puppet 0.24.4 → 0.24.5

data/ext/ldap/puppet.schema

@@ -12,11 +12,16 @@ attributetype ( 1.1.3.9 NAME 'parentnode'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-attributetype ( 1.1.3.9 NAME 'environment'
+attributetype ( 1.1.3.11 NAME 'environment'
 	DESC 'Puppet Node Environment'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.1.3.12 NAME 'puppetvar'
+	DESC 'A variable setting for puppet'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 objectclass ( 1.1.1.2 NAME 'puppetClient' SUP top AUXILIARY
 	DESC 'Puppet Client objectclass'
-	MAY ( puppetclass $ parentnode $ environment ))
+	MAY ( puppetclass $ parentnode $ environment $ puppetvar ))

data/ext/module_puppet

@@ -138,8 +138,9 @@ server = nil
     end
 end
 
-Puppet.genconfig
-Puppet.genmanifest
+if Puppet.settings.print_configs?
+        exit(Puppet.settings.print_configs ? 0 : 1)
+end
 
 unless ARGV.length > 0
     $stderr.puts "You must pass a script to parse"
@@ -179,7 +180,7 @@ node.classes = classes
 
 begin
     # Compile our configuration
-    catalog = Puppet::Node::Catalog.find(node)
+    catalog = Puppet::Node::Catalog.find(node.name, :use_node => node)
 rescue => detail
     if Puppet[:trace]
         puts detail.backtrace

data/ext/nagios/check_puppet.rb

@@ -0,0 +1,117 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'sys/proctable'
+include Sys
+
+class CheckPuppet
+
+  VERSION = '0.1'
+  script_name = File.basename($0)
+
+  # default options
+  OPTIONS = {
+     :statefile   => "/var/puppet/state/state.yaml",
+     :process     => "puppetd",
+     :interval    => 30,
+  }
+
+  o = OptionParser.new do |o|    
+    o.set_summary_indent('  ')
+    o.banner =    "Usage: #{script_name} [OPTIONS]"
+    o.define_head "The check_puppet Nagios plug-in checks that specified " +
+                  "Puppet process is running and the state file is no " +
+                  "older than specified interval."
+    o.separator   ""
+    o.separator   "Mandatory arguments to long options are mandatory for " +
+                  "short options too."
+  
+    o.on("-s", "--statefile=statefile", String, "The state file",
+         "Default: #{OPTIONS[:statefile]}") { |OPTIONS[:statefile]| }
+    o.on("-p", "--process=processname", String, "The process to check",
+         "Default: #{OPTIONS[:process]}")   { |OPTIONS[:process]| }
+    o.on("-i", "--interval=value", Integer, 
+         "Default: #{OPTIONS[:interval]} minutes")  { |OPTIONS[:interval]| }
+     
+    o.separator ""
+    o.on_tail("-h", "--help", "Show this help message.") do 
+      puts o
+      exit  
+    end
+  
+    o.parse!(ARGV)
+   end
+
+  def check_proc
+
+    unless ProcTable.ps.find { |p| p.name == OPTIONS[:process]}
+      @proc = 2
+    else
+      @proc = 0 
+    end
+  
+  end
+
+  def check_state
+
+    # Set variables
+    curt = Time.now
+    intv = OPTIONS[:interval] * 60
+
+    # Check file time
+    begin
+      @modt = File.mtime("#{OPTIONS[:statefile]}")
+    rescue
+      @file = 3
+    end
+ 
+    diff = (curt - @modt).to_i
+
+    if diff > intv
+      @file = 2
+    else
+      @file = 0
+    end
+
+  end
+
+  def output_status
+   
+    case @file
+    when 0
+      state = "state file status okay updated on " + @modt.strftime("%m/%d/%Y at %H:%M:%S")
+    when 2
+      state = "state fille is not up to date and is older than #{OPTIONS[:interval]} minutes"
+    when 3
+      state = "state file status unknown"
+    end
+
+    case @proc
+    when 0
+      process = "process #{OPTIONS[:process]} is running"
+    when 2
+      process = "process #{OPTIONS[:process]} is not running" 
+    end
+
+    case @proc or @file
+    when 0
+      status = "OK"
+      exitcode = 0
+    when 2
+      status = "CRITICAL"
+      exitcode = 2
+    when 3
+      status = "UNKNOWN"
+      exitcide = 3
+    end
+
+    puts "PUPPET " + status + ": " + process + ", " + state
+    exit(exitcode)
+ end
+end
+
+cp = CheckPuppet.new
+cp.check_proc
+cp.check_state
+cp.output_status
+

data/ext/puppetlast

@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+#
+# Script to print out when puppet ran successfully last
+# AJ Christensen <aj@junglist.gen.nz>
+#
+
+require 'puppet'
+require 'puppet/defaults'
+require 'yaml'
+
+Puppet[:config] = "/etc/puppet/puppet.conf"
+Puppet.parse_config
+
+print "puppetlast\n"
+
+nodes = {}
+
+yfdir = Puppet.settings.value(:vardir) + "/yaml/facts"
+
+if yfdir
+   begin
+      Dir.chdir(yfdir) do
+         Dir.glob("*.yaml").each do |yaml|
+            data = YAML.load_file(yaml)
+            t = Time.now
+            age = t - data.version
+            nodes[data.name] = age.to_i
+         end
+      end
+
+      nodes.sort.each do |node,age|
+         minutes = age / 60 + 0.5
+         print minutes.floor.to_s + ' minutes ago: ' + node + "\n"
+      end
+
+   rescue
+      print 'error: ' + $! + "\n"
+   end
+
+end

data/install.rb

@@ -78,7 +78,7 @@ rdoc  = glob(%w{bin/* sbin/* lib/**/*.rb README README-library CHANGELOG TODO In
 ri    = glob(%w(bin/*.rb sbin/* lib/**/*.rb)).reject { |e| e=~ /\.(bat|cmd)$/ }
 man   = glob(%w{man/man8/*})
 libs  = glob(%w{lib/**/*.rb lib/**/*.py})
-tests = glob(%w{tests/**/*.rb})
+tests = glob(%w{test/**/*.rb})
 
 def do_bins(bins, target, strip = 's?bin/')
   bins.each do |bf|
@@ -106,7 +106,7 @@ def do_man(man, strip = 'man/')
     File.install(mf, omf, 0644, true)
     gzip = %x{which gzip}
     gzip.chomp!
-    %x{#{gzip} #{omf}}
+    %x{#{gzip} -f #{omf}}
   end
 end
 
@@ -200,6 +200,15 @@ def prepare_installation
     end
   end
 
+  # Mac OS X 10.5 declares bindir and sbindir as
+  # /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin
+  # /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/sbin
+  # which is not generally where people expect executables to be installed
+  if RUBY_PLATFORM == "universal-darwin9.0"
+    Config::CONFIG['bindir'] = "/usr/bin"
+    Config::CONFIG['sbindir'] = "/usr/sbin"
+  end
+
   if (destdir = ENV['DESTDIR'])
     bindir = "#{destdir}#{Config::CONFIG['bindir']}"
     sbindir = "#{destdir}#{Config::CONFIG['sbindir']}"
@@ -374,7 +383,7 @@ EOS
 check_prereqs
 prepare_installation
 
-run_tests(tests) if InstallOptions.tests
+#run_tests(tests) if InstallOptions.tests
 #build_rdoc(rdoc) if InstallOptions.rdoc
 #build_ri(ri) if InstallOptions.ri
 #build_man(bins) if InstallOptions.man

data/lib/puppet.rb

@@ -25,7 +25,7 @@ require 'puppet/util/suidmanager'
 # it's also a place to find top-level commands like 'debug'
 
 module Puppet
-    PUPPETVERSION = '0.24.4'
+    PUPPETVERSION = '0.24.5'
 
     def Puppet.version
         return PUPPETVERSION
@@ -117,49 +117,6 @@ module Puppet
     # Load all of the configuration parameters.
     require 'puppet/defaults'
 
-    # Prints the contents of a config file with the available config elements, or it
-    # prints a single value of a config element.
-    def self.genconfig
-        if Puppet[:configprint] != ""
-            val = Puppet[:configprint]
-            if val == "all"
-                hash = {}
-                Puppet.settings.each do |name, obj|
-                    val = obj.value
-                    case val
-                    when true, false, "": val = val.inspect
-                    end
-                    hash[name] = val
-                end
-                hash.sort { |a,b| a[0].to_s <=> b[0].to_s }.each do |name, val|
-                    puts "%s = %s" % [name, val]
-                end
-            elsif val =~ /,/
-                val.split(/\s*,\s*/).sort.each do |v|
-                    if Puppet.settings.include?(v)
-                        puts "%s = %s" % [v, Puppet[v]]
-                    else
-                        puts "invalid parameter: %s" % v
-                        exit(1)
-                    end
-                end
-            else
-                val.split(/\s*,\s*/).sort.each do |v|
-                    if Puppet.settings.include?(v)
-                        puts Puppet[val]
-                    else
-                        puts "invalid parameter: %s" % v
-                        exit(1)
-                    end
-                end
-            end
-            exit(0)
-        end
-        if Puppet[:genconfig]
-            puts Puppet.settings.to_config
-            exit(0)
-        end
-    end
 
     def self.genmanifest
         if Puppet[:genmanifest]

data/lib/puppet/defaults.rb

@@ -69,8 +69,6 @@ module Puppet
         :rundir => { 
             :default => rundir,
             :mode => 01777,
-            :owner => "$user",
-            :group => "$group",
             :desc => "Where Puppet PID files are kept."
         },
         :genconfig => [false,
@@ -128,7 +126,7 @@ module Puppet
             This is more useful as a server-side setting than client, but any
             environment chosen must be in this list.  Values should be
             separated by a comma."],
-        :environment => {:default => "development", :desc => "The environment Puppet is running in.  For clients
+        :environment => {:default => "production", :desc => "The environment Puppet is running in.  For clients
             (e.g., ``puppetd``) this determines the environment itself, which
             is used to find modules and much more.  For servers (i.e.,
             ``puppetmasterd``) this provides the default environment for nodes
@@ -160,8 +158,12 @@ module Puppet
     end
 
     Puppet.setdefaults(:ssl,
-        :certname => [fqdn, "The name to use when handling certificates.  Defaults
-            to the fully qualified domain name."],
+        # We have to downcase the fqdn, because the current ssl stuff (as oppsed to in master) doesn't have good facilities for 
+        # manipulating naming.
+        :certname => {:default => fqdn.downcase, :desc => "The name to use when handling certificates.  Defaults
+            to the fully qualified domain name.",
+            :call_on_define => true, # Call our hook with the default value, so we're always downcased
+            :hook => proc { |value| raise(ArgumentError, "Certificate names must be lower case; see #1168") unless value == value.downcase }},
         :certdnsnames => ['', "The DNS names on the Server certificate as a colon-separated list.
             If it's anything other than an empty string, it will be used as an alias in the created
             certificate.  By default, only the server gets an alias set up, and only for 'puppet'."],
@@ -354,7 +356,9 @@ module Puppet
         # To make sure this directory is created before we try to use it on the server, we need
         # it to be in the server section (#1138).
         :yamldir => {:default => "$vardir/yaml", :owner => "$user", :group => "$user", :mode => "750",
-            :desc => "The directory in which YAML data is stored, usually in a subdirectory."}
+            :desc => "The directory in which YAML data is stored, usually in a subdirectory."},
+        :clientyamldir => {:default => "$vardir/client_yaml", :mode => "750",
+            :desc => "The directory in which client-side YAML data is stored."}
     )
 
     self.setdefaults(:puppetd,
@@ -412,7 +416,10 @@ module Puppet
         :ca_server => ["$server", "The server to use for certificate
             authority requests.  It's a separate server because it cannot
             and does not need to horizontally scale."],
-        :ca_port => ["$masterport", "The port to use for the certificate authority."]
+        :ca_port => ["$masterport", "The port to use for the certificate authority."],
+        :catalog_format => ["yaml", "What format to use to dump the catalog.  Only supports
+            'marshal' and 'yaml'.  Only matters on the client, since it asks the server
+            for a specific format."]
     )
         
     self.setdefaults(:filebucket,
@@ -505,9 +512,11 @@ module Puppet
 
     # Central fact information.
     self.setdefaults(:main,
-        :factpath => ["$vardir/facts",
-            "Where Puppet should look for facts.  Multiple directories should
-            be colon-separated, like normal PATH variables."],
+        :factpath => {:default => "$vardir/facts",
+            :desc => "Where Puppet should look for facts.  Multiple directories should
+                be colon-separated, like normal PATH variables.",
+            :call_on_define => true, # Call our hook with the default value, so we always get the value added to facter.
+            :hook => proc { |value| Facter.search(value) if Facter.respond_to?(:search) }},
         :factdest => ["$vardir/facts",
             "Where Puppet should store facts that it pulls down from the central
             server."],
@@ -622,6 +631,10 @@ module Puppet
         :ldapclassattrs => ["puppetclass",
             "The LDAP attributes to use to define Puppet classes.  Values
             should be comma-separated."],
+        :ldapstackedattrs => ["puppetvar",
+            "The LDAP attributes that should be stacked to arrays by adding
+            the values in all hierarchy elements of the tree.  Values
+            should be comma-separated."],
         :ldapattrs => ["all",
             "The LDAP attributes to include when querying LDAP for nodes.  All
             returned attributes are set as variables in the top-level scope.

data/lib/puppet/dsl.rb

@@ -1,7 +1,7 @@
 # Just quick mess-around to see what a DSL would look like.
 # 
 # This is what the executable could look like:
-##!/usr/bin/ruby
+##!/usr/bin/env ruby
 #
 #require 'puppet'
 #require 'puppet/dsl'
@@ -23,7 +23,7 @@
 # And here's what an example config could look like:
 #
 
-##!/usr/bin/ruby
+##!/usr/bin/env ruby
 #
 #
 # require 'puppet'

data/lib/puppet/executables/client/certhandler.rb

@@ -0,0 +1,77 @@
+
+module Puppet
+    module Executables
+        module Client
+            class CertHandler
+                attr_writer :wait_for_cert, :one_time
+                attr_reader :new_cert
+                
+                def initialize(wait_time, is_one_time)
+                    @wait_for_cert = wait_time
+                    @one_time = is_one_time
+                    @new_cert = false
+                end
+
+                # Did we just read a cert?
+                def new_cert?
+                    new_cert
+                end
+                
+                # Read, or retrieve if necessary, our certificate.  Returns true if we retrieved
+                # a new cert, false if the cert already exists.
+                def read_retrieve 
+                    #NOTE: ACS this is checking that a file exists, maybe next time just do that?
+                    unless read_cert 
+                        # If we don't already have the certificate, then create a client to
+                        # request one.  Use the special ca stuff, don't use the normal server and port.
+                        retrieve_cert
+                    end
+
+                    ! new_cert?
+                end
+
+                def retrieve_cert
+                    caclient = Puppet::Network::Client.ca.new()
+
+                    while true do
+                       begin
+                           if caclient.request_cert 
+                               break if read_new_cert
+                           else
+                               Puppet.notice "Did not receive certificate"
+                               if @one_time 
+                                   Puppet.notice "Set to run 'one time'; exiting with no certificate"
+                                   exit(1)
+                               end
+                           end
+                       rescue StandardError => detail
+                          Puppet.err "Could not request certificate: %s" % detail.to_s
+                          exit(23) if @one_time
+                       end
+
+                       sleep @wait_for_cert 
+                    end
+                end
+
+                def read_cert
+                    Puppet::Network::HttpPool.read_cert
+                end
+
+                def read_new_cert
+                    if Puppet::Network::HttpPool.read_cert
+                        # If we read it in, then we need to get rid of our existing http connection.
+                        # The @new_cert flag will help us do that, in that it provides a way
+                        # to notify that the cert status has changed.
+                        @new_cert = true
+                        Puppet.notice "Got signed certificate"
+                    else
+                        Puppet.err "Could not read certificates after retrieving them"
+                        exit(34) if @one_time
+                    end
+
+                    return @new_cert
+                end
+            end
+        end
+    end
+end