puppet 0.24.9 → 0.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +18680 -1241
- data/CHANGELOG.old +1705 -0
- data/LICENSE +2 -2
- data/README +1 -1
- data/README.queueing +126 -0
- data/README.rst +4 -4
- data/Rakefile +62 -216
- data/bin/filebucket +6 -117
- data/bin/pi +50 -0
- data/bin/puppet +7 -188
- data/bin/puppetdoc +7 -198
- data/bin/ralsh +4 -191
- data/conf/auth.conf +94 -0
- data/conf/gentoo/init.d/puppetmaster +30 -30
- data/conf/osx/PackageInfo.plist +30 -30
- data/conf/osx/createpackage.sh +23 -18
- data/conf/osx/preflight +8 -0
- data/conf/puppet-queue.conf +10 -0
- data/conf/redhat/client.init +52 -41
- data/conf/redhat/logrotate +1 -0
- data/conf/redhat/puppet.spec +74 -36
- data/conf/redhat/rundir-perms.patch +28 -0
- data/conf/redhat/server.init +48 -43
- data/conf/redhat/server.sysconfig +4 -4
- data/conf/solaris/smf/puppetd.xml +53 -53
- data/conf/solaris/smf/puppetmasterd.xml +53 -53
- data/conf/solaris/smf/svc-puppetd +4 -4
- data/conf/solaris/smf/svc-puppetmasterd +3 -3
- data/conf/suse/client.init +4 -4
- data/conf/suse/puppet.spec +14 -14
- data/conf/suse/server.init +17 -17
- data/examples/etc/init.d/sleeper +8 -8
- data/examples/mac_dscl.pp +2 -2
- data/examples/mac_dscl_revert.pp +1 -1
- data/examples/mcx_dock_default.pp +108 -108
- data/examples/mcx_dock_full.pp +108 -108
- data/examples/mcx_nogroup.pp +108 -108
- data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +5 -5
- data/examples/modules/sample-module/manifests/init.pp +2 -2
- data/examples/relationships +1 -1
- data/ext/autotest/config +6 -6
- data/ext/bin/sleeper +12 -12
- data/ext/dbfix.sql +21 -21
- data/ext/emacs/puppet-mode.el +42 -41
- data/ext/extlookup.rb +183 -0
- data/ext/ldap/puppet.schema +2 -1
- data/ext/logcheck/puppet +1 -1
- data/ext/module_puppet +7 -7
- data/ext/nagios/check_puppet.rb +83 -83
- data/ext/nagios/naggen +302 -0
- data/ext/puppet-test +61 -18
- data/ext/puppetlisten/puppetlisten.rb +76 -0
- data/ext/puppetlisten/puppetrun.rb +39 -0
- data/ext/puppetstoredconfigclean.rb +29 -29
- data/ext/rack/README +73 -0
- data/ext/rack/files/apache2.conf +38 -0
- data/ext/rack/files/config.ru +18 -0
- data/ext/rack/manifest.pp +59 -0
- data/ext/vim/syntax/puppet.vim +54 -35
- data/install.rb +37 -26
- data/lib/puppet.rb +15 -227
- data/lib/puppet/agent.rb +134 -0
- data/lib/puppet/agent/locker.rb +42 -0
- data/lib/puppet/agent/runner.rb +65 -0
- data/lib/puppet/application.rb +313 -0
- data/lib/puppet/application/filebucket.rb +87 -0
- data/lib/puppet/application/pi.rb +214 -0
- data/lib/puppet/application/puppet.rb +177 -0
- data/lib/puppet/application/puppetca.rb +71 -0
- data/lib/puppet/application/puppetd.rb +256 -0
- data/lib/puppet/application/puppetdoc.rb +222 -0
- data/lib/puppet/application/puppetmasterd.rb +168 -0
- data/lib/puppet/application/puppetqd.rb +96 -0
- data/lib/puppet/application/puppetrun.rb +219 -0
- data/lib/puppet/application/ralsh.rb +168 -0
- data/lib/puppet/configurer.rb +177 -0
- data/lib/puppet/configurer/downloader.rb +79 -0
- data/lib/puppet/configurer/fact_handler.rb +68 -0
- data/lib/puppet/configurer/plugin_handler.rb +26 -0
- data/lib/puppet/daemon.rb +78 -28
- data/lib/puppet/defaults.rb +239 -166
- data/lib/puppet/dsl.rb +7 -7
- data/lib/puppet/external/dot.rb +271 -271
- data/lib/puppet/external/event-loop/better-definers.rb +298 -298
- data/lib/puppet/external/event-loop/event-loop.rb +274 -274
- data/lib/puppet/external/event-loop/signal-system.rb +163 -163
- data/lib/puppet/external/lock.rb +1 -1
- data/lib/puppet/external/nagios.rb +20 -20
- data/lib/puppet/external/nagios/base.rb +3 -3
- data/lib/puppet/external/nagios/grammar.ry +185 -0
- data/lib/puppet/external/nagios/makefile +9 -0
- data/lib/puppet/external/nagios/parser.rb +1 -1
- data/lib/puppet/feature/json.rb +2 -0
- data/lib/puppet/feature/rack.rb +24 -0
- data/lib/puppet/feature/rails.rb +23 -33
- data/lib/puppet/feature/rubygems.rb +6 -0
- data/lib/puppet/feature/stomp.rb +6 -0
- data/lib/puppet/file_serving/{file_base.rb → base.rb} +10 -9
- data/lib/puppet/file_serving/configuration.rb +61 -61
- data/lib/puppet/file_serving/configuration/parser.rb +24 -29
- data/lib/puppet/file_serving/content.rb +26 -11
- data/lib/puppet/file_serving/fileset.rb +54 -19
- data/lib/puppet/file_serving/indirection_hooks.rb +12 -24
- data/lib/puppet/file_serving/metadata.rb +8 -8
- data/lib/puppet/file_serving/mount.rb +9 -151
- data/lib/puppet/file_serving/mount/file.rb +126 -0
- data/lib/puppet/file_serving/mount/modules.rb +25 -0
- data/lib/puppet/file_serving/mount/plugins.rb +27 -0
- data/lib/puppet/file_serving/terminus_helper.rb +9 -4
- data/lib/puppet/indirector.rb +6 -4
- data/lib/puppet/indirector/active_record.rb +28 -0
- data/lib/puppet/indirector/catalog/active_record.rb +36 -0
- data/lib/puppet/indirector/catalog/compiler.rb +50 -24
- data/lib/puppet/indirector/catalog/queue.rb +5 -0
- data/lib/puppet/indirector/catalog/rest.rb +6 -0
- data/lib/puppet/indirector/catalog/yaml.rb +2 -4
- data/lib/puppet/indirector/certificate/ca.rb +9 -0
- data/lib/puppet/indirector/certificate/file.rb +9 -0
- data/lib/puppet/indirector/certificate/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_request/ca.rb +14 -0
- data/lib/puppet/indirector/certificate_request/file.rb +8 -0
- data/lib/puppet/indirector/certificate_request/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +9 -0
- data/lib/puppet/indirector/direct_file_server.rb +4 -8
- data/lib/puppet/indirector/exec.rb +2 -6
- data/lib/puppet/indirector/facts/active_record.rb +36 -0
- data/lib/puppet/indirector/facts/facter.rb +30 -22
- data/lib/puppet/indirector/facts/rest.rb +6 -0
- data/lib/puppet/indirector/file.rb +1 -0
- data/lib/puppet/indirector/file_content/rest.rb +0 -1
- data/lib/puppet/indirector/file_metadata/file.rb +2 -2
- data/lib/puppet/indirector/file_metadata/rest.rb +0 -1
- data/lib/puppet/indirector/file_server.rb +31 -18
- data/lib/puppet/indirector/indirection.rb +46 -33
- data/lib/puppet/indirector/key/ca.rb +12 -0
- data/lib/puppet/indirector/key/file.rb +42 -0
- data/lib/puppet/indirector/node/active_record.rb +13 -0
- data/lib/puppet/indirector/node/ldap.rb +1 -1
- data/lib/puppet/indirector/queue.rb +83 -0
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/indirector/report/rest.rb +7 -0
- data/lib/puppet/indirector/request.rb +158 -15
- data/lib/puppet/indirector/rest.rb +74 -36
- data/lib/puppet/indirector/runner/rest.rb +7 -0
- data/lib/puppet/indirector/ssl_file.rb +174 -0
- data/lib/puppet/indirector/terminus.rb +4 -4
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/metatype/manager.rb +3 -3
- data/lib/puppet/module.rb +99 -124
- data/lib/puppet/network/authconfig.rb +57 -42
- data/lib/puppet/network/authstore.rb +58 -10
- data/lib/puppet/network/client.rb +0 -2
- data/lib/puppet/network/client/ca.rb +1 -1
- data/lib/puppet/network/client/dipper.rb +7 -2
- data/lib/puppet/network/format.rb +123 -0
- data/lib/puppet/network/format_handler.rb +156 -0
- data/lib/puppet/network/formats.rb +123 -0
- data/lib/puppet/network/handler/filebucket.rb +1 -1
- data/lib/puppet/network/handler/fileserver.rb +43 -35
- data/lib/puppet/network/handler/master.rb +4 -4
- data/lib/puppet/network/handler/report.rb +1 -1
- data/lib/puppet/network/handler/resource.rb +16 -20
- data/lib/puppet/network/handler/runner.rb +9 -42
- data/lib/puppet/network/http.rb +4 -4
- data/lib/puppet/network/http/api.rb +4 -0
- data/lib/puppet/network/http/api/v1.rb +65 -0
- data/lib/puppet/network/http/handler.rb +163 -56
- data/lib/puppet/network/http/mongrel.rb +19 -15
- data/lib/puppet/network/http/mongrel/rest.rb +35 -17
- data/lib/puppet/network/http/rack.rb +62 -0
- data/lib/puppet/network/http/rack/httphandler.rb +34 -0
- data/lib/puppet/network/http/rack/rest.rb +79 -0
- data/lib/puppet/network/http/rack/xmlrpc.rb +65 -0
- data/lib/puppet/network/http/webrick.rb +89 -16
- data/lib/puppet/network/http/webrick/rest.rb +24 -11
- data/lib/puppet/network/http_pool.rb +28 -29
- data/lib/puppet/network/http_server/mongrel.rb +8 -10
- data/lib/puppet/network/http_server/webrick.rb +1 -3
- data/lib/puppet/network/rest_authconfig.rb +89 -0
- data/lib/puppet/network/rest_authorization.rb +25 -0
- data/lib/puppet/network/rights.rb +230 -27
- data/lib/puppet/network/server.rb +133 -31
- data/lib/puppet/network/xmlrpc/client.rb +5 -5
- data/lib/puppet/network/xmlrpc/webrick_servlet.rb +6 -6
- data/lib/puppet/node.rb +28 -21
- data/lib/puppet/node/environment.rb +48 -0
- data/lib/puppet/node/facts.rb +21 -0
- data/lib/puppet/parameter.rb +291 -219
- data/lib/puppet/parser/ast.rb +1 -0
- data/lib/puppet/parser/ast/astarray.rb +5 -1
- data/lib/puppet/parser/ast/boolean_operator.rb +3 -3
- data/lib/puppet/parser/ast/caseopt.rb +10 -0
- data/lib/puppet/parser/ast/casestatement.rb +12 -27
- data/lib/puppet/parser/ast/collection.rb +31 -0
- data/lib/puppet/parser/ast/collexpr.rb +18 -11
- data/lib/puppet/parser/ast/comparison_operator.rb +1 -1
- data/lib/puppet/parser/ast/definition.rb +6 -2
- data/lib/puppet/parser/ast/function.rb +7 -2
- data/lib/puppet/parser/ast/ifstatement.rb +11 -6
- data/lib/puppet/parser/ast/leaf.rb +106 -3
- data/lib/puppet/parser/ast/match_operator.rb +31 -0
- data/lib/puppet/parser/ast/node.rb +10 -6
- data/lib/puppet/parser/ast/resource_defaults.rb +2 -2
- data/lib/puppet/parser/ast/resource_override.rb +1 -1
- data/lib/puppet/parser/ast/resource_reference.rb +11 -3
- data/lib/puppet/parser/ast/selector.rb +14 -32
- data/lib/puppet/parser/ast/vardef.rb +1 -1
- data/lib/puppet/parser/collector.rb +67 -15
- data/lib/puppet/parser/compiler.rb +21 -53
- data/lib/puppet/parser/files.rb +92 -0
- data/lib/puppet/parser/functions.rb +3 -3
- data/lib/puppet/parser/functions/defined.rb +3 -3
- data/lib/puppet/parser/functions/fqdn_rand.rb +3 -3
- data/lib/puppet/parser/functions/inline_template.rb +4 -4
- data/lib/puppet/parser/functions/regsubst.rb +37 -35
- data/lib/puppet/parser/functions/require.rb +34 -0
- data/lib/puppet/parser/functions/shellquote.rb +41 -0
- data/lib/puppet/parser/functions/split.rb +29 -0
- data/lib/puppet/parser/functions/sprintf.rb +6 -6
- data/lib/puppet/parser/functions/template.rb +4 -4
- data/lib/puppet/parser/functions/versioncmp.rb +22 -1
- data/lib/puppet/parser/grammar.ra +812 -0
- data/lib/puppet/parser/interpreter.rb +4 -4
- data/lib/puppet/parser/lexer.rb +44 -15
- data/lib/puppet/parser/loaded_code.rb +115 -0
- data/lib/puppet/parser/makefile +8 -0
- data/lib/puppet/parser/parser.rb +1080 -928
- data/lib/puppet/parser/parser_support.rb +118 -96
- data/lib/puppet/parser/resource.rb +56 -126
- data/lib/puppet/parser/resource/param.rb +2 -76
- data/lib/puppet/parser/resource/reference.rb +15 -8
- data/lib/puppet/parser/scope.rb +68 -35
- data/lib/puppet/parser/templatewrapper.rb +8 -8
- data/lib/puppet/parser/yaml_trimmer.rb +11 -0
- data/lib/puppet/property.rb +69 -124
- data/lib/puppet/property/list.rb +3 -3
- data/lib/puppet/provider.rb +5 -5
- data/lib/puppet/provider/augeas/augeas.rb +119 -118
- data/lib/puppet/provider/computer/computer.rb +3 -3
- data/lib/puppet/provider/confine/variable.rb +1 -1
- data/lib/puppet/provider/cron/crontab.rb +8 -7
- data/lib/puppet/provider/group/directoryservice.rb +2 -2
- data/lib/puppet/provider/group/groupadd.rb +1 -1
- data/lib/puppet/provider/group/ldap.rb +3 -3
- data/lib/puppet/provider/group/pw.rb +1 -1
- data/lib/puppet/provider/host/parsed.rb +3 -3
- data/lib/puppet/provider/ldap.rb +1 -3
- data/lib/puppet/provider/macauthorization/macauthorization.rb +62 -55
- data/lib/puppet/provider/mailalias/aliases.rb +9 -1
- data/lib/puppet/provider/maillist/mailman.rb +8 -4
- data/lib/puppet/provider/mcx/mcxcontent.rb +11 -11
- data/lib/puppet/provider/mount/parsed.rb +2 -2
- data/lib/puppet/provider/nameservice.rb +6 -6
- data/lib/puppet/provider/nameservice/directoryservice.rb +83 -87
- data/lib/puppet/provider/package/appdmg.rb +10 -9
- data/lib/puppet/provider/package/apple.rb +1 -3
- data/lib/puppet/provider/package/apt.rb +5 -5
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/aptrpm.rb +1 -1
- data/lib/puppet/provider/package/darwinport.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +2 -2
- data/lib/puppet/provider/package/fink.rb +6 -6
- data/lib/puppet/provider/package/freebsd.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +2 -2
- data/lib/puppet/provider/package/hpux.rb +5 -5
- data/lib/puppet/provider/package/pkgdmg.rb +30 -22
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +5 -5
- data/lib/puppet/provider/package/rug.rb +1 -1
- data/lib/puppet/provider/package/sun.rb +7 -7
- data/lib/puppet/provider/package/up2date.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/package/yumhelper.py +2 -2
- data/lib/puppet/provider/port/parsed.rb +1 -1
- data/lib/puppet/provider/selmodule/semodule.rb +3 -3
- data/lib/puppet/provider/service/base.rb +21 -12
- data/lib/puppet/provider/service/daemontools.rb +86 -49
- data/lib/puppet/provider/service/debian.rb +20 -12
- data/lib/puppet/provider/service/freebsd.rb +5 -5
- data/lib/puppet/provider/service/gentoo.rb +2 -2
- data/lib/puppet/provider/service/init.rb +21 -33
- data/lib/puppet/provider/service/launchd.rb +120 -48
- data/lib/puppet/provider/service/redhat.rb +12 -21
- data/lib/puppet/provider/service/runit.rb +19 -9
- data/lib/puppet/provider/service/smf.rb +49 -34
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +34 -0
- data/lib/puppet/provider/sshkey/parsed.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +12 -29
- data/lib/puppet/provider/user/hpux.rb +3 -3
- data/lib/puppet/provider/user/ldap.rb +2 -2
- data/lib/puppet/provider/zfs/solaris.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +4 -4
- data/lib/puppet/provider/zpool/solaris.rb +3 -3
- data/lib/puppet/rails.rb +9 -9
- data/lib/puppet/rails/benchmark.rb +69 -0
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +5 -5
- data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +2 -2
- data/lib/puppet/rails/database/003_add_environment_to_host.rb +1 -1
- data/lib/puppet/rails/database/schema.rb +8 -8
- data/lib/puppet/rails/fact_value.rb +1 -1
- data/lib/puppet/rails/host.rb +211 -93
- data/lib/puppet/rails/param_name.rb +5 -1
- data/lib/puppet/rails/param_value.rb +29 -2
- data/lib/puppet/rails/puppet_tag.rb +5 -0
- data/lib/puppet/rails/resource.rb +120 -20
- data/lib/puppet/rails/resource_tag.rb +1 -1
- data/lib/puppet/rails/source_file.rb +1 -1
- data/lib/puppet/reference/configuration.rb +14 -14
- data/lib/puppet/reference/function.rb +1 -1
- data/lib/puppet/reference/metaparameter.rb +48 -0
- data/lib/puppet/reference/providers.rb +6 -6
- data/lib/puppet/reference/type.rb +1 -37
- data/lib/puppet/relationship.rb +57 -30
- data/lib/puppet/reports/rrdgraph.rb +4 -4
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +15 -15
- data/lib/puppet/resource.rb +265 -0
- data/lib/puppet/{node → resource}/catalog.rb +188 -112
- data/lib/puppet/{resource_reference.rb → resource/reference.rb} +46 -24
- data/lib/puppet/simple_graph.rb +165 -27
- data/lib/puppet/ssl.rb +7 -0
- data/lib/puppet/ssl/base.rb +62 -0
- data/lib/puppet/ssl/certificate.rb +34 -0
- data/lib/puppet/ssl/certificate_authority.rb +298 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +118 -0
- data/lib/puppet/ssl/certificate_factory.rb +145 -0
- data/lib/puppet/ssl/certificate_request.rb +51 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +86 -0
- data/lib/puppet/ssl/host.rb +271 -0
- data/lib/puppet/ssl/inventory.rb +52 -0
- data/lib/puppet/ssl/key.rb +56 -0
- data/lib/puppet/sslcertificates.rb +6 -6
- data/lib/puppet/sslcertificates/ca.rb +15 -15
- data/lib/puppet/sslcertificates/certificate.rb +4 -4
- data/lib/puppet/sslcertificates/inventory.rb +3 -3
- data/lib/puppet/transaction.rb +113 -139
- data/lib/puppet/transaction/change.rb +6 -6
- data/lib/puppet/transaction/event.rb +1 -1
- data/lib/puppet/transaction/report.rb +7 -1
- data/lib/puppet/transportable.rb +28 -28
- data/lib/puppet/type.rb +263 -688
- data/lib/puppet/type/augeas.rb +3 -2
- data/lib/puppet/type/component.rb +28 -95
- data/lib/puppet/type/computer.rb +10 -10
- data/lib/puppet/type/cron.rb +19 -14
- data/lib/puppet/type/exec.rb +21 -20
- data/lib/puppet/type/file.rb +306 -633
- data/lib/puppet/type/file/checksum.rb +10 -11
- data/lib/puppet/type/file/content.rb +83 -22
- data/lib/puppet/type/file/ensure.rb +15 -9
- data/lib/puppet/type/file/group.rb +7 -1
- data/lib/puppet/type/file/mode.rb +1 -1
- data/lib/puppet/type/file/owner.rb +9 -3
- data/lib/puppet/type/file/selcontext.rb +4 -4
- data/lib/puppet/type/file/source.rb +78 -179
- data/lib/puppet/type/file/target.rb +3 -3
- data/lib/puppet/type/file/type.rb +2 -2
- data/lib/puppet/type/filebucket.rb +33 -54
- data/lib/puppet/type/group.rb +8 -8
- data/lib/puppet/type/host.rb +7 -7
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/macauthorization.rb +77 -52
- data/lib/puppet/type/mailalias.rb +2 -2
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +3 -3
- data/lib/puppet/type/mount.rb +16 -11
- data/lib/puppet/type/notify.rb +4 -4
- data/lib/puppet/type/package.rb +6 -28
- data/lib/puppet/type/port.rb +1 -1
- data/lib/puppet/type/resources.rb +19 -19
- data/lib/puppet/type/schedule.rb +18 -20
- data/lib/puppet/type/selmodule.rb +1 -1
- data/lib/puppet/type/service.rb +11 -7
- data/lib/puppet/type/ssh_authorized_key.rb +26 -9
- data/lib/puppet/type/sshkey.rb +2 -2
- data/lib/puppet/type/tidy.rb +285 -289
- data/lib/puppet/type/user.rb +9 -7
- data/lib/puppet/type/yumrepo.rb +17 -16
- data/lib/puppet/type/zone.rb +8 -7
- data/lib/puppet/util.rb +11 -36
- data/lib/puppet/util/autoload.rb +31 -19
- data/lib/puppet/util/autoload/file_cache.rb +115 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/cacher.rb +135 -0
- data/lib/puppet/util/checksums.rb +11 -1
- data/lib/puppet/util/classgen.rb +1 -1
- data/lib/puppet/util/config_store.rb +2 -2
- data/lib/puppet/util/constant_inflector.rb +1 -1
- data/lib/puppet/util/diff.rb +2 -2
- data/lib/puppet/util/docs.rb +9 -3
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/feature.rb +27 -20
- data/lib/puppet/util/fileparsing.rb +3 -3
- data/lib/puppet/util/filetype.rb +8 -6
- data/lib/puppet/util/graph.rb +5 -5
- data/lib/puppet/util/inifile.rb +5 -5
- data/lib/puppet/util/json.rb +13 -0
- data/lib/puppet/util/ldap/connection.rb +2 -2
- data/lib/puppet/util/log.rb +48 -31
- data/lib/puppet/util/metric.rb +4 -4
- data/lib/puppet/util/monkey_patches.rb +43 -0
- data/lib/puppet/util/nagios_maker.rb +1 -1
- data/lib/puppet/util/package.rb +4 -4
- data/lib/puppet/util/pidlock.rb +59 -59
- data/lib/puppet/util/posix.rb +13 -52
- data/lib/puppet/util/provider_features.rb +3 -3
- data/lib/puppet/util/queue.rb +96 -0
- data/lib/puppet/util/queue/stomp.rb +47 -0
- data/lib/puppet/util/rails/cache_accumulator.rb +65 -0
- data/lib/puppet/util/rails/collection_merger.rb +0 -39
- data/lib/puppet/util/rails/reference_serializer.rb +17 -3
- data/lib/puppet/util/rdoc.rb +1 -0
- data/lib/puppet/util/rdoc/code_objects.rb +5 -1
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +5 -5
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +13 -13
- data/lib/puppet/util/rdoc/parser.rb +28 -32
- data/lib/puppet/util/reference.rb +29 -8
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +12 -6
- data/lib/puppet/util/settings.rb +203 -578
- data/lib/puppet/util/settings/boolean_setting.rb +33 -0
- data/lib/puppet/util/settings/file_setting.rb +119 -0
- data/lib/puppet/util/settings/setting.rb +110 -0
- data/lib/puppet/util/subclass_loader.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +2 -2
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/warnings.rb +17 -9
- data/man/man8/filebucket.8 +2 -2
- data/man/man8/pi.8 +2 -2
- data/man/man8/puppet.8 +3 -4
- data/man/man8/puppet.conf.8 +63 -63
- data/man/man8/puppetca.8 +2 -2
- data/man/man8/puppetd.8 +2 -2
- data/man/man8/puppetdoc.8 +2 -2
- data/man/man8/puppetmasterd.8 +2 -2
- data/man/man8/puppetrun.8 +2 -2
- data/man/man8/ralsh.8 +3 -3
- data/sbin/puppetca +102 -0
- data/sbin/puppetd +159 -0
- data/sbin/puppetmasterd +66 -0
- data/sbin/puppetqd +53 -0
- data/sbin/puppetrun +130 -0
- data/spec/Rakefile +2 -2
- data/spec/integration/application/puppet.rb +33 -0
- data/spec/integration/bin/puppetmasterd.rb +110 -0
- data/spec/integration/configurer.rb +18 -0
- data/spec/integration/defaults.rb +158 -7
- data/spec/integration/file_serving/content.rb +2 -0
- data/spec/integration/file_serving/fileset.rb +14 -0
- data/spec/integration/file_serving/metadata.rb +2 -0
- data/spec/integration/file_serving/terminus_helper.rb +22 -0
- data/spec/integration/indirector/catalog/compiler.rb +67 -0
- data/spec/integration/indirector/catalog/queue.rb +61 -0
- data/spec/integration/indirector/certificate/rest.rb +69 -0
- data/spec/integration/indirector/certificate_request/rest.rb +89 -0
- data/spec/integration/indirector/certificate_revocation_list/rest.rb +77 -0
- data/spec/integration/indirector/direct_file_server.rb +16 -23
- data/spec/integration/indirector/file_content/file_server.rb +75 -0
- data/spec/integration/indirector/report/rest.rb +95 -0
- data/spec/integration/indirector/rest.rb +207 -147
- data/spec/integration/network/client.rb +19 -0
- data/spec/integration/network/formats.rb +110 -0
- data/spec/integration/network/handler.rb +25 -0
- data/spec/integration/network/server/mongrel.rb +26 -8
- data/spec/integration/network/server/webrick.rb +49 -11
- data/spec/integration/node/environment.rb +58 -0
- data/spec/integration/node/facts.rb +4 -2
- data/spec/integration/parser/compiler.rb +29 -0
- data/spec/integration/parser/functions/require.rb +67 -0
- data/spec/integration/provider/mailalias/aliases.rb +25 -0
- data/spec/integration/{node → resource}/catalog.rb +17 -10
- data/spec/integration/ssl/certificate_authority.rb +135 -0
- data/spec/integration/ssl/certificate_request.rb +59 -0
- data/spec/integration/ssl/certificate_revocation_list.rb +42 -0
- data/spec/integration/ssl/host.rb +90 -0
- data/spec/integration/transaction.rb +66 -0
- data/spec/integration/transaction/report.rb +2 -5
- data/spec/integration/type.rb +22 -0
- data/spec/integration/type/file.rb +458 -0
- data/spec/integration/type/package.rb +1 -1
- data/spec/integration/type/tidy.rb +27 -0
- data/spec/integration/util/autoload.rb +114 -0
- data/spec/integration/util/feature.rb +54 -0
- data/spec/integration/util/file_locking.rb +2 -1
- data/spec/integration/util/settings.rb +27 -0
- data/spec/lib/puppet_spec/files.rb +9 -0
- data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +1 -0
- data/spec/monkey_patches/alias_should_to_must.rb +1 -0
- data/spec/shared_behaviours/file_server_terminus.rb +14 -11
- data/spec/shared_behaviours/file_serving.rb +13 -17
- data/spec/spec_helper.rb +22 -5
- data/spec/unit/agent.rb +259 -0
- data/spec/unit/agent/locker.rb +100 -0
- data/spec/unit/agent/runner.rb +118 -0
- data/spec/unit/application.rb +420 -0
- data/spec/unit/application/filebucket.rb +220 -0
- data/spec/unit/application/pi.rb +84 -0
- data/spec/unit/application/puppet.rb +404 -0
- data/spec/unit/application/puppetca.rb +142 -0
- data/spec/unit/application/puppetd.rb +502 -0
- data/spec/unit/application/puppetdoc.rb +345 -0
- data/spec/unit/application/puppetmasterd.rb +456 -0
- data/spec/unit/application/puppetqd.rb +186 -0
- data/spec/unit/application/puppetrun.rb +279 -0
- data/spec/unit/application/ralsh.rb +237 -0
- data/spec/unit/configurer.rb +232 -0
- data/spec/unit/configurer/downloader.rb +188 -0
- data/spec/unit/configurer/fact_handler.rb +150 -0
- data/spec/unit/configurer/plugin_handler.rb +112 -0
- data/spec/unit/daemon.rb +287 -0
- data/spec/unit/file_serving/{file_base.rb → base.rb} +39 -31
- data/spec/unit/file_serving/configuration.rb +104 -93
- data/spec/unit/file_serving/configuration/parser.rb +64 -18
- data/spec/unit/file_serving/content.rb +65 -26
- data/spec/unit/file_serving/fileset.rb +116 -14
- data/spec/unit/file_serving/indirection_hooks.rb +34 -95
- data/spec/unit/file_serving/metadata.rb +27 -40
- data/spec/unit/file_serving/mount.rb +7 -118
- data/spec/unit/file_serving/mount/file.rb +188 -0
- data/spec/unit/file_serving/mount/modules.rb +63 -0
- data/spec/unit/file_serving/mount/plugins.rb +61 -0
- data/spec/unit/file_serving/terminus_helper.rb +39 -27
- data/spec/unit/indirector.rb +6 -1
- data/spec/unit/indirector/active_record.rb +76 -0
- data/spec/unit/indirector/catalog/active_record.rb +122 -0
- data/spec/unit/indirector/catalog/compiler.rb +222 -118
- data/spec/unit/indirector/catalog/queue.rb +20 -0
- data/spec/unit/indirector/catalog/rest.rb +11 -0
- data/spec/unit/indirector/catalog/yaml.rb +6 -6
- data/spec/unit/indirector/certificate/ca.rb +28 -0
- data/spec/unit/indirector/certificate/file.rb +28 -0
- data/spec/unit/indirector/certificate/rest.rb +23 -0
- data/spec/unit/indirector/certificate_request/ca.rb +19 -0
- data/spec/unit/indirector/certificate_request/file.rb +19 -0
- data/spec/unit/indirector/certificate_request/rest.rb +23 -0
- data/spec/unit/indirector/certificate_revocation_list/ca.rb +21 -0
- data/spec/unit/indirector/certificate_revocation_list/file.rb +20 -0
- data/spec/unit/indirector/certificate_revocation_list/rest.rb +23 -0
- data/spec/unit/indirector/direct_file_server.rb +3 -8
- data/spec/unit/indirector/exec.rb +6 -1
- data/spec/unit/indirector/facts/active_record.rb +104 -0
- data/spec/unit/indirector/facts/facter.rb +53 -12
- data/spec/unit/indirector/facts/rest.rb +11 -0
- data/spec/unit/indirector/file.rb +8 -1
- data/spec/unit/indirector/file_metadata/file.rb +5 -5
- data/spec/unit/indirector/file_server.rb +181 -98
- data/spec/unit/indirector/indirection.rb +102 -38
- data/spec/unit/indirector/key/ca.rb +28 -0
- data/spec/unit/indirector/key/file.rb +104 -0
- data/spec/unit/indirector/node/active_record.rb +34 -0
- data/spec/unit/indirector/node/ldap.rb +1 -1
- data/spec/unit/indirector/node/rest.rb +2 -2
- data/spec/unit/indirector/queue.rb +123 -0
- data/spec/unit/indirector/report/rest.rb +28 -0
- data/spec/unit/indirector/request.rb +221 -0
- data/spec/unit/indirector/rest.rb +343 -334
- data/spec/unit/indirector/runner/rest.rb +11 -0
- data/spec/unit/indirector/ssl_file.rb +280 -0
- data/spec/unit/module.rb +180 -180
- data/spec/unit/network/authconfig.rb +292 -0
- data/spec/unit/network/authstore.rb +94 -0
- data/spec/unit/network/client.rb +2 -2
- data/spec/unit/network/client/dipper.rb +16 -0
- data/spec/unit/network/format.rb +191 -0
- data/spec/unit/network/format_handler.rb +306 -0
- data/spec/unit/network/formats.rb +249 -0
- data/spec/unit/network/handler/fileserver.rb +2 -5
- data/spec/unit/network/http.rb +3 -3
- data/spec/unit/network/http/api/v1.rb +122 -0
- data/spec/unit/network/http/handler.rb +448 -0
- data/spec/unit/network/http/mongrel.rb +46 -32
- data/spec/unit/network/http/mongrel/rest.rb +174 -319
- data/spec/unit/network/http/rack.rb +102 -0
- data/spec/unit/network/http/rack/rest.rb +199 -0
- data/spec/unit/network/http/rack/xmlrpc.rb +157 -0
- data/spec/unit/network/http/webrick.rb +249 -37
- data/spec/unit/network/http/webrick/rest.rb +113 -279
- data/spec/unit/network/http_pool.rb +86 -110
- data/spec/unit/network/rest_authconfig.rb +146 -0
- data/spec/unit/network/rest_authorization.rb +43 -0
- data/spec/unit/network/rights.rb +519 -0
- data/spec/unit/network/server.rb +475 -257
- data/spec/unit/node.rb +43 -10
- data/spec/unit/node/environment.rb +143 -9
- data/spec/unit/node/facts.rb +77 -24
- data/spec/unit/other/selinux.rb +85 -0
- data/spec/unit/other/transbucket.rb +29 -13
- data/spec/unit/other/transobject.rb +35 -15
- data/spec/unit/parameter.rb +378 -5
- data/spec/unit/parser/ast.rb +1 -1
- data/spec/unit/parser/ast/arithmetic_operator.rb +17 -17
- data/spec/unit/parser/ast/astarray.rb +16 -10
- data/spec/unit/parser/ast/boolean_operator.rb +2 -2
- data/spec/unit/parser/ast/casestatement.rb +143 -0
- data/spec/unit/parser/ast/collection.rb +63 -0
- data/spec/unit/parser/ast/collexpr.rb +31 -8
- data/spec/unit/parser/ast/comparison_operator.rb +9 -9
- data/spec/unit/parser/ast/definition.rb +18 -0
- data/spec/unit/parser/ast/function.rb +6 -0
- data/spec/unit/parser/ast/ifstatement.rb +75 -0
- data/spec/unit/parser/ast/leaf.rb +261 -0
- data/spec/unit/parser/ast/match_operator.rb +50 -0
- data/spec/unit/parser/ast/minus.rb +1 -1
- data/spec/unit/parser/ast/node.rb +20 -0
- data/spec/unit/parser/ast/not.rb +1 -1
- data/spec/unit/parser/ast/resource_override.rb +5 -5
- data/spec/unit/parser/ast/resource_reference.rb +11 -5
- data/spec/unit/parser/ast/selector.rb +156 -0
- data/spec/unit/parser/ast/vardef.rb +11 -11
- data/spec/unit/parser/collector.rb +167 -48
- data/spec/unit/parser/compiler.rb +128 -104
- data/spec/unit/parser/files.rb +190 -0
- data/spec/unit/parser/functions/inline_template.rb +0 -0
- data/spec/unit/parser/functions/regsubst.rb +42 -42
- data/spec/unit/parser/functions/require.rb +36 -0
- data/spec/unit/parser/functions/shellquote.rb +92 -0
- data/spec/unit/parser/functions/split.rb +51 -0
- data/spec/unit/parser/functions/sprintf.rb +11 -11
- data/spec/unit/parser/functions/template.rb +0 -0
- data/spec/unit/parser/functions/versioncmp.rb +2 -2
- data/spec/unit/parser/interpreter.rb +16 -7
- data/spec/unit/parser/lexer.rb +72 -12
- data/spec/unit/parser/loaded_code.rb +198 -0
- data/spec/unit/parser/parser.rb +215 -28
- data/spec/unit/parser/resource.rb +131 -22
- data/spec/unit/parser/scope.rb +207 -12
- data/spec/unit/parser/templatewrapper.rb +8 -3
- data/spec/unit/property.rb +270 -16
- data/spec/unit/property/list.rb +12 -6
- data/spec/unit/provider.rb +31 -0
- data/spec/unit/provider/augeas/augeas.rb +61 -33
- data/spec/unit/provider/macauthorization.rb +29 -29
- data/spec/unit/provider/mcx/mcxcontent.rb +4 -4
- data/spec/unit/provider/mount/parsed.rb +5 -8
- data/spec/unit/provider/naginator.rb +0 -0
- data/spec/unit/provider/package/apt.rb +6 -6
- data/spec/unit/provider/package/pkgdmg.rb +73 -0
- data/spec/unit/provider/selboolean.rb +1 -1
- data/spec/unit/provider/selmodule.rb +2 -2
- data/spec/unit/provider/service/daemontools.rb +40 -15
- data/spec/unit/provider/service/debian.rb +89 -0
- data/spec/unit/provider/service/init.rb +106 -0
- data/spec/unit/provider/service/launchd.rb +71 -13
- data/spec/unit/provider/service/redhat.rb +94 -0
- data/spec/unit/provider/service/runit.rb +14 -2
- data/spec/unit/provider/ssh_authorized_key/parsed.rb +66 -2
- data/spec/unit/provider/user/ldap.rb +1 -1
- data/spec/unit/provider/user/user_role_add.rb +1 -1
- data/spec/unit/provider/zfs/solaris.rb +18 -6
- data/spec/unit/provider/zone/solaris.rb +1 -1
- data/spec/unit/rails.rb +16 -22
- data/spec/unit/rails/host.rb +163 -0
- data/spec/unit/rails/param_value.rb +49 -0
- data/spec/unit/rails/resource.rb +87 -0
- data/spec/unit/relationship.rb +141 -29
- data/spec/unit/resource.rb +504 -0
- data/spec/unit/resource/catalog.rb +1061 -0
- data/spec/unit/resource/reference.rb +111 -0
- data/spec/unit/simple_graph.rb +448 -191
- data/spec/unit/ssl/certificate.rb +124 -0
- data/spec/unit/ssl/certificate_authority.rb +741 -0
- data/spec/unit/ssl/certificate_authority/interface.rb +269 -0
- data/spec/unit/ssl/certificate_factory.rb +107 -0
- data/spec/unit/ssl/certificate_request.rb +193 -0
- data/spec/unit/ssl/certificate_revocation_list.rb +180 -0
- data/spec/unit/ssl/host.rb +704 -0
- data/spec/unit/ssl/inventory.rb +180 -0
- data/spec/unit/ssl/key.rb +198 -0
- data/spec/unit/transaction.rb +65 -2
- data/spec/unit/transaction/change.rb +1 -1
- data/spec/unit/transaction/report.rb +1 -1
- data/spec/unit/type.rb +361 -8
- data/spec/unit/type/augeas.rb +30 -37
- data/spec/unit/type/component.rb +63 -0
- data/spec/unit/type/computer.rb +17 -21
- data/spec/unit/type/exec.rb +27 -2
- data/spec/unit/type/file.rb +704 -83
- data/spec/unit/type/file/content.rb +253 -15
- data/spec/unit/type/file/ensure.rb +65 -2
- data/spec/unit/type/file/group.rb +5 -0
- data/spec/unit/type/file/owner.rb +5 -0
- data/spec/unit/type/file/selinux.rb +12 -16
- data/spec/unit/type/file/source.rb +264 -0
- data/spec/unit/type/filebucket.rb +74 -0
- data/spec/unit/type/group.rb +1 -5
- data/spec/unit/type/macauthorization.rb +59 -26
- data/spec/unit/type/mcx.rb +8 -16
- data/spec/unit/type/mount.rb +8 -16
- data/spec/unit/type/noop_metaparam.rb +0 -2
- data/spec/unit/type/package.rb +13 -23
- data/spec/unit/type/resources.rb +4 -7
- data/spec/unit/type/schedule.rb +1 -7
- data/spec/unit/type/selboolean.rb +4 -6
- data/spec/unit/type/service.rb +23 -33
- data/spec/unit/type/ssh_authorized_key.rb +25 -14
- data/spec/unit/type/tidy.rb +329 -21
- data/spec/unit/type/user.rb +18 -10
- data/spec/unit/type/zfs.rb +6 -6
- data/spec/unit/util/autoload.rb +94 -3
- data/spec/unit/util/autoload/file_cache.rb +183 -0
- data/spec/unit/util/backups.rb +159 -0
- data/spec/unit/util/cache_accumulator.rb +69 -0
- data/spec/unit/util/cacher.rb +185 -0
- data/spec/unit/util/checksums.rb +9 -1
- data/spec/unit/util/feature.rb +72 -0
- data/spec/unit/util/filetype.rb +1 -11
- data/spec/unit/util/json.rb +21 -0
- data/spec/unit/util/log.rb +45 -0
- data/spec/unit/util/package.rb +2 -2
- data/spec/unit/util/queue.rb +88 -0
- data/spec/unit/util/queue/stomp.rb +140 -0
- data/spec/unit/util/reference_serializer.rb +52 -0
- data/spec/unit/util/selinux.rb +5 -3
- data/spec/unit/util/settings.rb +413 -264
- data/spec/unit/util/settings/file_setting.rb +223 -0
- data/spec/unit/util/storage.rb +11 -11
- data/spec/unit/util/warnings.rb +21 -17
- data/test/Rakefile +6 -5
- data/test/certmgr/ca.rb +5 -5
- data/test/certmgr/certmgr.rb +4 -4
- data/test/data/providers/cron/crontab.allthree +2 -2
- data/test/data/providers/cron/crontab.envNcomment +1 -1
- data/test/data/providers/cron/crontab.envNname +1 -1
- data/test/data/providers/cron/crontab.multirecords +1 -1
- data/test/data/providers/cron/crontab_collections.yaml +14 -14
- data/test/data/providers/cron/crontab_multiple_with_env.yaml +6 -6
- data/test/data/providers/cron/crontab_sample_records.yaml +102 -102
- data/test/data/providers/mailalias/aliases/test1 +28 -0
- data/test/data/providers/package/testpackages.yaml +6 -6
- data/test/data/reports/1.yaml +17 -17
- data/test/data/reports/tagmail_passers.conf +2 -2
- data/test/data/snippets/append.pp +5 -5
- data/test/data/snippets/casestatement.pp +9 -2
- data/test/data/snippets/classincludes.pp +1 -1
- data/test/data/snippets/collection_override.pp +8 -0
- data/test/data/snippets/fqparents.pp +2 -2
- data/test/data/snippets/ifexpression.pp +12 -0
- data/test/data/snippets/multilinecomments.pp +5 -1
- data/test/data/snippets/selectorvalues.pp +7 -0
- data/test/data/types/hosts/1 +1 -1
- data/test/data/types/hosts/2 +3 -3
- data/test/data/types/hosts/solaris +2 -2
- data/test/data/types/mount/freebsd.fstab +7 -7
- data/test/data/types/mount/solaris.fstab +10 -10
- data/test/data/types/port/1 +472 -472
- data/test/data/types/port/darwin +4347 -4347
- data/test/language/ast.rb +3 -2
- data/test/language/ast/casestatement.rb +12 -12
- data/test/language/ast/resource.rb +4 -4
- data/test/language/ast/resource_reference.rb +5 -5
- data/test/language/ast/selector.rb +11 -11
- data/test/language/ast/variable.rb +4 -4
- data/test/language/functions.rb +16 -16
- data/test/language/parser.rb +89 -111
- data/test/language/resource.rb +3 -88
- data/test/language/scope.rb +14 -55
- data/test/language/snippets.rb +31 -31
- data/test/lib/puppettest.rb +12 -12
- data/test/lib/puppettest/certificates.rb +2 -2
- data/test/lib/puppettest/exetest.rb +0 -1
- data/test/lib/puppettest/fakes.rb +1 -1
- data/test/lib/puppettest/parsertesting.rb +9 -4
- data/test/lib/puppettest/railstesting.rb +3 -3
- data/test/lib/puppettest/servertest.rb +1 -1
- data/test/lib/puppettest/support/assertions.rb +2 -2
- data/test/lib/puppettest/support/collection.rb +1 -1
- data/test/lib/puppettest/support/resources.rb +7 -7
- data/test/lib/puppettest/support/utils.rb +10 -16
- data/test/lib/puppettest/testcase.rb +2 -1
- data/test/network/authconfig.rb +1 -1
- data/test/network/authorization.rb +1 -1
- data/test/network/authstore.rb +57 -14
- data/test/network/client/ca.rb +1 -0
- data/test/network/client/resource.rb +12 -50
- data/test/network/client_request.rb +1 -1
- data/test/network/handler/bucket.rb +2 -2
- data/test/network/handler/fileserver.rb +17 -21
- data/test/network/handler/master.rb +5 -5
- data/test/network/handler/report.rb +3 -3
- data/test/network/handler/resource.rb +29 -75
- data/test/network/handler/runner.rb +8 -58
- data/test/network/rights.rb +1 -1
- data/test/network/server/mongrel_test.rb +15 -1
- data/test/network/server/webrick.rb +0 -36
- data/test/network/xmlrpc/webrick_servlet.rb +5 -5
- data/test/other/dsl.rb +3 -3
- data/test/other/events.rb +15 -15
- data/test/other/puppet.rb +2 -32
- data/test/other/relationships.rb +21 -148
- data/test/other/report.rb +20 -23
- data/test/other/transactions.rb +110 -298
- data/test/puppet/defaults.rb +1 -1
- data/test/puppet/tc_suidmanager.rb +1 -1
- data/test/rails/railsparameter.rb +4 -4
- data/test/ral/manager/attributes.rb +12 -68
- data/test/ral/manager/instances.rb +3 -19
- data/test/ral/manager/manager.rb +7 -7
- data/test/ral/manager/provider.rb +7 -7
- data/test/ral/manager/type.rb +54 -349
- data/test/ral/providers/cron/crontab.rb +14 -14
- data/test/ral/providers/group.rb +5 -6
- data/test/ral/providers/host/parsed.rb +3 -3
- data/test/ral/providers/mailalias/aliases.rb +4 -4
- data/test/ral/providers/package.rb +3 -3
- data/test/ral/providers/package/aptitude.rb +55 -55
- data/test/ral/providers/package/aptrpm.rb +7 -7
- data/test/ral/providers/parsedfile.rb +10 -14
- data/test/ral/providers/port/parsed.rb +6 -6
- data/test/ral/providers/provider.rb +10 -10
- data/test/ral/providers/service/base.rb +32 -32
- data/test/ral/providers/sshkey/parsed.rb +14 -14
- data/test/ral/providers/user.rb +16 -17
- data/test/ral/providers/user/useradd.rb +19 -22
- data/test/ral/type/cron.rb +21 -28
- data/test/ral/type/exec.rb +57 -60
- data/test/ral/type/file.rb +88 -862
- data/test/ral/type/file/target.rb +21 -70
- data/test/ral/type/fileignoresource.rb +37 -44
- data/test/ral/type/filesources.rb +43 -473
- data/test/ral/type/group.rb +6 -7
- data/test/ral/type/host.rb +14 -30
- data/test/ral/type/mailalias.rb +3 -3
- data/test/ral/type/port.rb +5 -5
- data/test/ral/type/resources.rb +37 -37
- data/test/ral/type/service.rb +3 -3
- data/test/ral/type/sshkey.rb +34 -39
- data/test/ral/type/user.rb +15 -14
- data/test/ral/type/yumrepo.rb +18 -17
- data/test/ral/type/zone.rb +4 -6
- data/test/test +9 -9
- data/test/util/fileparsing.rb +10 -10
- data/test/util/inifile.rb +6 -6
- data/test/util/instance_loader.rb +1 -1
- data/test/util/log.rb +2 -2
- data/test/util/metrics.rb +1 -6
- data/test/util/package.rb +1 -1
- data/test/util/pidlock.rb +116 -116
- data/test/util/settings.rb +40 -429
- data/test/util/storage.rb +5 -5
- data/test/util/subclass_loader.rb +0 -7
- data/test/util/utiltest.rb +10 -29
- metadata +1369 -941
- data/bin/puppetca +0 -363
- data/bin/puppetd +0 -439
- data/bin/puppetmasterd +0 -289
- data/bin/puppetrun +0 -369
- data/conf/redhat/lsb-config.patch +0 -51
- data/conf/redhat/no-chuser-0.15.1.patch +0 -38
- data/conf/redhat/no-lockdir.patch +0 -13
- data/examples/mac_netinfo.pp +0 -5
- data/ext/passenger/README +0 -63
- data/ext/passenger/apache2.conf +0 -29
- data/ext/passenger/config.ru +0 -40
- data/lib/puppet/config_stores/rest.rb +0 -60
- data/lib/puppet/executables/client/certhandler.rb +0 -82
- data/lib/puppet/indirector/file_content/modules.rb +0 -11
- data/lib/puppet/indirector/file_metadata/modules.rb +0 -17
- data/lib/puppet/indirector/module_files.rb +0 -82
- data/lib/puppet/indirector/ssl_rsa.rb +0 -5
- data/lib/puppet/indirector/ssl_rsa/file.rb +0 -33
- data/lib/puppet/network/client/master.rb +0 -524
- data/lib/puppet/network/http_server/rack.rb +0 -148
- data/lib/puppet/pgraph.rb +0 -121
- data/lib/puppet/provider/group/netinfo.rb +0 -15
- data/lib/puppet/provider/host/netinfo.rb +0 -19
- data/lib/puppet/provider/mount/netinfo.rb +0 -37
- data/lib/puppet/provider/nameservice/netinfo.rb +0 -224
- data/lib/puppet/provider/user/netinfo.rb +0 -111
- data/lib/puppet/util/fact_store.rb +0 -59
- data/lib/puppet/util/uri_helper.rb +0 -22
- data/spec/integration/file_serving/configuration.rb +0 -43
- data/spec/integration/indirector/module_files.rb +0 -57
- data/spec/unit/executables/client/certhandler.rb +0 -135
- data/spec/unit/indirector/file_content/modules.rb +0 -18
- data/spec/unit/indirector/file_metadata/modules.rb +0 -42
- data/spec/unit/indirector/module_files.rb +0 -259
- data/spec/unit/indirector/ssl_rsa/file.rb +0 -121
- data/spec/unit/network/client/master.rb +0 -442
- data/spec/unit/node/catalog.rb +0 -865
- data/spec/unit/other/pgraph.rb +0 -210
- data/spec/unit/resource_reference.rb +0 -73
- data/spec/unit/util/uri_helper.rb +0 -41
- data/test/data/snippets/ifexpression.rb +0 -6
- data/test/executables/filebucket.rb +0 -51
- data/test/executables/puppetbin.rb +0 -104
- data/test/executables/puppetca.rb +0 -115
- data/test/executables/puppetd.rb +0 -55
- data/test/executables/puppetmasterd.rb +0 -147
- data/test/network/client/client.rb +0 -195
- data/test/network/client/master.rb +0 -490
- data/test/network/daemon.rb +0 -70
- data/test/network/handler/handler.rb +0 -63
- data/test/other/overrides.rb +0 -107
- data/test/puppet/conffiles.rb +0 -107
- data/test/rails/ast.rb +0 -73
- data/test/rails/configuration.rb +0 -71
- data/test/rails/host.rb +0 -154
- data/test/rails/railsresource.rb +0 -251
- data/test/ral/providers/host/netinfo.rb +0 -56
- data/test/ral/providers/mount/netinfo.rb +0 -79
- data/test/ral/type/basic.rb +0 -85
- data/test/ral/type/filebucket.rb +0 -157
- data/test/ral/type/parameter.rb +0 -174
- data/test/ral/type/property.rb +0 -388
- data/test/ral/type/tidy.rb +0 -291
- data/test/util/autoload.rb +0 -145
- data/test/util/features.rb +0 -95
@@ -0,0 +1,145 @@
|
|
1
|
+
require 'puppet/ssl'
|
2
|
+
|
3
|
+
# The tedious class that does all the manipulations to the
|
4
|
+
# certificate to correctly sign it. Yay.
|
5
|
+
class Puppet::SSL::CertificateFactory
|
6
|
+
# How we convert from various units to the required seconds.
|
7
|
+
UNITMAP = {
|
8
|
+
"y" => 365 * 24 * 60 * 60,
|
9
|
+
"d" => 24 * 60 * 60,
|
10
|
+
"h" => 60 * 60,
|
11
|
+
"s" => 1
|
12
|
+
}
|
13
|
+
|
14
|
+
attr_reader :name, :cert_type, :csr, :issuer, :serial
|
15
|
+
|
16
|
+
def initialize(cert_type, csr, issuer, serial)
|
17
|
+
@cert_type, @csr, @issuer, @serial = cert_type, csr, issuer, serial
|
18
|
+
|
19
|
+
@name = @csr.subject
|
20
|
+
end
|
21
|
+
|
22
|
+
# Actually generate our certificate.
|
23
|
+
def result
|
24
|
+
@cert = OpenSSL::X509::Certificate.new
|
25
|
+
|
26
|
+
@cert.version = 2 # X509v3
|
27
|
+
@cert.subject = @csr.subject
|
28
|
+
@cert.issuer = @issuer.subject
|
29
|
+
@cert.public_key = @csr.public_key
|
30
|
+
@cert.serial = @serial
|
31
|
+
|
32
|
+
build_extensions()
|
33
|
+
|
34
|
+
set_ttl
|
35
|
+
|
36
|
+
@cert
|
37
|
+
end
|
38
|
+
|
39
|
+
private
|
40
|
+
|
41
|
+
# This is pretty ugly, but I'm not really sure it's even possible to do
|
42
|
+
# it any other way.
|
43
|
+
def build_extensions
|
44
|
+
@ef = OpenSSL::X509::ExtensionFactory.new
|
45
|
+
|
46
|
+
@ef.subject_certificate = @cert
|
47
|
+
|
48
|
+
if @issuer.is_a?(OpenSSL::X509::Request) # It's a self-signed cert
|
49
|
+
@ef.issuer_certificate = @cert
|
50
|
+
else
|
51
|
+
@ef.issuer_certificate = @issuer
|
52
|
+
end
|
53
|
+
|
54
|
+
@subject_alt_name = []
|
55
|
+
@key_usage = nil
|
56
|
+
@ext_key_usage = nil
|
57
|
+
@extensions = []
|
58
|
+
|
59
|
+
method = "add_#{@cert_type.to_s}_extensions"
|
60
|
+
|
61
|
+
begin
|
62
|
+
send(method)
|
63
|
+
rescue NoMethodError
|
64
|
+
raise ArgumentError, "%s is an invalid certificate type" % @cert_type
|
65
|
+
end
|
66
|
+
|
67
|
+
@extensions << @ef.create_extension("nsComment", "Puppet Ruby/OpenSSL Generated Certificate")
|
68
|
+
@extensions << @ef.create_extension("basicConstraints", @basic_constraint, true)
|
69
|
+
@extensions << @ef.create_extension("subjectKeyIdentifier", "hash")
|
70
|
+
@extensions << @ef.create_extension("keyUsage", @key_usage.join(",")) if @key_usage
|
71
|
+
@extensions << @ef.create_extension("extendedKeyUsage", @ext_key_usage.join(",")) if @ext_key_usage
|
72
|
+
@extensions << @ef.create_extension("subjectAltName", @subject_alt_name.join(",")) if ! @subject_alt_name.empty?
|
73
|
+
|
74
|
+
@cert.extensions = @extensions
|
75
|
+
|
76
|
+
# for some reason this _must_ be the last extension added
|
77
|
+
@extensions << @ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") if @cert_type == :ca
|
78
|
+
end
|
79
|
+
|
80
|
+
# TTL for new certificates in seconds. If config param :ca_ttl is set,
|
81
|
+
# use that, otherwise use :ca_days for backwards compatibility
|
82
|
+
def ttl
|
83
|
+
ttl = Puppet.settings[:ca_ttl]
|
84
|
+
|
85
|
+
return ttl unless ttl.is_a?(String)
|
86
|
+
|
87
|
+
raise ArgumentError, "Invalid ca_ttl #{ttl}" unless ttl =~ /^(\d+)(y|d|h|s)$/
|
88
|
+
|
89
|
+
return $1.to_i * UNITMAP[$2]
|
90
|
+
end
|
91
|
+
|
92
|
+
def set_ttl
|
93
|
+
# Make the certificate valid as of yesterday, because
|
94
|
+
# so many people's clocks are out of sync.
|
95
|
+
from = Time.now - (60*60*24)
|
96
|
+
@cert.not_before = from
|
97
|
+
@cert.not_after = from + ttl
|
98
|
+
end
|
99
|
+
|
100
|
+
# Woot! We're a CA.
|
101
|
+
def add_ca_extensions
|
102
|
+
@basic_constraint = "CA:TRUE"
|
103
|
+
@key_usage = %w{cRLSign keyCertSign}
|
104
|
+
end
|
105
|
+
|
106
|
+
# We're a terminal CA, probably not self-signed.
|
107
|
+
def add_terminalsubca_extensions
|
108
|
+
@basic_constraint = "CA:TRUE,pathlen:0"
|
109
|
+
@key_usage = %w{cRLSign keyCertSign}
|
110
|
+
end
|
111
|
+
|
112
|
+
# We're a normal server.
|
113
|
+
def add_server_extensions
|
114
|
+
@basic_constraint = "CA:FALSE"
|
115
|
+
dnsnames = Puppet[:certdnsnames]
|
116
|
+
name = @name.to_s.sub(%r{/CN=},'')
|
117
|
+
if dnsnames != ""
|
118
|
+
dnsnames.split(':').each { |d| @subject_alt_name << 'DNS:' + d }
|
119
|
+
@subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
120
|
+
elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server
|
121
|
+
@subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias
|
122
|
+
@subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
123
|
+
@subject_alt_name << 'DNS:' + name.sub(/^[^.]+./, "puppet.") # add puppet.domain as an alias
|
124
|
+
end
|
125
|
+
@key_usage = %w{digitalSignature keyEncipherment}
|
126
|
+
@ext_key_usage = %w{serverAuth clientAuth emailProtection}
|
127
|
+
end
|
128
|
+
|
129
|
+
# Um, no idea.
|
130
|
+
def add_ocsp_extensions
|
131
|
+
@basic_constraint = "CA:FALSE"
|
132
|
+
@key_usage = %w{nonRepudiation digitalSignature}
|
133
|
+
@ext_key_usage = %w{serverAuth OCSPSigning}
|
134
|
+
end
|
135
|
+
|
136
|
+
# Normal client.
|
137
|
+
def add_client_extensions
|
138
|
+
@basic_constraint = "CA:FALSE"
|
139
|
+
@key_usage = %w{nonRepudiation digitalSignature keyEncipherment}
|
140
|
+
@ext_key_usage = %w{clientAuth emailProtection}
|
141
|
+
|
142
|
+
@extensions << @ef.create_extension("nsCertType", "client,email")
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'puppet/ssl/base'
|
2
|
+
|
3
|
+
# Manage certificate requests.
|
4
|
+
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
5
|
+
wraps OpenSSL::X509::Request
|
6
|
+
|
7
|
+
extend Puppet::Indirector
|
8
|
+
indirects :certificate_request, :terminus_class => :file
|
9
|
+
|
10
|
+
# Convert a string into an instance.
|
11
|
+
def self.from_s(string)
|
12
|
+
instance = wrapped_class.new(string)
|
13
|
+
name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
|
14
|
+
result = new(name)
|
15
|
+
result.content = instance
|
16
|
+
result
|
17
|
+
end
|
18
|
+
|
19
|
+
# Because of how the format handler class is included, this
|
20
|
+
# can't be in the base class.
|
21
|
+
def self.supported_formats
|
22
|
+
[:s]
|
23
|
+
end
|
24
|
+
|
25
|
+
# How to create a certificate request with our system defaults.
|
26
|
+
def generate(key)
|
27
|
+
Puppet.info "Creating a new SSL certificate request for %s" % name
|
28
|
+
|
29
|
+
# Support either an actual SSL key, or a Puppet key.
|
30
|
+
key = key.content if key.is_a?(Puppet::SSL::Key)
|
31
|
+
|
32
|
+
csr = OpenSSL::X509::Request.new
|
33
|
+
csr.version = 0
|
34
|
+
csr.subject = OpenSSL::X509::Name.new([["CN", name]])
|
35
|
+
csr.public_key = key.public_key
|
36
|
+
csr.sign(key, OpenSSL::Digest::MD5.new)
|
37
|
+
|
38
|
+
raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for %s on the server" % name unless csr.verify(key.public_key)
|
39
|
+
|
40
|
+
@content = csr
|
41
|
+
end
|
42
|
+
|
43
|
+
def save(args = {})
|
44
|
+
super()
|
45
|
+
|
46
|
+
# Try to autosign the CSR.
|
47
|
+
if ca = Puppet::SSL::CertificateAuthority.instance
|
48
|
+
ca.autosign
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
require 'puppet/ssl/base'
|
2
|
+
require 'puppet/indirector'
|
3
|
+
|
4
|
+
# Manage the CRL.
|
5
|
+
class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base
|
6
|
+
wraps OpenSSL::X509::CRL
|
7
|
+
|
8
|
+
extend Puppet::Indirector
|
9
|
+
indirects :certificate_revocation_list, :terminus_class => :file
|
10
|
+
|
11
|
+
# Convert a string into an instance.
|
12
|
+
def self.from_s(string)
|
13
|
+
instance = wrapped_class.new(string)
|
14
|
+
result = new('foo') # The name doesn't matter
|
15
|
+
result.content = instance
|
16
|
+
result
|
17
|
+
end
|
18
|
+
|
19
|
+
# Because of how the format handler class is included, this
|
20
|
+
# can't be in the base class.
|
21
|
+
def self.supported_formats
|
22
|
+
[:s]
|
23
|
+
end
|
24
|
+
|
25
|
+
# Knows how to create a CRL with our system defaults.
|
26
|
+
def generate(cert, cakey)
|
27
|
+
Puppet.info "Creating a new certificate revocation list"
|
28
|
+
@content = wrapped_class.new
|
29
|
+
@content.issuer = cert.subject
|
30
|
+
@content.version = 1
|
31
|
+
|
32
|
+
# Init the CRL number.
|
33
|
+
crlNum = OpenSSL::ASN1::Integer(0)
|
34
|
+
@content.extensions = [OpenSSL::X509::Extension.new("crlNumber", crlNum)]
|
35
|
+
|
36
|
+
# Set last/next update
|
37
|
+
@content.last_update = Time.now
|
38
|
+
# Keep CRL valid for 5 years
|
39
|
+
@content.next_update = Time.now + 5 * 365*24*60*60
|
40
|
+
|
41
|
+
@content.sign(cakey, OpenSSL::Digest::SHA1.new)
|
42
|
+
|
43
|
+
@content
|
44
|
+
end
|
45
|
+
|
46
|
+
# The name doesn't actually matter; there's only one CRL.
|
47
|
+
# We just need the name so our Indirector stuff all works more easily.
|
48
|
+
def initialize(fakename)
|
49
|
+
raise Puppet::Error, "Cannot manage the CRL when :cacrl is set to false" if [false, "false"].include?(Puppet[:cacrl])
|
50
|
+
|
51
|
+
@name = "crl"
|
52
|
+
end
|
53
|
+
|
54
|
+
# Revoke the certificate with serial number SERIAL issued by this
|
55
|
+
# CA, then write the CRL back to disk. The REASON must be one of the
|
56
|
+
# OpenSSL::OCSP::REVOKED_* reasons
|
57
|
+
def revoke(serial, cakey, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
|
58
|
+
Puppet.notice "Revoked certificate with serial %s" % serial
|
59
|
+
time = Time.now
|
60
|
+
|
61
|
+
# Add our revocation to the CRL.
|
62
|
+
revoked = OpenSSL::X509::Revoked.new
|
63
|
+
revoked.serial = serial
|
64
|
+
revoked.time = time
|
65
|
+
enum = OpenSSL::ASN1::Enumerated(reason)
|
66
|
+
ext = OpenSSL::X509::Extension.new("CRLReason", enum)
|
67
|
+
revoked.add_extension(ext)
|
68
|
+
@content.add_revoked(revoked)
|
69
|
+
|
70
|
+
# Increment the crlNumber
|
71
|
+
e = @content.extensions.find { |e| e.oid == 'crlNumber' }
|
72
|
+
ext = @content.extensions.reject { |e| e.oid == 'crlNumber' }
|
73
|
+
crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
|
74
|
+
ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
|
75
|
+
@content.extensions = ext
|
76
|
+
|
77
|
+
# Set last/next update
|
78
|
+
@content.last_update = time
|
79
|
+
# Keep CRL valid for 5 years
|
80
|
+
@content.next_update = time + 5 * 365*24*60*60
|
81
|
+
|
82
|
+
@content.sign(cakey, OpenSSL::Digest::SHA1.new)
|
83
|
+
|
84
|
+
save
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,271 @@
|
|
1
|
+
require 'puppet/ssl'
|
2
|
+
require 'puppet/ssl/key'
|
3
|
+
require 'puppet/ssl/certificate'
|
4
|
+
require 'puppet/ssl/certificate_request'
|
5
|
+
require 'puppet/ssl/certificate_revocation_list'
|
6
|
+
require 'puppet/util/cacher'
|
7
|
+
|
8
|
+
# The class that manages all aspects of our SSL certificates --
|
9
|
+
# private keys, public keys, requests, etc.
|
10
|
+
class Puppet::SSL::Host
|
11
|
+
# Yay, ruby's strange constant lookups.
|
12
|
+
Key = Puppet::SSL::Key
|
13
|
+
Certificate = Puppet::SSL::Certificate
|
14
|
+
CertificateRequest = Puppet::SSL::CertificateRequest
|
15
|
+
CertificateRevocationList = Puppet::SSL::CertificateRevocationList
|
16
|
+
|
17
|
+
attr_reader :name
|
18
|
+
attr_accessor :ca
|
19
|
+
|
20
|
+
attr_writer :key, :certificate, :certificate_request
|
21
|
+
|
22
|
+
class << self
|
23
|
+
include Puppet::Util::Cacher
|
24
|
+
|
25
|
+
cached_attr(:localhost) do
|
26
|
+
result = new()
|
27
|
+
result.generate unless result.certificate
|
28
|
+
result.key # Make sure it's read in
|
29
|
+
result
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
CA_NAME = "ca"
|
34
|
+
# This is the constant that people will use to mark that a given host is
|
35
|
+
# a certificate authority.
|
36
|
+
def self.ca_name
|
37
|
+
CA_NAME
|
38
|
+
end
|
39
|
+
|
40
|
+
class << self
|
41
|
+
attr_reader :ca_location
|
42
|
+
end
|
43
|
+
|
44
|
+
# Configure how our various classes interact with their various terminuses.
|
45
|
+
def self.configure_indirection(terminus, cache = nil)
|
46
|
+
Certificate.terminus_class = terminus
|
47
|
+
CertificateRequest.terminus_class = terminus
|
48
|
+
CertificateRevocationList.terminus_class = terminus
|
49
|
+
|
50
|
+
if cache
|
51
|
+
# This is weird; we don't actually cache our keys, we
|
52
|
+
# use what would otherwise be the cache as our normal
|
53
|
+
# terminus.
|
54
|
+
Key.terminus_class = cache
|
55
|
+
else
|
56
|
+
Key.terminus_class = terminus
|
57
|
+
end
|
58
|
+
|
59
|
+
if cache
|
60
|
+
Certificate.cache_class = cache
|
61
|
+
CertificateRequest.cache_class = cache
|
62
|
+
CertificateRevocationList.cache_class = cache
|
63
|
+
else
|
64
|
+
# Make sure we have no cache configured. puppetmasterd
|
65
|
+
# switches the configurations around a bit, so it's important
|
66
|
+
# that we specify the configs for absolutely everything, every
|
67
|
+
# time.
|
68
|
+
Certificate.cache_class = nil
|
69
|
+
CertificateRequest.cache_class = nil
|
70
|
+
CertificateRevocationList.cache_class = nil
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
CA_MODES = {
|
75
|
+
# Our ca is local, so we use it as the ultimate source of information
|
76
|
+
# And we cache files locally.
|
77
|
+
:local => [:ca, :file],
|
78
|
+
# We're a remote CA client.
|
79
|
+
:remote => [:rest, :file],
|
80
|
+
# We are the CA, so we don't have read/write access to the normal certificates.
|
81
|
+
:only => [:ca],
|
82
|
+
# We have no CA, so we just look in the local file store.
|
83
|
+
:none => [:file]
|
84
|
+
}
|
85
|
+
|
86
|
+
# Specify how we expect to interact with our certificate authority.
|
87
|
+
def self.ca_location=(mode)
|
88
|
+
raise ArgumentError, "CA Mode can only be %s" % CA_MODES.collect { |m| m.to_s }.join(", ") unless CA_MODES.include?(mode)
|
89
|
+
|
90
|
+
@ca_location = mode
|
91
|
+
|
92
|
+
configure_indirection(*CA_MODES[@ca_location])
|
93
|
+
end
|
94
|
+
|
95
|
+
# Remove all traces of a given host
|
96
|
+
def self.destroy(name)
|
97
|
+
[Key, Certificate, CertificateRequest].inject(false) do |result, klass|
|
98
|
+
if klass.destroy(name)
|
99
|
+
result = true
|
100
|
+
end
|
101
|
+
result
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
# Search for more than one host, optionally only specifying
|
106
|
+
# an interest in hosts with a given file type.
|
107
|
+
# This just allows our non-indirected class to have one of
|
108
|
+
# indirection methods.
|
109
|
+
def self.search(options = {})
|
110
|
+
classes = [Key, CertificateRequest, Certificate]
|
111
|
+
if klass = options[:for]
|
112
|
+
classlist = [klass].flatten
|
113
|
+
else
|
114
|
+
classlist = [Key, CertificateRequest, Certificate]
|
115
|
+
end
|
116
|
+
|
117
|
+
# Collect the results from each class, flatten them, collect all of the names, make the name list unique,
|
118
|
+
# then create a Host instance for each one.
|
119
|
+
classlist.collect { |klass| klass.search }.flatten.collect { |r| r.name }.uniq.collect do |name|
|
120
|
+
new(name)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
# Is this a ca host, meaning that all of its files go in the CA location?
|
125
|
+
def ca?
|
126
|
+
ca
|
127
|
+
end
|
128
|
+
|
129
|
+
def key
|
130
|
+
return nil unless @key ||= Key.find(name)
|
131
|
+
@key
|
132
|
+
end
|
133
|
+
|
134
|
+
# This is the private key; we can create it from scratch
|
135
|
+
# with no inputs.
|
136
|
+
def generate_key
|
137
|
+
@key = Key.new(name)
|
138
|
+
@key.generate
|
139
|
+
begin
|
140
|
+
@key.save
|
141
|
+
rescue
|
142
|
+
@key = nil
|
143
|
+
raise
|
144
|
+
end
|
145
|
+
true
|
146
|
+
end
|
147
|
+
|
148
|
+
def certificate_request
|
149
|
+
return nil unless @certificate_request ||= CertificateRequest.find(name)
|
150
|
+
@certificate_request
|
151
|
+
end
|
152
|
+
|
153
|
+
# Our certificate request requires the key but that's all.
|
154
|
+
def generate_certificate_request
|
155
|
+
generate_key unless key
|
156
|
+
@certificate_request = CertificateRequest.new(name)
|
157
|
+
@certificate_request.generate(key.content)
|
158
|
+
begin
|
159
|
+
@certificate_request.save
|
160
|
+
rescue
|
161
|
+
@certificate_request = nil
|
162
|
+
raise
|
163
|
+
end
|
164
|
+
|
165
|
+
return true
|
166
|
+
end
|
167
|
+
|
168
|
+
def certificate
|
169
|
+
unless @certificate
|
170
|
+
generate_key unless key
|
171
|
+
|
172
|
+
# get the CA cert first, since it's required for the normal cert
|
173
|
+
# to be of any use.
|
174
|
+
return nil unless Certificate.find("ca") unless ca?
|
175
|
+
return nil unless @certificate = Certificate.find(name)
|
176
|
+
|
177
|
+
unless certificate_matches_key?
|
178
|
+
raise Puppet::Error, "Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key"
|
179
|
+
end
|
180
|
+
end
|
181
|
+
@certificate
|
182
|
+
end
|
183
|
+
|
184
|
+
def certificate_matches_key?
|
185
|
+
return false unless key
|
186
|
+
return false unless certificate
|
187
|
+
|
188
|
+
return certificate.content.check_private_key(key.content)
|
189
|
+
end
|
190
|
+
|
191
|
+
# Generate all necessary parts of our ssl host.
|
192
|
+
def generate
|
193
|
+
generate_key unless key
|
194
|
+
generate_certificate_request unless certificate_request
|
195
|
+
|
196
|
+
# If we can get a CA instance, then we're a valid CA, and we
|
197
|
+
# should use it to sign our request; else, just try to read
|
198
|
+
# the cert.
|
199
|
+
if ! certificate() and ca = Puppet::SSL::CertificateAuthority.instance
|
200
|
+
ca.sign(self.name)
|
201
|
+
end
|
202
|
+
end
|
203
|
+
|
204
|
+
def initialize(name = nil)
|
205
|
+
@name = (name || Puppet[:certname]).downcase
|
206
|
+
@key = @certificate = @certificate_request = nil
|
207
|
+
@ca = (name == self.class.ca_name)
|
208
|
+
end
|
209
|
+
|
210
|
+
# Extract the public key from the private key.
|
211
|
+
def public_key
|
212
|
+
key.content.public_key
|
213
|
+
end
|
214
|
+
|
215
|
+
# Create/return a store that uses our SSL info to validate
|
216
|
+
# connections.
|
217
|
+
def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
|
218
|
+
unless defined?(@ssl_store) and @ssl_store
|
219
|
+
@ssl_store = OpenSSL::X509::Store.new
|
220
|
+
@ssl_store.purpose = purpose
|
221
|
+
|
222
|
+
# Use the file path here, because we don't want to cause
|
223
|
+
# a lookup in the middle of setting our ssl connection.
|
224
|
+
@ssl_store.add_file(Puppet[:localcacert])
|
225
|
+
|
226
|
+
# If there's a CRL, add it to our store.
|
227
|
+
if crl = Puppet::SSL::CertificateRevocationList.find("ca")
|
228
|
+
@ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
|
229
|
+
@ssl_store.add_crl(crl.content)
|
230
|
+
end
|
231
|
+
return @ssl_store
|
232
|
+
end
|
233
|
+
@ssl_store
|
234
|
+
end
|
235
|
+
|
236
|
+
# Attempt to retrieve a cert, if we don't already have one.
|
237
|
+
def wait_for_cert(time)
|
238
|
+
return if certificate
|
239
|
+
begin
|
240
|
+
generate
|
241
|
+
|
242
|
+
return if certificate
|
243
|
+
rescue StandardError => detail
|
244
|
+
Puppet.err "Could not request certificate: %s" % detail.to_s
|
245
|
+
if time < 1
|
246
|
+
puts "Exiting; failed to retrieve certificate and watiforcert is disabled"
|
247
|
+
exit(1)
|
248
|
+
else
|
249
|
+
sleep(time)
|
250
|
+
end
|
251
|
+
retry
|
252
|
+
end
|
253
|
+
|
254
|
+
if time < 1
|
255
|
+
puts "Exiting; no certificate found and waitforcert is disabled"
|
256
|
+
exit(1)
|
257
|
+
end
|
258
|
+
|
259
|
+
while true do
|
260
|
+
sleep time
|
261
|
+
begin
|
262
|
+
break if certificate
|
263
|
+
Puppet.notice "Did not receive certificate"
|
264
|
+
rescue StandardError => detail
|
265
|
+
Puppet.err "Could not request certificate: %s" % detail.to_s
|
266
|
+
end
|
267
|
+
end
|
268
|
+
end
|
269
|
+
end
|
270
|
+
|
271
|
+
require 'puppet/ssl/certificate_authority'
|