puppet 0.24.4 → 0.24.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +170 -0
- data/Rakefile +6 -4
- data/bin/filebucket +3 -2
- data/bin/puppet +7 -4
- data/bin/puppetca +32 -14
- data/bin/puppetd +12 -34
- data/bin/puppetmasterd +3 -2
- data/bin/puppetrun +5 -43
- data/bin/ralsh +2 -2
- data/conf/debian/README.source +2 -0
- data/conf/debian/TODO.Debian +1 -0
- data/conf/debian/changelog +257 -0
- data/conf/debian/compat +1 -0
- data/conf/debian/control +45 -0
- data/conf/debian/copyright +17 -0
- data/conf/debian/docs +1 -0
- data/conf/debian/fileserver.conf +12 -0
- data/conf/debian/puppet.NEWS +63 -0
- data/conf/debian/puppet.conf +8 -0
- data/conf/debian/puppet.dirs +7 -0
- data/conf/debian/puppet.files +6 -0
- data/conf/debian/puppet.init +64 -0
- data/conf/debian/puppet.logrotate +11 -0
- data/conf/debian/puppet.postinst +9 -0
- data/conf/debian/puppet.postrm +21 -0
- data/conf/debian/puppet.preinst +25 -0
- data/conf/debian/puppetmaster.files +4 -0
- data/conf/debian/puppetmaster.init +58 -0
- data/conf/debian/rules +115 -0
- data/conf/debian/watch +2 -0
- data/conf/gentoo/init.d/puppet +1 -1
- data/conf/gentoo/init.d/puppetmaster +32 -31
- data/conf/redhat/client.init +10 -2
- data/conf/redhat/puppet.spec +4 -1
- data/conf/redhat/server.init +9 -1
- data/examples/{code/allatonce → allatonce} +0 -0
- data/examples/{code/assignments → assignments} +0 -0
- data/examples/{code/components → components} +0 -0
- data/examples/{root/etc → etc}/init.d/sleeper +0 -0
- data/examples/{root/etc → etc}/otherfile +0 -0
- data/examples/{root/etc → etc}/puppet/fileserver.conf +0 -0
- data/examples/{root/etc → etc}/puppet/namespaceauth.conf +0 -0
- data/examples/{root/etc → etc}/puppet/puppet.conf +0 -0
- data/examples/{root/etc → etc}/puppet/tagmail.conf +0 -0
- data/examples/{code/execs → execs} +0 -0
- data/examples/{code/file.bl → file.bl} +0 -0
- data/examples/{code/filedefaults → filedefaults} +0 -0
- data/examples/{code/fileparsing → fileparsing} +0 -0
- data/examples/{code/filerecursion → filerecursion} +0 -0
- data/examples/{code/functions → functions} +0 -0
- data/examples/{code/groups → groups} +0 -0
- data/examples/{code/head → head} +0 -0
- data/examples/{code/importing → importing} +0 -0
- data/examples/{code/mac_automount.pp → mac_automount.pp} +0 -0
- data/examples/{code/mac_dscl.pp → mac_dscl.pp} +0 -0
- data/examples/{code/mac_dscl_revert.pp → mac_dscl_revert.pp} +0 -0
- data/examples/{code/mac_netinfo.pp → mac_netinfo.pp} +0 -0
- data/examples/{code/mac_pkgdmg.pp → mac_pkgdmg.pp} +0 -0
- data/examples/{code/modules → modules}/sample-module.pp +0 -0
- data/examples/{code/modules → modules}/sample-module/README.txt +0 -0
- data/examples/{code/modules → modules}/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +0 -0
- data/examples/{code/modules → modules}/sample-module/manifests/init.pp +0 -0
- data/examples/{code/modules → modules}/sample-module/templates/sample.erb +0 -0
- data/examples/{code/nodes → nodes} +0 -0
- data/examples/{code/one → one} +0 -0
- data/examples/{code/relationships → relationships} +0 -0
- data/examples/{code/selectors → selectors} +0 -0
- data/examples/{code/simpletests → simpletests} +0 -0
- data/examples/{code/svncommit → svncommit} +0 -0
- data/ext/autotest/Rakefile +8 -0
- data/ext/autotest/config +43 -0
- data/ext/autotest/readme.rst +16 -0
- data/{examples/root → ext}/bin/sleeper +1 -1
- data/ext/emacs/puppet-mode.el +246 -184
- data/ext/ldap/puppet.schema +7 -2
- data/ext/module_puppet +4 -3
- data/ext/nagios/check_puppet.rb +117 -0
- data/ext/puppetlast +40 -0
- data/install.rb +12 -3
- data/lib/puppet.rb +1 -44
- data/lib/puppet/defaults.rb +23 -10
- data/lib/puppet/dsl.rb +2 -2
- data/lib/puppet/executables/client/certhandler.rb +77 -0
- data/lib/puppet/external/nagios.rb +1 -1
- data/lib/puppet/external/nagios/base.rb +60 -46
- data/lib/puppet/file_serving/indirection_hooks.rb +4 -2
- data/lib/puppet/file_serving/metadata.rb +0 -9
- data/lib/puppet/file_serving/terminus_helper.rb +4 -4
- data/lib/puppet/indirector.rb +26 -28
- data/lib/puppet/indirector/catalog/compiler.rb +6 -28
- data/lib/puppet/indirector/checksum/file.rb +2 -2
- data/lib/puppet/indirector/direct_file_server.rb +7 -7
- data/lib/puppet/indirector/envelope.rb +13 -0
- data/lib/puppet/indirector/exec.rb +2 -2
- data/lib/puppet/indirector/facts/facter.rb +2 -2
- data/lib/puppet/indirector/file.rb +17 -14
- data/lib/puppet/indirector/file_metadata/file.rb +2 -2
- data/lib/puppet/indirector/file_server.rb +14 -14
- data/lib/puppet/indirector/indirection.rb +113 -48
- data/lib/puppet/indirector/ldap.rb +13 -25
- data/lib/puppet/indirector/memory.rb +7 -7
- data/lib/puppet/indirector/module_files.rb +14 -14
- data/lib/puppet/indirector/node/exec.rb +3 -10
- data/lib/puppet/indirector/node/ldap.rb +138 -41
- data/lib/puppet/indirector/node/plain.rb +1 -8
- data/lib/puppet/indirector/node/rest.rb +1 -1
- data/lib/puppet/indirector/plain.rb +2 -2
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/request.rb +42 -0
- data/lib/puppet/indirector/rest.rb +51 -3
- data/lib/puppet/indirector/terminus.rb +0 -27
- data/lib/puppet/indirector/yaml.rb +12 -17
- data/lib/puppet/metatype/attributes.rb +3 -7
- data/lib/puppet/metatype/evaluation.rb +2 -2
- data/lib/puppet/module.rb +6 -2
- data/lib/puppet/network/client/master.rb +29 -81
- data/lib/puppet/network/handler/master.rb +12 -43
- data/lib/puppet/network/http.rb +8 -6
- data/lib/puppet/network/http/handler.rb +42 -32
- data/lib/puppet/network/http/mongrel.rb +8 -9
- data/lib/puppet/network/http/mongrel/rest.rb +42 -15
- data/lib/puppet/network/http/webrick.rb +27 -16
- data/lib/puppet/network/http/webrick/rest.rb +38 -14
- data/lib/puppet/network/http_pool.rb +3 -2
- data/lib/puppet/network/server.rb +24 -22
- data/lib/puppet/network/xmlrpc/client.rb +6 -1
- data/lib/puppet/node.rb +38 -79
- data/lib/puppet/node/catalog.rb +9 -0
- data/lib/puppet/node/facts.rb +9 -1
- data/lib/puppet/parser/ast/function.rb +1 -1
- data/lib/puppet/parser/collector.rb +6 -0
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/functions.rb +25 -1
- data/lib/puppet/parser/interpreter.rb +2 -17
- data/lib/puppet/parser/parser.rb +4 -4
- data/lib/puppet/parser/parser_support.rb +6 -2
- data/lib/puppet/parser/resource.rb +6 -0
- data/lib/puppet/parser/templatewrapper.rb +9 -0
- data/lib/puppet/pgraph.rb +1 -1
- data/lib/puppet/property.rb +0 -1
- data/lib/puppet/provider.rb +9 -95
- data/lib/puppet/provider/confine.rb +77 -0
- data/lib/puppet/provider/confine/exists.rb +22 -0
- data/lib/puppet/provider/confine/false.rb +19 -0
- data/lib/puppet/provider/confine/feature.rb +17 -0
- data/lib/puppet/provider/confine/true.rb +20 -0
- data/lib/puppet/provider/confine/variable.rb +42 -0
- data/lib/puppet/provider/confine_collection.rb +47 -0
- data/lib/puppet/provider/confiner.rb +20 -0
- data/lib/puppet/provider/cron/crontab.rb +6 -2
- data/lib/puppet/provider/group/groupadd.rb +1 -1
- data/lib/puppet/provider/group/ldap.rb +48 -0
- data/lib/puppet/provider/ldap.rb +137 -0
- data/lib/puppet/provider/nameservice.rb +1 -2
- data/lib/puppet/provider/nameservice/objectadd.rb +2 -5
- data/lib/puppet/provider/package/dpkg.rb +16 -1
- data/lib/puppet/provider/package/freebsd.rb +15 -4
- data/lib/puppet/provider/package/gem.rb +33 -12
- data/lib/puppet/provider/package/pkgdmg.rb +1 -60
- data/lib/puppet/provider/package/ports.rb +6 -1
- data/lib/puppet/provider/package/rpm.rb +14 -13
- data/lib/puppet/provider/package/urpmi.rb +3 -3
- data/lib/puppet/provider/service/base.rb +4 -4
- data/lib/puppet/provider/service/debian.rb +1 -1
- data/lib/puppet/provider/service/init.rb +5 -3
- data/lib/puppet/provider/service/redhat.rb +35 -7
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +69 -0
- data/lib/puppet/provider/user/ldap.rb +133 -0
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +14 -14
- data/lib/puppet/rails/database/schema.rb +9 -0
- data/lib/puppet/rails/resource.rb +1 -0
- data/lib/puppet/reference/providers.rb +8 -2
- data/lib/puppet/reference/report.rb +23 -0
- data/lib/puppet/reports/rrdgraph.rb +4 -2
- data/lib/puppet/sslcertificates/ca.rb +9 -4
- data/lib/puppet/sslcertificates/support.rb +26 -2
- data/lib/puppet/transaction.rb +11 -16
- data/lib/puppet/transaction/change.rb +94 -0
- data/lib/puppet/transaction/event.rb +21 -0
- data/lib/puppet/transaction/report.rb +4 -0
- data/lib/puppet/type.rb +0 -2
- data/lib/puppet/type/file/ensure.rb +0 -5
- data/lib/puppet/type/file/group.rb +13 -7
- data/lib/puppet/type/file/source.rb +8 -15
- data/lib/puppet/type/file/target.rb +2 -0
- data/lib/puppet/type/group.rb +1 -1
- data/lib/puppet/type/mount.rb +4 -2
- data/lib/puppet/type/nagios_hostescalation.rb +3 -0
- data/lib/puppet/type/nagios_servicegroup.rb +3 -0
- data/lib/puppet/type/ssh_authorized_key.rb +56 -0
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type/yumrepo.rb +0 -1
- data/lib/puppet/util.rb +1 -1
- data/lib/puppet/util/ldap.rb +5 -0
- data/lib/puppet/util/ldap/connection.rb +69 -0
- data/lib/puppet/util/ldap/generator.rb +45 -0
- data/lib/puppet/util/ldap/manager.rb +281 -0
- data/lib/puppet/util/posix.rb +2 -2
- data/lib/puppet/util/resource_template.rb +61 -0
- data/lib/puppet/util/settings.rb +63 -3
- data/lib/puppet/util/storage.rb +4 -0
- data/lib/puppet/util/warnings.rb +7 -0
- data/man/man8/filebucket.8 +116 -0
- data/man/man8/pi.8 +34 -0
- data/man/man8/puppet.8 +78 -0
- data/man/man8/puppet.conf.8 +1747 -0
- data/man/man8/puppetca.8 +118 -0
- data/man/man8/puppetd.8 +184 -0
- data/man/man8/puppetdoc.8 +62 -0
- data/man/man8/puppetmasterd.8 +87 -0
- data/man/man8/puppetrun.8 +151 -0
- data/man/man8/ralsh.8 +135 -0
- data/test/README +24 -0
- data/test/certmgr/support.rb +28 -1
- data/test/data/failers/badclassnoparam +10 -0
- data/test/data/failers/badclassparam +10 -0
- data/test/data/failers/badcompnoparam +9 -0
- data/test/data/failers/badcompparam +9 -0
- data/test/data/failers/badtypeparam +3 -0
- data/test/data/failers/noobjectrvalue +1 -0
- data/test/data/providers/cron/crontab.allthree +17 -0
- data/test/data/providers/cron/crontab.envNcomment +12 -0
- data/test/data/providers/cron/crontab.envNname +11 -0
- data/test/data/providers/cron/crontab.multirecords +12 -0
- data/test/data/providers/cron/crontab_collections.yaml +44 -0
- data/test/data/providers/cron/crontab_multiple_with_env.yaml +54 -0
- data/test/data/providers/cron/crontab_sample_records.yaml +272 -0
- data/test/data/providers/cron/examples/freebsd +2 -0
- data/test/data/providers/cron/examples/one +14 -0
- data/test/data/providers/cron/examples/openbsd +20 -0
- data/test/data/providers/package/testpackages.yaml +65 -0
- data/test/data/providers/ssh_authorized_key/parsed/authorized_keys +5 -0
- data/test/data/reports/1.yaml +108 -0
- data/test/data/reports/2.yaml +108 -0
- data/test/data/reports/tagmail_failers.conf +3 -0
- data/test/data/reports/tagmail_passers.conf +30 -0
- data/test/data/snippets/aliastest.pp +16 -0
- data/test/data/snippets/argumentdefaults +14 -0
- data/test/data/snippets/casestatement.pp +58 -0
- data/test/data/snippets/classheirarchy.pp +15 -0
- data/test/data/snippets/classincludes.pp +17 -0
- data/test/data/snippets/classpathtest +11 -0
- data/test/data/snippets/collection.pp +10 -0
- data/test/data/snippets/collection_within_virtual_definitions.pp +20 -0
- data/test/data/snippets/componentmetaparams.pp +11 -0
- data/test/data/snippets/componentrequire.pp +8 -0
- data/test/data/snippets/deepclassheirarchy.pp +23 -0
- data/test/data/snippets/defineoverrides.pp +17 -0
- data/test/data/snippets/emptyclass.pp +9 -0
- data/test/data/snippets/emptyexec.pp +3 -0
- data/test/data/snippets/falsevalues.pp +3 -0
- data/test/data/snippets/filecreate +11 -0
- data/test/data/snippets/fqdefinition.pp +5 -0
- data/test/data/snippets/fqparents.pp +11 -0
- data/test/data/snippets/implicititeration +15 -0
- data/test/data/snippets/multipleinstances +7 -0
- data/test/data/snippets/multisubs.pp +13 -0
- data/test/data/snippets/namevartest +9 -0
- data/test/data/snippets/scopetest +13 -0
- data/test/data/snippets/selectorvalues.pp +42 -0
- data/test/data/snippets/simpledefaults +5 -0
- data/test/data/snippets/simpleselector +38 -0
- data/test/data/snippets/singleary.pp +19 -0
- data/test/data/snippets/singlequote.pp +11 -0
- data/test/data/snippets/singleselector.pp +22 -0
- data/test/data/snippets/subclass_name_duplication.pp +11 -0
- data/test/data/snippets/tag.pp +9 -0
- data/test/data/snippets/tagged.pp +35 -0
- data/test/data/snippets/virtualresources.pp +14 -0
- data/test/data/types/hosts/1 +3 -0
- data/test/data/types/hosts/2 +13 -0
- data/test/data/types/hosts/solaris +5 -0
- data/test/data/types/mailalias/file1 +183 -0
- data/test/data/types/mount/freebsd.fstab +7 -0
- data/test/data/types/mount/linux.fstab +11 -0
- data/test/data/types/mount/solaris.fstab +11 -0
- data/test/data/types/port/1 +533 -0
- data/test/data/types/port/darwin +11866 -0
- data/test/data/types/ssh_authorized_key/1 +2 -0
- data/test/data/types/sshkey/1 +21 -0
- data/test/data/types/yumrepos/fedora-devel.repo +26 -0
- data/test/data/types/yumrepos/fedora.repo +9 -0
- data/test/language/parser.rb +8 -1
- data/test/lib/puppettest/runnable_test.rb +3 -0
- data/test/lib/puppettest/support/utils.rb +1 -1
- data/test/lib/rake/puppet_testtask.rb +3 -0
- data/test/lib/stubba.rb +1 -1
- data/test/network/client/ca.rb +1 -0
- data/test/network/client/master.rb +13 -127
- data/test/network/handler/master.rb +61 -80
- data/test/other/provider.rb +0 -45
- data/test/other/transactions.rb +53 -15
- data/test/rails/host.rb +0 -37
- data/test/ral/providers/cron/crontab.rb +32 -3
- data/test/ral/providers/provider.rb +28 -7
- data/test/ral/type/filesources.rb +2 -18
- data/test/ral/type/sshkey.rb +0 -1
- data/test/ral/type/user.rb +6 -0
- data/test/test +241 -0
- metadata +289 -113
- data/examples/root/etc/configfile +0 -0
- data/examples/root/etc/debian-passwd +0 -29
- data/examples/root/etc/debian-syslog.conf +0 -71
- data/lib/puppet/event.rb +0 -28
- data/lib/puppet/network/handler/configuration.rb +0 -184
- data/lib/puppet/network/http/mongrel/xmlrpc.rb +0 -4
- data/lib/puppet/network/http/webrick/xmlrpc.rb +0 -4
- data/lib/puppet/propertychange.rb +0 -141
- data/lib/puppet/provider/interface/redhat.rb +0 -250
- data/lib/puppet/provider/interface/sunos.rb +0 -133
- data/lib/puppet/type/interface.rb +0 -60
- data/lib/puppet/util/variables.rb +0 -38
- data/test/network/handler/configuration.rb +0 -160
- data/test/other/propertychange.rb +0 -140
- data/test/util/loadedfile.rb +0 -121
data/lib/puppet/type/group.rb
CHANGED
data/lib/puppet/type/mount.rb
CHANGED
@@ -95,7 +95,7 @@ module Puppet
|
|
95
95
|
|
96
96
|
# Solaris specifies two devices, not just one.
|
97
97
|
newproperty(:blockdevice) do
|
98
|
-
desc "The
|
98
|
+
desc "The device to fsck. This is property is only valid
|
99
99
|
on Solaris, and in most cases will default to the correct
|
100
100
|
value."
|
101
101
|
|
@@ -141,7 +141,9 @@ module Puppet
|
|
141
141
|
|
142
142
|
newproperty(:dump) do
|
143
143
|
desc "Whether to dump the mount. Not all platforms
|
144
|
-
support this."
|
144
|
+
support this. Valid values are ``1`` or ``0``. Default is ``0``."
|
145
|
+
|
146
|
+
newvalue(%r{(0|1)}) { }
|
145
147
|
|
146
148
|
defaultto {
|
147
149
|
if @resource.managed?
|
@@ -0,0 +1,56 @@
|
|
1
|
+
module Puppet
|
2
|
+
newtype(:ssh_authorized_key) do
|
3
|
+
@doc = "Manages ssh authorized keys."
|
4
|
+
|
5
|
+
ensurable
|
6
|
+
|
7
|
+
newparam(:name) do
|
8
|
+
desc "The SSH key comment."
|
9
|
+
|
10
|
+
isnamevar
|
11
|
+
end
|
12
|
+
|
13
|
+
newproperty(:type) do
|
14
|
+
desc "The encryption type used. Usually ssh-dss or ssh-rsa for
|
15
|
+
SSH version 2. Not used for SSH version 1."
|
16
|
+
|
17
|
+
newvalue("ssh-dss")
|
18
|
+
newvalue("ssh-rsa")
|
19
|
+
|
20
|
+
aliasvalue(:dsa, "ssh-dss")
|
21
|
+
aliasvalue(:rsa, "ssh-rsa")
|
22
|
+
end
|
23
|
+
|
24
|
+
newproperty(:key) do
|
25
|
+
desc "The key itself; generally a long string of hex digits."
|
26
|
+
end
|
27
|
+
|
28
|
+
newproperty(:user) do
|
29
|
+
desc "The user account in which the SSH key should be installed."
|
30
|
+
end
|
31
|
+
|
32
|
+
newproperty(:target) do
|
33
|
+
desc "The file in which to store the SSH key."
|
34
|
+
end
|
35
|
+
|
36
|
+
newproperty(:options, :array_matching => :all) do
|
37
|
+
desc "Key options, see sshd(8) for possible values. Multiple values
|
38
|
+
should be specified as an array."
|
39
|
+
|
40
|
+
defaultto do :absent end
|
41
|
+
end
|
42
|
+
|
43
|
+
autorequire(:user) do
|
44
|
+
if should(:user)
|
45
|
+
should(:user)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
validate do
|
50
|
+
unless should(:target) or should(:user)
|
51
|
+
raise Puppet::Error, "Attribute 'user' or 'target' is mandatory"
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
data/lib/puppet/type/user.rb
CHANGED
@@ -220,6 +220,9 @@ module Puppet
|
|
220
220
|
if value =~ /^\d+$/
|
221
221
|
raise ArgumentError, "Group names must be provided, not numbers"
|
222
222
|
end
|
223
|
+
if value.include?(",")
|
224
|
+
raise ArgumentError, "Group names must be provided as an array, not a comma-separated list"
|
225
|
+
end
|
223
226
|
end
|
224
227
|
end
|
225
228
|
|
data/lib/puppet/type/yumrepo.rb
CHANGED
data/lib/puppet/util.rb
CHANGED
@@ -313,7 +313,7 @@ module Util
|
|
313
313
|
$VERBOSE = oldverb
|
314
314
|
if child_pid
|
315
315
|
# Parent process executes this
|
316
|
-
child_status = Process.waitpid2(child_pid)[1]
|
316
|
+
child_status = (Process.waitpid2(child_pid)[1]).to_i >> 8
|
317
317
|
else
|
318
318
|
# Child process executes this
|
319
319
|
Process.setsid
|
@@ -0,0 +1,69 @@
|
|
1
|
+
#
|
2
|
+
# Created by Luke Kanies on 2008-3-23.
|
3
|
+
# Copyright (c) 2008. All rights reserved.
|
4
|
+
require 'puppet/util/ldap'
|
5
|
+
|
6
|
+
class Puppet::Util::Ldap::Connection
|
7
|
+
attr_accessor :host, :port, :user, :password, :reset, :ssl
|
8
|
+
|
9
|
+
attr_reader :connection
|
10
|
+
|
11
|
+
# Return a default connection, using our default settings.
|
12
|
+
def self.instance
|
13
|
+
ssl = if Puppet[:ldaptls]
|
14
|
+
:tls
|
15
|
+
elsif Puppet[:ldapssl]
|
16
|
+
true
|
17
|
+
else
|
18
|
+
false
|
19
|
+
end
|
20
|
+
new(Puppet[:ldapserver], Puppet[:ldapport], :ssl => ssl)
|
21
|
+
end
|
22
|
+
|
23
|
+
def close
|
24
|
+
connection.unbind if connection.bound?
|
25
|
+
end
|
26
|
+
|
27
|
+
def initialize(host, port, options = {})
|
28
|
+
raise Puppet::Error, "Could not set up LDAP Connection: Missing ruby/ldap libraries" unless Puppet.features.ldap?
|
29
|
+
|
30
|
+
@host, @port = host, port
|
31
|
+
|
32
|
+
options.each do |param, value|
|
33
|
+
begin
|
34
|
+
send(param.to_s + "=", value)
|
35
|
+
rescue
|
36
|
+
raise ArgumentError, "LDAP connections do not support %s parameters" % param
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Create a per-connection unique name.
|
42
|
+
def name
|
43
|
+
[host, port, user, password, ssl].collect { |p| p.to_s }.join("/")
|
44
|
+
end
|
45
|
+
|
46
|
+
# Should we reset the connection?
|
47
|
+
def reset?
|
48
|
+
reset
|
49
|
+
end
|
50
|
+
|
51
|
+
# Start our ldap connection.
|
52
|
+
def start
|
53
|
+
begin
|
54
|
+
case ssl
|
55
|
+
when :tls:
|
56
|
+
@connection = LDAP::SSLConn.new(host, port, true)
|
57
|
+
when true:
|
58
|
+
@connection = LDAP::SSLConn.new(host, port)
|
59
|
+
else
|
60
|
+
@connection = LDAP::Conn.new(host, port)
|
61
|
+
end
|
62
|
+
@connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
|
63
|
+
@connection.set_option(LDAP::LDAP_OPT_REFERRALS, LDAP::LDAP_OPT_ON)
|
64
|
+
@connection.simple_bind(user, password)
|
65
|
+
rescue => detail
|
66
|
+
raise Puppet::Error, "Could not connect to LDAP: %s" % detail
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
#
|
2
|
+
# Created by Luke Kanies on 2008-3-28.
|
3
|
+
# Copyright (c) 2008. All rights reserved.
|
4
|
+
require 'puppet/util/ldap'
|
5
|
+
|
6
|
+
class Puppet::Util::Ldap::Generator
|
7
|
+
# Declare the attribute we'll use to generate the value.
|
8
|
+
def from(source)
|
9
|
+
@source = source
|
10
|
+
return self
|
11
|
+
end
|
12
|
+
|
13
|
+
# Actually do the generation.
|
14
|
+
def generate(value = nil)
|
15
|
+
if value.nil?
|
16
|
+
@generator.call
|
17
|
+
else
|
18
|
+
@generator.call(value)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
# Initialize our generator with the name of the parameter
|
23
|
+
# being generated.
|
24
|
+
def initialize(name)
|
25
|
+
@name = name
|
26
|
+
end
|
27
|
+
|
28
|
+
def name
|
29
|
+
@name.to_s
|
30
|
+
end
|
31
|
+
|
32
|
+
def source
|
33
|
+
if defined?(@source) and @source
|
34
|
+
@source.to_s
|
35
|
+
else
|
36
|
+
nil
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
# Provide the code that does the generation.
|
41
|
+
def with(&block)
|
42
|
+
@generator = block
|
43
|
+
return self
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,281 @@
|
|
1
|
+
require 'puppet/util/ldap'
|
2
|
+
require 'puppet/util/ldap/connection'
|
3
|
+
require 'puppet/util/ldap/generator'
|
4
|
+
|
5
|
+
# The configuration class for LDAP providers, plus
|
6
|
+
# connection handling for actually interacting with ldap.
|
7
|
+
class Puppet::Util::Ldap::Manager
|
8
|
+
attr_reader :objectclasses, :puppet2ldap, :location, :rdn
|
9
|
+
|
10
|
+
# A null-op that just returns the config.
|
11
|
+
def and
|
12
|
+
return self
|
13
|
+
end
|
14
|
+
|
15
|
+
# Set the offset from the search base and return the config.
|
16
|
+
def at(location)
|
17
|
+
@location = location
|
18
|
+
return self
|
19
|
+
end
|
20
|
+
|
21
|
+
# The basic search base.
|
22
|
+
def base
|
23
|
+
[location, Puppet[:ldapbase]].join(",")
|
24
|
+
end
|
25
|
+
|
26
|
+
# Convert the name to a dn, then pass the args along to
|
27
|
+
# our connection.
|
28
|
+
def create(name, attributes)
|
29
|
+
attributes = attributes.dup
|
30
|
+
|
31
|
+
# Add the objectclasses
|
32
|
+
attributes["objectClass"] = objectclasses.collect { |o| o.to_s }
|
33
|
+
attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top")
|
34
|
+
|
35
|
+
attributes[rdn.to_s] = [name]
|
36
|
+
|
37
|
+
# Generate any new values we might need.
|
38
|
+
generate(attributes)
|
39
|
+
|
40
|
+
# And create our resource.
|
41
|
+
connect { |conn| conn.add dn(name), attributes }
|
42
|
+
end
|
43
|
+
|
44
|
+
# Open, yield, and close the connection. Cannot be left
|
45
|
+
# open, at this point.
|
46
|
+
def connect
|
47
|
+
raise ArgumentError, "You must pass a block to #connect" unless block_given?
|
48
|
+
|
49
|
+
unless defined?(@connection) and @connection
|
50
|
+
if Puppet[:ldaptls]
|
51
|
+
ssl = :tls
|
52
|
+
elsif Puppet[:ldapssl]
|
53
|
+
ssl = true
|
54
|
+
else
|
55
|
+
ssl = false
|
56
|
+
end
|
57
|
+
options = {:ssl => ssl}
|
58
|
+
if user = Puppet[:ldapuser] and user != ""
|
59
|
+
options[:user] = user
|
60
|
+
end
|
61
|
+
if password = Puppet[:ldappassword] and password != ""
|
62
|
+
options[:password] = password
|
63
|
+
end
|
64
|
+
@connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], options)
|
65
|
+
end
|
66
|
+
@connection.start
|
67
|
+
begin
|
68
|
+
yield @connection.connection
|
69
|
+
ensure
|
70
|
+
@connection.close
|
71
|
+
end
|
72
|
+
return nil
|
73
|
+
end
|
74
|
+
|
75
|
+
# Convert the name to a dn, then pass the args along to
|
76
|
+
# our connection.
|
77
|
+
def delete(name)
|
78
|
+
connect { |connection| connection.delete dn(name) }
|
79
|
+
end
|
80
|
+
|
81
|
+
# Calculate the dn for a given resource.
|
82
|
+
def dn(name)
|
83
|
+
["#{rdn.to_s}=%s" % name, base].join(",")
|
84
|
+
end
|
85
|
+
|
86
|
+
# Convert an ldap-style entry hash to a provider-style hash.
|
87
|
+
def entry2provider(entry)
|
88
|
+
raise ArgumentError, "Could not get dn from ldap entry" unless entry["dn"]
|
89
|
+
|
90
|
+
# DN is always a single-entry array. Strip off the bits before the
|
91
|
+
# first comma, then the bits after the remaining equal sign. This is the
|
92
|
+
# name.
|
93
|
+
name = entry["dn"].dup.pop.split(",").shift.split("=").pop
|
94
|
+
|
95
|
+
result = {:name => name}
|
96
|
+
|
97
|
+
@ldap2puppet.each do |ldap, puppet|
|
98
|
+
result[puppet] = entry[ldap.to_s] || :absent
|
99
|
+
end
|
100
|
+
|
101
|
+
result
|
102
|
+
end
|
103
|
+
|
104
|
+
# Create our normal search filter.
|
105
|
+
def filter
|
106
|
+
return "objectclass=%s" % objectclasses[0] if objectclasses.length == 1
|
107
|
+
return "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))"
|
108
|
+
end
|
109
|
+
|
110
|
+
# Find the associated entry for a resource. Returns a hash, minus
|
111
|
+
# 'dn', or nil if the entry cannot be found.
|
112
|
+
def find(name)
|
113
|
+
result = nil
|
114
|
+
connect do |conn|
|
115
|
+
begin
|
116
|
+
conn.search2(dn(name), 0, "objectclass=*") do |result|
|
117
|
+
# Convert to puppet-appropriate attributes
|
118
|
+
return entry2provider(result)
|
119
|
+
end
|
120
|
+
rescue => detail
|
121
|
+
return nil
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
# Declare a new attribute generator.
|
127
|
+
def generates(parameter)
|
128
|
+
@generators << Puppet::Util::Ldap::Generator.new(parameter)
|
129
|
+
@generators[-1]
|
130
|
+
end
|
131
|
+
|
132
|
+
# Generate any extra values we need to make the ldap entry work.
|
133
|
+
def generate(values)
|
134
|
+
return unless @generators.length > 0
|
135
|
+
|
136
|
+
@generators.each do |generator|
|
137
|
+
# Don't override any values that might exist.
|
138
|
+
next if values[generator.name]
|
139
|
+
|
140
|
+
if generator.source
|
141
|
+
unless value = values[generator.source]
|
142
|
+
raise ArgumentError, "%s must be defined to generate %s" % [generator.source, generator.name]
|
143
|
+
end
|
144
|
+
result = generator.generate(value)
|
145
|
+
else
|
146
|
+
result = generator.generate
|
147
|
+
end
|
148
|
+
|
149
|
+
result = [result] unless result.is_a?(Array)
|
150
|
+
result = result.collect { |r| r.to_s }
|
151
|
+
|
152
|
+
values[generator.name] = result
|
153
|
+
end
|
154
|
+
end
|
155
|
+
|
156
|
+
def initialize
|
157
|
+
@rdn = :cn
|
158
|
+
@generators = []
|
159
|
+
end
|
160
|
+
|
161
|
+
# Specify what classes this provider models.
|
162
|
+
def manages(*classes)
|
163
|
+
@objectclasses = classes
|
164
|
+
return self
|
165
|
+
end
|
166
|
+
|
167
|
+
# Specify the attribute map. Assumes the keys are the puppet
|
168
|
+
# attributes, and the values are the ldap attributes, and creates a map
|
169
|
+
# for each direction.
|
170
|
+
def maps(attributes)
|
171
|
+
# The map with the puppet attributes as the keys
|
172
|
+
@puppet2ldap = attributes
|
173
|
+
|
174
|
+
# and the ldap attributes as the keys.
|
175
|
+
@ldap2puppet = attributes.inject({}) { |map, ary| map[ary[1]] = ary[0]; map }
|
176
|
+
|
177
|
+
return self
|
178
|
+
end
|
179
|
+
|
180
|
+
# Return the ldap name for a puppet attribute.
|
181
|
+
def ldap_name(attribute)
|
182
|
+
@puppet2ldap[attribute].to_s
|
183
|
+
end
|
184
|
+
|
185
|
+
# Convert the name to a dn, then pass the args along to
|
186
|
+
# our connection.
|
187
|
+
def modify(name, mods)
|
188
|
+
connect { |connection| connection.modify dn(name), mods }
|
189
|
+
end
|
190
|
+
|
191
|
+
# Specify the rdn that we use to build up our dn.
|
192
|
+
def named_by(attribute)
|
193
|
+
@rdn = attribute
|
194
|
+
self
|
195
|
+
end
|
196
|
+
|
197
|
+
# Return the puppet name for an ldap attribute.
|
198
|
+
def puppet_name(attribute)
|
199
|
+
@ldap2puppet[attribute]
|
200
|
+
end
|
201
|
+
|
202
|
+
# Search for all entries at our base. A potentially expensive search.
|
203
|
+
def search(sfilter = nil)
|
204
|
+
sfilter ||= filter()
|
205
|
+
|
206
|
+
result = []
|
207
|
+
connect do |conn|
|
208
|
+
conn.search2(base, 1, sfilter) do |entry|
|
209
|
+
result << entry2provider(entry)
|
210
|
+
end
|
211
|
+
end
|
212
|
+
return nil if result.empty?
|
213
|
+
return result
|
214
|
+
end
|
215
|
+
|
216
|
+
# Update the ldap entry with the desired state.
|
217
|
+
def update(name, is, should)
|
218
|
+
if should[:ensure] == :absent
|
219
|
+
Puppet.info "Removing %s from ldap" % dn(name)
|
220
|
+
delete(name)
|
221
|
+
return
|
222
|
+
end
|
223
|
+
|
224
|
+
# We're creating a new entry
|
225
|
+
if is.empty? or is[:ensure] == :absent
|
226
|
+
Puppet.info "Creating %s in ldap" % dn(name)
|
227
|
+
# Remove any :absent params and :ensure, then convert the names to ldap names.
|
228
|
+
attrs = ldap_convert(should)
|
229
|
+
create(name, attrs)
|
230
|
+
return
|
231
|
+
end
|
232
|
+
|
233
|
+
# We're modifying an existing entry. Yuck.
|
234
|
+
|
235
|
+
mods = []
|
236
|
+
# For each attribute we're deleting that is present, create a
|
237
|
+
# modify instance for deletion.
|
238
|
+
[is.keys, should.keys].flatten.uniq.each do |property|
|
239
|
+
# They're equal, so do nothing.
|
240
|
+
next if is[property] == should[property]
|
241
|
+
|
242
|
+
attributes = ldap_convert(should)
|
243
|
+
|
244
|
+
prop_name = ldap_name(property).to_s
|
245
|
+
|
246
|
+
# We're creating it.
|
247
|
+
if is[property] == :absent or is[property].nil?
|
248
|
+
mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name])
|
249
|
+
next
|
250
|
+
end
|
251
|
+
|
252
|
+
# We're deleting it
|
253
|
+
if should[property] == :absent or should[property].nil?
|
254
|
+
mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, [])
|
255
|
+
next
|
256
|
+
end
|
257
|
+
|
258
|
+
# We're replacing an existing value
|
259
|
+
mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name])
|
260
|
+
end
|
261
|
+
|
262
|
+
modify(name, mods)
|
263
|
+
end
|
264
|
+
|
265
|
+
# Is this a complete ldap configuration?
|
266
|
+
def valid?
|
267
|
+
location and objectclasses and ! objectclasses.empty? and puppet2ldap
|
268
|
+
end
|
269
|
+
|
270
|
+
private
|
271
|
+
|
272
|
+
# Convert a hash of attributes to ldap-like forms. This mostly means
|
273
|
+
# getting rid of :ensure and making sure everything's an array of strings.
|
274
|
+
def ldap_convert(attributes)
|
275
|
+
attributes.reject { |param, value| value == :absent or param == :ensure }.inject({}) do |result, ary|
|
276
|
+
value = (ary[1].is_a?(Array) ? ary[1] : [ary[1]]).collect { |v| v.to_s }
|
277
|
+
result[ldap_name(ary[0])] = value
|
278
|
+
result
|
279
|
+
end
|
280
|
+
end
|
281
|
+
end
|