist. This patch makes it possible to watch a file that hasn't
been created yet, so when it is created, you manifests will get
reparsed.
Backported this change to 2.6.x
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the user's path has duplicate entries, we end up looking at them
multiple times. This has bitten people in the past in that if you get a
lot of duplication it can make autloading a lot slower. Really the user
shouldn't be duplicating their path, but since we can't control that,
this is a safe fix to prevent them from having autoload slowness.
Paired-with: Max Martin <max@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We got rid of the '../../spec_helper' style requires, but a few of them snuck
back in in recent changes. This purges them out, replaced with the header:
#!/usr/bin/env rspec
require 'spec_helper'
Reviewed-By: Nick Lewis <nick@puppetlabs.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
By running:
rspec spec --tag ~@fails_on_ruby_1.9.2
We can now just run the specs that pass under Ruby 1.9. Obviously in
the long term we want to have all the specs passing, but until then we
need notification when we regress. From now on new code will be
required to pass under Ruby 1.9, and Jenkins will give us email
notification if it doesn't or if we break something that was already
working.
Reviewed-by: Daniel Pittman <daniel@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were leaking some mocks in the network device singleton from
tests to tests.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
* spec/unit/node/facts_spec.rb
Updates:
* spec/unit/interface/action{,_builder}_spec.rb
=> update for 'when_invoked' block being required.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This addresses two of the four points: we now quote the subcommand name, and
emit 'Usage: ' before the usage information on the puppet command line.
Reviewed-By: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "send" method in the stomp gem has been deprecated since:
http://gitorious.org/stomp/mainline/commit/d542a976028cb4c5badcbb69e3383e746721e44c
It's been replaced with the "publish" method.
Also renamed the send_message method to publish_message more in
keeping with language used in queuing.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Running:
rspec spec/unit/util/network_device_spec.rb spec/integration/transaction_spec.rb
Caused
Mocha::ExpectationError:
unexpected invocation: #<Mock:device>.command()
The NetworkDevice class had a current reader that once set, never got
unset and lived between tests.
Paired-with: Josh Cooper <josh@puppetlabs.com>
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "send" method in the stomp gem has been deprecated since:
http://gitorious.org/stomp/mainline/commit/d542a976028cb4c5badcbb69e3383e746721e44c
It's been replaced with the "publish" method.
Also renamed the send_message method to publish_message more in
keeping with language used in queuing.
|
| |/ /
| |
| |
| | |
Reviewed-By: Mike Stahnke
|
| | |
| |
| |
| |
| |
| |
| | |
This reverts commit 24a277c5e805ce16e0b86e17e6cb2fbe1945ae07.
Despite not needing --ignoreimport as an option anymore, it's still used
internally and has to stay.
|
| | |
| |
| |
| |
| |
| | |
This was only used with --parseonly, which is gone.
Paired-With: Jesse Wolfe
|
| | |
| |
| |
| |
| |
| |
| | |
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
After some discussion we decided that most uses of the Puppet Face
infrastructure were about single faces on their own, not about the collection,
and so we were better referring to Puppet::Face[...] in code.
This implements that by translating names and references in the Ruby code to
the new, s-less, name.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The global --help handler (also invoked when puppet is run without any other
command line options at all) used to spit out a brief and generally not so
helpful message.
Now that we have a help face that can provide the same information in a much
more user-friendly form, we should delegate the function to that when
required.
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We previously treated the list of legacy commands as an instance property of
Puppet::Util::CommandLine. This made it difficult to obtain that information
outside the context of the instantiated application.
In the longer term this should wither and die as we eliminate the legacy
applications entirely, but until then exposing that on the class is the
lightest mechanism for making that useful.
Paired-With: Matt Robinson <matt@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| | |
Using warning, the deprecation warnings will appear in logs and in color.
Paired-With: Jesse Wolfe
|
| | |
| |
| |
| | |
Paired-With: Jesse Wolfe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds a method analogous to Puppet.warn which 1) only logs each
message the first time it is received and 2) only logs the first 100 messages
it receives. Messages are logged via warn.
This could easily be made more flexible by making the hard limit and effective
log level user settable, if desired.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* tickets/master/7021:
Updated confine in Spec test for RSpec 2
Add management of router/switchs global vlans
Cisco Switch/Router Interface management
Base class for network device based providers
Ssh transport for network device management
Telnet transport to connect to remote network device
Remote Network Device transport system
Introduce a module for some IP computations
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows to manage the global device list of vlans.
Currently supports only cisco IOS devices.
This is as easy as:
Vlan {
device_url => "ssh://user:pass@switch.domain.com/"
}
vlan {
"200": description => "R&D";
"99": description => "Management";
}
The device_url conforms to the same specs as for the interface
type.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch introduces managing remotely cisco IOS network devices
through ssh or telnet with a puppet type/provider.
This patch allows to manage router/switch interface
with the interface type:
interface {
"FastEthernet 0/1":
device_url => "ssh://user:pass@cisco2960.domain.com/",
mode => trunk,
encapsulation => dot1q,
trunk_allowed_vlans => "1-99,200,253",
description => "to back bone router"
}
It is possible with this patch to set interface:
* mode (access or trunk)
* native vlan (only for access mode)
* speed (auto or a given speed)
* duplex (auto, half or full)
* trunk encapsulation
* allowed trunk vlan
* ipv4 addresses
* ipv6 addresses
* etherchannel membership
The interface name (at least for the cisco provider) can be any
shorthand interface name a switch or router can use.
The device url should conform to:
* scheme: either telnet or ssh
* user: can be absent depending on switch/router line config
* pass: must be present
* port: optional
* an optional enable password can be mentioned in the url query string
Ex:
To connect to a switch with a line password and an enable password:
"telnet://:letmein@cisco29224XL.domain.com/?enable=letmeinagain"
To connect to a switch/router through ssh and a privileged user:
"ssh://brice:letmein@cisco1841L.domain.com/"
Note:
This patch only includes a Cisco IOS provider. Also terminology adopted
in the various types are mostly the ones used in Cisco devices.
This patch was tested against:
* (really old) Cisco switch 2924XL with ios 12.0(5)WC10
* Cisco router 1841 with ios 12.4(15)T8
* Cisco router 877 with ios 12.4(11)XJ4
* Cisco switch 2960G with ios 12.2(44)SE
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is an adapatation of net-ssh-telnet, so that net-ssh conforms to
a saner interface for consumer.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
