puppet 0.25.1 → 0.25.2

data/lib/puppet/configurer.rb

@@ -93,7 +93,7 @@ class Puppet::Configurer
             duration = thinmark do
                 result = catalog_class.find(name, fact_options.merge(:ignore_cache => true))
             end
-        rescue => detail
+        rescue Exception => detail
             puts detail.backtrace if Puppet[:trace]
             Puppet.err "Could not retrieve catalog from remote server: %s" % detail
         end
@@ -123,6 +123,7 @@ class Puppet::Configurer
     # Convert a plain resource catalog into our full host catalog.
     def convert_catalog(result, duration)
         catalog = result.to_ral
+        catalog.finalize
         catalog.retrieval_duration = duration
         catalog.host_config = true
         catalog.write_class_file

data/lib/puppet/configurer/fact_handler.rb

@@ -11,14 +11,13 @@ module Puppet::Configurer::FactHandler
     end
 
     def find_facts
-        reload_facter()
-
         # This works because puppetd configures Facts to use 'facter' for
         # finding facts and the 'rest' terminus for caching them.  Thus, we'll
         # compile them and then "cache" them on the server.
         begin
+            reload_facter()
             Puppet::Node::Facts.find(Puppet[:certname])
-        rescue => detail
+        rescue Exception => detail
             puts detail.backtrace if Puppet[:trace]
             raise Puppet::Error, "Could not retrieve local facts: %s" % detail
         end
@@ -28,12 +27,15 @@ module Puppet::Configurer::FactHandler
         facts = find_facts
         #format = facts.class.default_format
 
-        # Hard-code yaml, because I couldn't get marshal to work.
-        format = :b64_zlib_yaml
+        if facts.support_format?(:b64_zlib_yaml)
+            format = :b64_zlib_yaml
+        else
+            format = :yaml
+        end
 
         text = facts.render(format)
 
-        return {:facts_format => :b64_zlib_yaml, :facts => CGI.escape(text)}
+        return {:facts_format => format, :facts => CGI.escape(text)}
     end
 
     # Retrieve facts from the central server.

data/lib/puppet/daemon.rb

@@ -31,10 +31,10 @@ class Puppet::Daemon
             $stderr.reopen $stdout
             Puppet::Util::Log.reopen
         rescue => detail
-            File.open("/tmp/daemonout", "w") { |f|
+            Puppet.err "Could not start %s: %s" % [Puppet[:name], detail]
+            Puppet::Util::secure_open("/tmp/daemonout", "w") { |f|
                 f.puts "Could not start %s: %s" % [Puppet[:name], detail]
             }
-            Puppet.err "Could not start %s: %s" % [Puppet[:name], detail]
             exit(12)
         end
     end

data/lib/puppet/defaults.rb

@@ -86,6 +86,10 @@ module Puppet
         :mkusers => [false,
             "Whether to create the necessary user and group that puppetd will
             run as."],
+        :manage_internal_file_permissions => [true,
+            "Whether Puppet should manage the owner, group, and mode of files 
+            it uses internally"
+            ],
         :path => {:default => "none",
             :desc => "The shell search path.  Defaults to whatever is inherited
                 from the parent process.",
@@ -156,7 +160,7 @@ module Puppet
         :http_proxy_port => [3128,
             "The HTTP proxy port to use for outgoing connections"],
         :http_enable_post_connection_check => [true,
-            "Boolean; wheter or not puppetd should validate the server
+            "Boolean; whether or not puppetd should validate the server
             SSL certificate against the request hostname."],
         :filetimeout => [ 15,
             "The minimum time to wait (in seconds) between checking for updates in
@@ -192,7 +196,10 @@ module Puppet
         :config_version => ["", "How to determine the configuration version.  By default, it will be the
             time that the configuration is parsed, but you can provide a shell script to override how the
             version is determined.  The output of this script will be added to every log message in the
-            reports, allowing you to correlate changes on your hosts to the source version on the server."]
+            reports, allowing you to correlate changes on your hosts to the source version on the server."],
+        :zlib => [true, 
+            "Boolean; whether to use the zlib library",
+        ]
     )
 
     hostname = Facter["hostname"].value
@@ -522,6 +529,18 @@ module Puppet
             authority requests.  It's a separate server because it cannot
             and does not need to horizontally scale."],
         :ca_port => ["$masterport", "The port to use for the certificate authority."],
+        :catalog_format => {
+            :default => "",
+            :desc => "(Deprecated for 'preferred_serialization_format') What format to
+                     use to dump the catalog.  Only supports 'marshal' and 'yaml'.  Only
+                     matters on the client, since it asks the server for a specific format.",
+            :hook => proc { |value|
+                if value
+                    Puppet.warning "Setting 'catalog_format' is deprecated; use 'preferred_serialization_format' instead."
+                    Puppet.settings[:preferred_serialization_format] = value
+                end
+            }
+        },
         :preferred_serialization_format => ["pson", "The preferred means of serializing
             ruby instances for passing over the wire.  This won't guarantee that all
             instances will be serialized using this method, since not all classes

data/lib/puppet/external/pson/common.rb

@@ -48,7 +48,7 @@ module PSON
         case
         when c.empty?             then p
         when p.const_defined?(c)  then p.const_get(c)
-        else                      raise ArgumentError, "can't find const #{path}"
+        else                      raise ArgumentError, "can't find const for unregistered document type #{path}"
         end
       end
     end

data/lib/puppet/external/pson/pure.rb

@@ -11,8 +11,8 @@ module PSON
     UTF8toUTF16 = Iconv.new('utf-16be', 'utf-8') # :nodoc:
     UTF8toUTF16.iconv('no bom')
   rescue LoadError
-    raise MissingUnicodeSupport,
-      "iconv couldn't be loaded, which is required for UTF-8/UTF-16 conversions"
+    # We actually don't care
+    Puppet.warning "iconv couldn't be loaded, which is required for UTF-8/UTF-16 conversions"
   rescue Errno::EINVAL, Iconv::InvalidEncoding
     # Iconv doesn't support big endian utf-16. Let's try to hack this manually
     # into the converters.
@@ -50,7 +50,7 @@ module PSON
         UTF16toUTF8 = swapper.new(UTF16toUTF8) # :nodoc:
       end
     rescue Errno::EINVAL, Iconv::InvalidEncoding
-      raise MissingUnicodeSupport, "iconv doesn't seem to support UTF-8/UTF-16 conversions"
+      Puppet.warning "iconv doesn't seem to support UTF-8/UTF-16 conversions"
     ensure
       $VERBOSE = old_verbose
     end

data/lib/puppet/feature/base.rb

@@ -28,3 +28,6 @@ Puppet.features.add(:augeas, :libs => ["augeas"])
 
 # We have RRD available
 Puppet.features.add(:rrd, :libs => ["RRDtool"])
+
+# We have OpenSSL
+Puppet.features.add(:openssl, :libs => ["openssl"])

data/lib/puppet/feature/selinux.rb

@@ -0,0 +1,3 @@
+require 'puppet/util/feature'
+
+Puppet.features.add(:selinux, :libs => ["selinux"])

data/lib/puppet/feature/zlib.rb

@@ -0,0 +1,6 @@
+require 'puppet/util/feature'
+
+# We want this to load if possible, but it's not automatically
+# required.
+Puppet.features.rubygems?
+Puppet.features.add(:zlib, :libs => %{zlib})

data/lib/puppet/file_serving/base.rb

@@ -22,7 +22,7 @@ class Puppet::FileServing::Base
     end
 
     # Return the full path to our file.  Fails if there's no path set.
-    def full_path
+    def full_path(dummy_argument=:work_arround_for_ruby_GC_bug)
         (if relative_path.nil? or relative_path == "" or relative_path == "."
             path
         else
@@ -74,4 +74,19 @@ class Puppet::FileServing::Base
         end
         File.send(@stat_method, full_path())
     end
+
+    def to_pson_data_hash
+        {
+            # No 'document_type' since we don't send these bare
+            'data'       => {
+                'path'          => @path,
+                'relative_path' => @relative_path,
+                'links'         => @links
+                },
+            'metadata' => {
+                'api_version' => 1
+                }
+       }
+    end
+
 end

data/lib/puppet/file_serving/metadata.rb

@@ -22,18 +22,15 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
     PARAM_ORDER = [:mode, :ftype, :owner, :group]
 
     def attributes_with_tabs
+        raise(ArgumentError, "Cannot manage files of type #{ftype}") unless ['file','directory','link'].include? ftype
         desc = []
         PARAM_ORDER.each { |check|
             check = :ftype if check == :type
             desc << send(check)
         }
 
-        case ftype
-        when "file", "directory"; desc << checksum
-        when "link"; desc << @destination
-        else
-            raise ArgumentError, "Cannot manage files of type %s" % ftype
-        end
+        desc << checksum
+        desc << @destination rescue nil if ftype == 'link'
 
         return desc.join("\t")
     end
@@ -66,13 +63,53 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
             @checksum = ("{%s}" % @checksum_type) + send("%s_file" % @checksum_type, path).to_s
         when "link"
             @destination = File.readlink(real_path)
+            @checksum = ("{%s}" % @checksum_type) + send("%s_file" % @checksum_type, real_path).to_s rescue nil
         else
             raise ArgumentError, "Cannot manage files of type %s" % stat.ftype
         end
     end
 
-    def initialize(*args)
-        @checksum_type = "md5"
-        super
+    def initialize(path,data={})
+        @owner       = data.delete('owner')
+        @group       = data.delete('group')
+        @mode        = data.delete('mode')
+        if checksum = data.delete('checksum')
+            @checksum_type = checksum['type']
+            @checksum      = checksum['value']
+        end
+        @checksum_type ||= "md5"
+        @ftype       = data.delete('type')
+        @destination = data.delete('destination')
+        super(path,data)
+    end
+
+    PSON.register_document_type('FileMetadata',self)
+    def to_pson_data_hash
+        {
+            'document_type' => 'FileMetadata',
+            'data'       => super['data'].update({
+                'owner'        => owner,
+                'group'        => group,
+                'mode'         => mode,
+                'checksum'     => {
+                    'type'   => checksum_type,
+                    'value'  => checksum
+                },
+                'type'         => ftype,
+                'destination'  => destination,
+                }),
+            'metadata' => {
+                'api_version' => 1
+                }
+       }
     end
+
+    def to_pson(*args)
+       to_pson_data_hash.to_pson(*args)
+    end
+
+    def self.from_pson(data)
+       new(data.delete('path'), data)
+    end
+
 end

data/lib/puppet/file_serving/mount/file.rb

@@ -25,7 +25,10 @@ class Puppet::FileServing::Mount::File < Puppet::FileServing::Mount
 
         file = ::File.join(full_path, relative_path)
 
-        return nil unless FileTest.exist?(file)
+        if ! FileTest.exist?(file)
+            Puppet.info("File does not exist or is not accessible: #{file}")
+            return nil
+        end
 
         return file
     end

data/lib/puppet/indirector/catalog/active_record.rb

@@ -30,6 +30,11 @@ class Puppet::Resource::Catalog::ActiveRecord < Puppet::Indirector::ActiveRecord
             host.merge_resources(catalog.vertices)
             host.last_compile = Time.now
 
+            if node = Puppet::Node.find(catalog.name)
+                host.ip = node.parameters["ipaddress"]
+                host.environment = node.environment
+            end
+
             host.save
         end
     end

data/lib/puppet/indirector/envelope.rb

@@ -6,8 +6,6 @@ module Puppet::Indirector::Envelope
     attr_accessor :expiration
 
     def expired?
-        return false unless expiration
-        return false if expiration >= Time.now
-        return true
+        expiration and expiration < Time.now
     end
 end

data/lib/puppet/indirector/indirection.rb

@@ -161,22 +161,19 @@ class Puppet::Indirector::Indirection
         end
     end
 
-    # Expire a cached object, if one is cached.  Note that we don't actually
-    # remove it, we expire it and write it back out to disk.  This way people
-    # can still use the expired object if they want.
+    # Expire a cached object, if one is cached.  Note that we now actually
+    # remove it if possible, and only mark it as expired if destroy isn't 
+    # supported.
     def expire(key, *args)
-        request = request(:expire, key, *args)
-
-        return nil unless cache?
-
-        return nil unless instance = cache.find(request(:find, key, *args))
-
-        Puppet.info "Expiring the %s cache of %s" % [self.name, instance.name]
-
-        # Set an expiration date in the past
-        instance.expiration = Time.now - 60
-
-        cache.save(request(:save, instance, *args))
+        if cache? and instance = cache.find(request(:find, key, *args))
+            Puppet.info "Expiring the #{name} cache of #{instance.name}"
+            if cache.respond_to? :destroy
+                cache.destroy(request(:destroy, instance, *args))
+            else
+                instance.expiration = Time.now - 1
+                cache.save(request(:save,instance,*args))
+            end
+        end
     end
 
     # Search for an instance in the appropriate terminus, caching the
@@ -216,7 +213,7 @@ class Puppet::Indirector::Indirection
             return nil
         end
 
-        Puppet.debug "Using cached %s for %s" % [self.name, request.key]
+        Puppet.debug "Using cached #{name} for #{request.key}, good until #{cached.expiration}"
         return cached
     end
 

data/lib/puppet/indirector/node/ldap.rb

@@ -55,7 +55,7 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap
         end
 
         infos = []
-        ldapsearch(filter) { |entry| infos << entry2hash(entry) }
+        ldapsearch(filter) { |entry| infos << entry2hash(entry, request.options[:fqdn]) }
 
         return infos.collect do |info|
             info2node(info[:name], info)
@@ -73,14 +73,17 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap
 
     # The attributes that Puppet will stack as array over the full
     # hierarchy.
-    def stacked_attributes
+    def stacked_attributes(dummy_argument=:work_arround_for_ruby_GC_bug)
         Puppet[:ldapstackedattrs].split(/\s*,\s*/)
     end
 
     # Convert the found entry into a simple hash.
-    def entry2hash(entry)
+    def entry2hash(entry, fqdn = false)
         result = {}
-        result[:name] = entry.dn.split(',')[0].split("=")[1]
+
+        cn  = entry.dn[     /cn\s*=\s*([^,\s]+)/i,1]
+        dcs = entry.dn.scan(/dc\s*=\s*([^,\s]+)/i)
+        result[:name]    = fqdn ? ([cn]+dcs).join('.') : cn
         result[:parent] = get_parent_from_entry(entry) if parent_attribute
         result[:classes] = get_classes_from_entry(entry)
         result[:stacked] = get_stacked_values_from_entry(entry)

data/lib/puppet/indirector/ssl_file.rb

@@ -91,7 +91,7 @@ class Puppet::Indirector::SslFile < Puppet::Indirector::Terminus
     def save(request)
         path = path(request.key)
         dir = File.dirname(path)
-
+ 
         raise Puppet::Error.new("Cannot save %s; parent directory %s does not exist" % [request.key, dir]) unless FileTest.directory?(dir)
         raise Puppet::Error.new("Cannot save %s; parent directory %s is not writable" % [request.key, dir]) unless FileTest.writable?(dir)
 

data/lib/puppet/network/authstore.rb

@@ -49,7 +49,7 @@ module Puppet
                 return decl.result
             end
 
-            self.info "defaulting to no access for %s" % name
+            info "defaulting to no access for %s" % name
             return false
         end
 
@@ -78,11 +78,7 @@ module Puppet
         end
 
         def interpolate(match)
-            declarations = @declarations.collect do |ace|
-                ace.interpolate(match)
-            end
-            declarations.sort!
-            Thread.current[:declarations] = declarations
+            Thread.current[:declarations] = @declarations.collect { |ace| ace.interpolate(match) }.sort
         end
 
         def reset_interpolation
@@ -96,8 +92,7 @@ module Puppet
         # this is used if we want to override the this purely immutable list
         # by a modified version in a multithread safe way.
         def declarations
-            return Thread.current[:declarations] if Thread.current[:declarations]
-            @declarations
+            Thread.current[:declarations] || @declarations
         end
 
         # Store the results of a pattern into our hash.  Basically just
@@ -130,46 +125,21 @@ module Puppet
             # The length.  Only used for iprange and domain.
             attr_accessor :length
 
-            # Sort the declarations specially.
+            # Sort the declarations most specific first.
             def <=>(other)
-                # Sort first based on whether the matches are exact.
-                if r = compare(exact?, other.exact?)
-                    return r
-                end
-
-                # Then by type
-                if r = compare(self.ip?, other.ip?)
-                    return r
-                end
-
-                # Next sort based on length
-                unless self.length == other.length
-                    # Longer names/ips should go first, because they're more
-                    # specific.
-                    return other.length <=> self.length
-                end
-
-                # Then sort deny before allow
-                if r = compare(self.deny?, other.deny?)
-                    return r
-                end
-
-                # We've already sorted by name and length, so all that's left
-                # is the pattern
-                if ip?
-                    return self.pattern.to_s <=> other.pattern.to_s
-                else
-                    return self.pattern <=> other.pattern
-                end
+                compare(exact?, other.exact?) || 
+                compare(ip?, other.ip?)  ||
+                ((length != other.length) &&  (other.length <=> length)) ||
+                compare(deny?, other.deny?) ||
+                ( ip? ? pattern.to_s <=> other.pattern.to_s : pattern <=> other.pattern)
             end
 
             def deny?
-                self.type == :deny
+                type == :deny
             end
 
-            # Are we an exact match?
             def exact?
-                self.length.nil?
+                @exact == :exact
             end
 
             def initialize(type, pattern)
@@ -179,16 +149,12 @@ module Puppet
 
             # Are we an IP type?
             def ip?
-                self.name == :ip
+                name == :ip
             end
 
             # Does this declaration match the name/ip combo?
             def match?(name, ip)
-                if self.ip?
-                    return pattern.include?(IPAddr.new(ip))
-                else
-                    return matchname?(name)
-                end
+                ip? ? pattern.include?(IPAddr.new(ip)) : matchname?(name)
             end
 
             # Set the pattern appropriately.  Also sets the name and length.
@@ -199,15 +165,11 @@ module Puppet
 
             # Mapping a type of statement into a return value.
             def result
-                case @type
-                when :allow; true
-                else
-                    false
-                end
+                type == :allow
             end
 
             def to_s
-                "%s: %s" % [self.type, self.pattern]
+                "#{type}: #{pattern}"
             end
 
             # Set the declaration type.  Either :allow or :deny.
@@ -238,86 +200,54 @@ module Puppet
             # -1 if the first is true, and 1 if the second is true.  Used
             # in the <=> operator.
             def compare(me, them)
-                unless me and them
-                    if me
-                        return -1
-                    elsif them
-                        return 1
-                    else
-                        return false
-                    end
-                end
-                return nil
+                (me and them) ? nil : me ? -1 : them ? 1 : nil
             end
 
             # Does the name match our pattern?
             def matchname?(name)
                 name = munge_name(name)
-                return true if self.pattern == name
-
-                # If it's an exact match, then just return false, since the
-                # exact didn't match.
-                if exact?
-                    return false
-                end
-
-                # If every field in the pattern matches, then we consider it
-                # a match.
-                pattern.zip(name) do |p,n|
-                    unless p == n
-                        return false
-                    end
-                end
-
-                return true
+                (pattern == name) or (not exact? and pattern.zip(name).all? { |p,n| p == n })
             end
 
             # Convert the name to a common pattern.
             def munge_name(name)
                 # LAK:NOTE http://snurl.com/21zf8  [groups_google_com]
-                # Change to x = name.downcase.split(".",-1).reverse for FQDN support
-                x = name.downcase.split(".").reverse
+                # Change to name.downcase.split(".",-1).reverse for FQDN support
+                name.downcase.split(".").reverse
             end
 
             # Parse our input pattern and figure out what kind of allowal
             # statement it is.  The output of this is used for later matching.
+            Octet = '(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])'
+            IPv4 = "#{Octet}\.#{Octet}\.#{Octet}\.#{Octet}"
+            IPv6_full    = "_:_:_:_:_:_:_:_|_:_:_:_:_:_::_?|_:_:_:_:_::((_:)?_)?|_:_:_:_::((_:){0,2}_)?|_:_:_::((_:){0,3}_)?|_:_::((_:){0,4}_)?|_::((_:){0,5}_)?|::((_:){0,6}_)?"
+            IPv6_partial = "_:_:_:_:_:_:|_:_:_:_::(_:)?|_:_::(_:){0,2}|_::(_:){0,3}"
+            # It should be:
+            #     IP = "#{IPv4}|#{IPv6_full}|(#{IPv6_partial}#{IPv4})".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
+            # but ruby's ipaddr lib doesn't support the hybrid format
+            IP = "#{IPv4}|#{IPv6_full}".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
             def parse(value)
-                # Use the IPAddr class to determine if we've got a
-                # valid IP address.
-                @length = Integer($1) if value =~ /\/(\d+)$/
-                begin
-                    @pattern = IPAddr.new(value)
-                    @name = :ip
-                rescue ArgumentError => detail
-                    case value
-                    when /^(\d+\.){1,3}\*$/ # an ip address with a '*' at the end
-                        @name = :ip
-                        segments = value.split(".")[0..-2]
-                        @length = 8*segments.length
-                        begin
-                            @pattern = IPAddr.new((segments+[0,0,0])[0,4].join(".") + "/" + @length.to_s)
-                        rescue ArgumentError => detail
-                            raise AuthStoreError, "Invalid IP address pattern %s" % value
-                        end
-                    when /^([a-zA-Z0-9][-\w]*\.)+[-\w]+$/ # a full hostname
-                        # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support
-                        @name = :domain
-                        @pattern = munge_name(value)
-                    when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com
-                        @name = :domain
-                        @pattern = munge_name(value)
-                        @pattern.pop # take off the '*'
-                        @length = @pattern.length
-                    when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
-                        @name = :dynamic
-                        @pattern = munge_name(value)
-                    when /^[a-zA-Z0-9][-a-zA-Z0-9_.@]*$/
-                        @pattern = [value]
-                        @length = nil # force an exact match
-                        @name = :opaque
-                    else
-                        raise AuthStoreError, "Invalid pattern %s" % value
-                    end
+                @name,@exact,@length,@pattern = *case value
+                when /^(?:#{IP})\/(\d+)$/                                   # 12.34.56.78/24, a001:b002::efff/120, c444:1000:2000::9:192.168.0.1/112
+                    [:ip,:inexact,$1.to_i,IPAddr.new(value)]
+                when /^(#{IP})$/                                          # 10.20.30.40, 
+                    [:ip,:exact,nil,IPAddr.new(value)]
+                when /^(#{Octet}\.){1,3}\*$/                              # an ip address with a '*' at the end
+                    segments = value.split(".")[0..-2]
+                    bits = 8*segments.length
+                    [:ip,:inexact,bits,IPAddr.new((segments+[0,0,0])[0,4].join(".") + "/#{bits}")]
+                when /^(\w[-\w]*\.)+[-\w]+$/                              # a full hostname
+                    # Change to /^(\w[-\w]*\.)+[-\w]+\.?$/ for FQDN support
+                    [:domain,:exact,nil,munge_name(value)]
+                when /^\*(\.(\w[-\w]*)){1,}$/                             # *.domain.com
+                    host_sans_star = munge_name(value)[0..-2]
+                    [:domain,:inexact,host_sans_star.length,host_sans_star]
+                when /\$\d+/                                              # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
+                    [:dynamic,:exact,nil,munge_name(value)]
+                when /^\w[-.@\w]*$/                                       # ? Just like a host name but allow '@'s and ending '.'s
+                    [:opaque,:exact,nil,[value]]
+                else
+                    raise AuthStoreError, "Invalid pattern %s" % value
                 end
             end
         end