octocatalog-diff 0.5.1 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 884750a5cc423f972506a90a43ea39afde1ec405
-  data.tar.gz: 2374a0483c93b1a65fd94f986819c5564a96dd3c
+  metadata.gz: 1d03d7df9d9a9ef8658b7c698fa39462ed377d96
+  data.tar.gz: 47549febe31a305cafe0cef9e6db6aba4ae33e0d
 SHA512:
-  metadata.gz: 739226ba6430412af00c3fe3ca91cced879a9b3aaa836cea7f418c50eae5f2b740335a3a066bc41b7e034f510021a7bd8f169b0b683d67bbf04f742e8ae5aee3
-  data.tar.gz: 16f3bb672a86f60aa3edb541ae2189fca978b9d9be4b754de48f3ce4b61c441a23baff521561f64fdb883f41848400d84df70bae5b2f83eef5252baf27e6820b
+  metadata.gz: 3f5c02689fd13a050b1458f64ebb53512a96c200346407e2c2de3dfab010c7cd0aa64cea4100b96c4009dd06a78e67c8d98f7d3b0d3f5c1ed95939f955e58ef2
+  data.tar.gz: e6f91d1779758f485dda6c11c104f75ca5484c53af4840dd01a7d6f46cf40f084fb517c3f5389024c9615a8085a7a640c90640fcb2ac3090ab5945fbdd93b2d5

data/.version

@@ -1 +1 @@
-0.5.1
+0.5.3

data/doc/CHANGELOG.md

@@ -0,0 +1,7 @@
+# octocatalog-diff change log
+
+| Version | Date | Description / Changes |
+| ------- | ---- | ----------- |
+| 0.5.3   | 2016-10-31 | https://github.com/github/octocatalog-diff/pull/10: facts terminus optimization |
+| 0.5.2   | - | Unreleased internal version |
+| 0.5.1   | 2016-10-20 | Initial release |

data/doc/configuration-puppet.md

@@ -0,0 +1,36 @@
+# Configuring octocatalog-diff to use Puppet
+
+The most common use of `octocatalog-diff` is to use `puppet` locally to compile catalogs.
+
+In order to successfully use Puppet to compile catalogs:
+
+0. Puppet must be installed on the system.
+
+  It is the goal of `octocatalog-diff` to support Puppet version 3.8 and higher, installed via any means supported by Puppet. This includes the [All-In-One agent package](https://docs.puppet.com/puppet/4.0/reference/release_notes.html#all-in-one-packaging) or installed as a Ruby gem.
+
+  By default, `octocatalog-diff` will look for the Puppet binary in several common system locations.
+
+  For maximum reliability, you can specify the full path to the Puppet binary in the configuration file. For example:
+
+  ```
+  ##############################################################################################
+  # puppet_binary
+  #   This is the full path to the puppet binary on your system. If you don't specify this,
+  #   the tool will just run 'puppet' and hope to find it in your path.
+  ##############################################################################################
+
+  # settings[:puppet_binary] = '/usr/bin/puppet'
+  settings[:puppet_binary] = '/opt/puppetlabs/puppet/bin/puppet'
+  ```
+
+0. Applies if you are using [exported resources](https://docs.puppet.com/puppet/latest/reference/lang_exported.html) from PuppetDB (i.e., the octocatalog-diff `--storeconfigs` option enabled):
+
+  Your Puppet installation must have the `puppetdb-termini` feature available. This feature may not be included by default with the Puppet agent package.
+
+  Consult the [Connecting Puppet masters to PuppetDB](https://docs.puppet.com/puppetdb/latest/connect_puppet_master.html#step-1-install-plug-ins) documentation for instructions on installing the `puppetdb-termini` gem.
+
+  :warning: Attention Mac OS users: the [documentation](https://docs.puppet.com/puppet/latest/reference/puppet_collections.html#os-x-systems) states:
+
+  > While the puppet-agent package is the only component of a Puppet Collection available on OS X, you can still use Puppet Collections to ensure the version of package-agent you install is compatible with the Puppet Collection powering your infrastructure.
+
+  Unfortunately this means that you won't be able to enable `--storeconfigs` with the All-In-One Puppet Agent on Mac OS X, unless you manually install a gem-packaged version of `puppetdb-terminus`. The procedure for this is beyond the scope of this documentation.

data/doc/configuration-puppetdb.md

@@ -16,6 +16,8 @@ For this to work, you will need to configure or provide information about your P
 
 - **SSL Authentication Information**: Whether your PuppetDB instance requires clients to authenticate via SSL certificates. Unless you have made a special effort to configure your PuppetDB instance not to require client certificates, it is likely that client certificate authentication is required.
 
+NOTE: In certain situations, you may need to define or alter the `certificate-whitelist` setting in your PuppetDB configuration to whitelist the certificate used by octocatalog-diff. Please see [Configuring PuppetDB](https://docs.puppet.com/puppetdb/latest/configure.html#certificate-whitelist) in the Puppet documentation for additional information.
+
 ## Supplying necessary information via configuration files
 
 The following settings can be used in a [configuration file](/doc/configuration.md).
@@ -24,8 +26,9 @@ The following settings can be used in a [configuration file](/doc/configuration.
 | --- | --- |
 | `settings[:puppetdb_url]` | PuppetDB URL settings. If this is a string, it will set a single PuppetDB URL. If it is an array, it will set multiple URLs, which will be tried in a random order until one responds. |
 | `settings[:puppetdb_ssl_ca]` | Path to the certificate of the CA that signed PuppetDB's certificate. This file is typically found in `/etc/puppetlabs/puppetdb/ssl/ca.pem` on your PuppetDB server. This file should contain only the public certificate, so it is safe to distribute to developer workstations or CI environments. |
-| `settings[:puppetdb_ssl_client_cert]` | Path to the certificate of the client SSL keypair. You should generate a keypair specifically for this client (or if you are running this on a machine managed by Puppet, you may be able to use the keypair for the client machine). You should **NOT** copy the certificate from your PuppetDB server itself. |
-| `settings[:puppetdb_ssl_client_key]` | Path to the private key of the client SSL keypair. You should generate a keypair specifically for this client (or if you are running this on a machine managed by Puppet, you may be able to use the keypair for the client machine). You should **NOT** copy the private key from your PuppetDB server itself. |
+| `settings[:puppetdb_ssl_client_cert]` | TEXT of the certificate of the client SSL keypair. You should generate a keypair specifically for this client (or if you are running this on a machine managed by Puppet, you may be able to use the keypair for the client machine). You should **NOT** copy the certificate from your PuppetDB server itself. Note: This variable needs to be set to the TEXT of the certificate, and not the file path. This means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
+| `settings[:puppetdb_ssl_client_key]` | Path to the private key of the client SSL keypair. You should generate a keypair specifically for this client (or if you are running this on a machine managed by Puppet, you may be able to use the keypair for the client machine). You should **NOT** copy the private key from your PuppetDB server itself.  Note: This variable needs to be set to the TEXT of the key, and not the file path. This means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
+| `settings[:puppetdb_ssl_client_pem]` | Concatenation of the text of `puppetdb_ssl_client_key` and `puppetdb_ssl_client_cert` as previously described. This is a good alternative if your certificate chain is complex and it's easier just to put everything in a single place. Note: this option is second in precedence; if `settings[:puppetdb_ssl_client_cert]` and `settings[:puppetdb_ssl_client_key]` are both set, this will be ignored. |
 | `settings[:puppetdb_ssl_client_password]` | Plain text string containing the password to unlock the private key. For keys generated by the Puppet Master CA, this is not required and should be left undefined. |
 
 ## Supplying necessary information via the command line

data/doc/configuration.md

@@ -39,6 +39,7 @@
   - [Configuring octocatalog-diff to use Hiera](/doc/configuration-hiera.md)
   - [Configuring octocatalog-diff to use ENC](/doc/configuration-enc.md)
   - [Configuring octocatalog-diff to use PuppetDB](/doc/configuration-puppetdb.md)
+  - [Configuring octocatalog-diff to use Puppet](/doc/configuration-puppet.md)
 
 0. Test the configuration, which will indicate the location of the configuration file and validate the contents thereof.
 

data/lib/octocatalog-diff/catalog-util/builddir.rb

@@ -42,6 +42,7 @@ module OctocatalogDiff
         @enc = nil
         @fact_file = nil
         @node = options[:node]
+        @facts_terminus = options.fetch(:facts_terminus, 'yaml')
 
         create_structure
         install_directory_symlink(logger, options[:basedir])
@@ -54,7 +55,7 @@ module OctocatalogDiff
         unless options[:hiera_config].nil?
           install_hiera_config(logger, options[:hiera_config], options[:hiera_path_strip])
         end
-        @fact_file = install_fact_file(logger, options) unless options.fetch(:facts_terminus, 'yaml') != 'yaml'
+        @fact_file = install_fact_file(logger, options) if @facts_terminus == 'yaml'
         @enc = install_enc(logger) unless options[:enc].nil? && options[:pe_enc_url].nil?
         install_ssl(logger, options) if options[:puppetdb_ssl_ca] || options[:puppetdb_ssl_client_cert]
       end
@@ -98,7 +99,7 @@ module OctocatalogDiff
         routes_hash = {
           'master' => {
             'facts' => {
-              'terminus' => 'puppetdb',
+              'terminus' => @facts_terminus,
               'cache' => 'yaml'
             },
             'catalog' => {
@@ -113,8 +114,8 @@ module OctocatalogDiff
       # Install the fact file in temporary directory
       # @param options [Hash] Options
       def install_fact_file(logger, options)
-        unless options[:facts_terminus].nil? || options[:facts_terminus] == 'yaml'
-          raise ArgumentError, "Called install_fact_file but :facts_terminus = #{options[:facts_terminus]}"
+        unless @facts_terminus == 'yaml'
+          raise ArgumentError, "Called install_fact_file but :facts_terminus = #{@facts_terminus}"
         end
         unless options[:node].is_a?(String) && !options[:node].empty?
           raise ArgumentError, 'Called install_fact_file without node, or with an empty node'

data/lib/octocatalog-diff/catalog/computed.rb

@@ -44,6 +44,7 @@ module OctocatalogDiff
         @puppet_command = options[:puppet_command]
         @retries = nil
         @builddir = nil
+        @facts_terminus = options.fetch(:facts_terminus, 'yaml')
 
         # Pass through the input for other access
         @opts = options
@@ -52,10 +53,12 @@ module OctocatalogDiff
 
       # Actually build the catalog (populate @error_message, @catalog, @catalog_json)
       def build(logger = Logger.new(StringIO.new))
-        facts_obj = OctocatalogDiff::CatalogUtil::Facts.new(@opts, logger)
-        logger.debug "Start retrieving facts for #{@node} from #{self.class}"
-        @opts[:facts] = facts_obj.facts
-        logger.debug "Success retrieving facts for #{@node} from #{self.class}"
+        if @facts_terminus != 'facter'
+          facts_obj = OctocatalogDiff::CatalogUtil::Facts.new(@opts, logger)
+          logger.debug "Start retrieving facts for #{@node} from #{self.class}"
+          @opts[:facts] = facts_obj.facts
+          logger.debug "Success retrieving facts for #{@node} from #{self.class}"
+        end
         build_catalog(logger)
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: octocatalog-diff
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.3
 platform: ruby
 authors:
 - GitHub, Inc.
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-20 00:00:00.000000000 Z
+date: 2016-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: diffy
@@ -222,6 +222,7 @@ files:
 - LICENSE
 - README.md
 - bin/octocatalog-diff
+- doc/CHANGELOG.md
 - doc/advanced-bootstrap.md
 - doc/advanced-cache-dir.md
 - doc/advanced-catalog-only.md
@@ -241,6 +242,7 @@ files:
 - doc/basic.md
 - doc/configuration-enc.md
 - doc/configuration-hiera.md
+- doc/configuration-puppet.md
 - doc/configuration-puppetdb.md
 - doc/configuration.md
 - doc/dev/README.md