puppet 0.25.4 → 0.25.5

data/lib/puppet/defaults.rb

@@ -16,7 +16,7 @@ module Puppet
     else
         # Else, use system-wide directories.
         conf = "/etc/puppet"
-        var = "/var/puppet"
+        var = "/var/lib/puppet"
     end
 
     self.setdefaults(:main,
@@ -149,6 +149,8 @@ module Puppet
             huge numbers that can then not be fed back into the system.  This is a hackish way to fail in a
             slightly more useful way when that happens."],
         :node_terminus => ["plain", "Where to find information about nodes."],
+        :catalog_terminus => ["compiler", "Where to get node catalogs.  This is useful to change if, for instance,
+            you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store."],
         :httplog => { :default => "$logdir/http.log",
             :owner => "root",
             :mode => 0640,
@@ -159,9 +161,6 @@ module Puppet
             may need to use a FQDN for the server hostname when using a proxy."],
         :http_proxy_port => [3128,
             "The HTTP proxy port to use for outgoing connections"],
-        :http_enable_post_connection_check => [true,
-            "Boolean; whether or not puppetd should validate the server
-            SSL certificate against the request hostname."],
         :filetimeout => [ 15,
             "The minimum time to wait (in seconds) between checking for updates in
             configuration files.  This timeout determines how quickly Puppet checks whether
@@ -292,7 +291,9 @@ module Puppet
             :owner => "service",
             :desc => "Where the host's certificate revocation list can be found.
                 This is distinct from the certificate authority's CRL."
-        }
+        },
+        :certificate_revocation => [true, "Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL)
+            to all clients.  If enabled, CA chaining will almost definitely not work."]
     )
 
     setdefaults(:ca,
@@ -451,12 +452,12 @@ module Puppet
             directories.", :type => :setting }, # We don't want this to be considered a file, since it's multiple files.
         :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated
             client's SSL DN.  Only used with Mongrel.  This header must be set by the proxy
-            to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``).
-            See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information."],
+            to the authenticated client's SSL DN (e.g., ``/CN=puppet.puppetlabs.com``).
+            See http://puppetlabs.com/puppet/trac/wiki/UsingMongrel for more information."],
         :ssl_client_verify_header => ["HTTP_X_CLIENT_VERIFY", "The header containing the status
             message of the client verification. Only used with Mongrel.  This header must be set by the proxy
             to 'SUCCESS' if the client successfully authenticated, and anything else otherwise.
-            See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information."],
+            See http://puppetlabs.com/puppet/trac/wiki/UsingMongrel for more information."],
         # To make sure this directory is created before we try to use it on the server, we need
         # it to be in the server section (#1138).
         :yamldir => {:default => "$vardir/yaml", :owner => "service", :group => "service", :mode => "750",
@@ -559,6 +560,10 @@ module Puppet
             new configurations, where you want to fix the broken configuration
             rather than reverting to a known-good one."
         ],
+        :use_cached_catalog => [false,
+            "Whether to only use the cached catalog rather than compiling a new catalog
+            on every run.  Puppet can be run with this enabled by default and then selectively
+            disabled when a recompile is desired."],
         :ignorecache => [false,
             "Ignore cache and always recompile the configuration.  This is
             useful for testing new configurations, where the local cache may in
@@ -629,7 +634,7 @@ module Puppet
 
     # Central fact information.
     self.setdefaults(:main,
-        :factpath => {:default => "$vardir/facts/",
+        :factpath => {:default => "$vardir/lib/facter/:$vardir/facts",
             :desc => "Where Puppet should look for facts.  Multiple directories should
                 be colon-separated, like normal PATH variables.",
             :call_on_define => true, # Call our hook with the default value, so we always get the value added to facter.
@@ -670,11 +675,11 @@ module Puppet
         :dbadapter => [ "sqlite3", "The type of database to use." ],
         :dbmigrate => [ false, "Whether to automatically migrate the database." ],
         :dbname => [ "puppet", "The name of the database to use." ],
-        :dbserver => [ "localhost", "The database server for Client caching. Only
+        :dbserver => [ "localhost", "The database server for caching. Only
             used when networked databases are used."],
-        :dbuser => [ "puppet", "The database user for Client caching. Only
+        :dbuser => [ "puppet", "The database user for caching. Only
             used when networked databases are used."],
-        :dbpassword => [ "puppet", "The database password for Client caching. Only
+        :dbpassword => [ "puppet", "The database password for caching. Only
             used when networked databases are used."],
         :dbsocket => [ "", "The database socket location. Only used when networked
             databases are used.  Will be ignored if the value is an empty string."],
@@ -724,7 +729,7 @@ module Puppet
     setdefaults(:ldap,
         :ldapnodes => [false,
             "Whether to search for node configurations in LDAP.  See
-            http://reductivelabs.com/trac/puppet/wiki/LDAPNodes for more information."],
+            http://puppetlabs.com/trac/puppet/wiki/LDAPNodes for more information."],
         :ldapssl => [false,
             "Whether SSL should be used when searching for nodes.
             Defaults to false because SSL usually requires certificates

data/lib/puppet/file_serving/fileset.rb

@@ -9,7 +9,7 @@ require 'puppet/file_serving/metadata'
 # Operate recursively on a path, returning a set of file paths.
 class Puppet::FileServing::Fileset
     attr_reader :path, :ignore, :links
-    attr_accessor :recurse, :recurselimit
+    attr_accessor :recurse, :recurselimit, :checksum_type
 
     # Produce a hash of files, with merged so that earlier files
     # with the same postfix win.  E.g., /dir1/subfile beats /dir2/subfile.
@@ -105,7 +105,7 @@ class Puppet::FileServing::Fileset
     end
 
     def initialize_from_request(request)
-        [:links, :ignore, :recurse, :recurselimit].each do |param|
+        [:links, :ignore, :recurse, :recurselimit, :checksum_type].each do |param|
             if request.options.include?(param) # use 'include?' so the values can be false
                 value = request.options[param]
             elsif request.options.include?(param.to_s)

data/lib/puppet/file_serving/terminus_helper.rb

@@ -16,6 +16,7 @@ module Puppet::FileServing::TerminusHelper
 
         Puppet::FileServing::Fileset.merge(*filesets).collect do |file, base_path|
             inst = model.new(base_path, :relative_path => file)
+            inst.checksum_type = request.options[:checksum_type] if request.options[:checksum_type]
             inst.links = request.options[:links] if request.options[:links]
             inst.collect
             inst

data/lib/puppet/indirector/indirection.rb

@@ -145,6 +145,10 @@ class Puppet::Indirector::Indirection
         @terminus_class
     end
 
+    def reset_terminus_class
+        @terminus_class = nil
+    end
+
     # Specify the terminus class to use.
     def terminus_class=(klass)
         validate_terminus_class(klass)
@@ -161,19 +165,22 @@ class Puppet::Indirector::Indirection
         end
     end
 
-    # Expire a cached object, if one is cached.  Note that we now actually
-    # remove it if possible, and only mark it as expired if destroy isn't 
-    # supported.
+    # Expire a cached object, if one is cached.  Note that we don't actually
+    # remove it, we expire it and write it back out to disk.  This way people
+    # can still use the expired object if they want.
     def expire(key, *args)
-        if cache? and instance = cache.find(request(:find, key, *args))
-            Puppet.info "Expiring the #{name} cache of #{instance.name}"
-            if cache.respond_to? :destroy
-                cache.destroy(request(:destroy, instance, *args))
-            else
-                instance.expiration = Time.now - 1
-                cache.save(request(:save,instance,*args))
-            end
-        end
+        request = request(:expire, key, *args)
+
+        return nil unless cache?
+
+        return nil unless instance = cache.find(request(:find, key, *args))
+
+        Puppet.info "Expiring the %s cache of %s" % [self.name, instance.name]
+
+        # Set an expiration date in the past
+        instance.expiration = Time.now - 60
+
+        cache.save(request(:save, instance, *args))
     end
 
     # Search for an instance in the appropriate terminus, caching the
@@ -213,7 +220,7 @@ class Puppet::Indirector::Indirection
             return nil
         end
 
-        Puppet.debug "Using cached #{name} for #{request.key}, good until #{cached.expiration}"
+        Puppet.debug "Using cached %s for %s" % [self.name, request.key]
         return cached
     end
 

data/lib/puppet/network/authstore.rb

@@ -183,9 +183,9 @@ module Puppet
 
             # interpolate a pattern to replace any
             # backreferences by the given match
-            # for instance if our pattern is $1.reductivelabs.com
+            # for instance if our pattern is $1.puppetlabs.com
             # and we're called with a MatchData whose capture 1 is puppet
-            # we'll return a pattern of puppet.reductivelabs.com
+            # we'll return a pattern of puppet.puppetlabs.com
             def interpolate(match)
                 clone = dup
                 clone.pattern = clone.pattern.reverse.collect do |p|
@@ -242,7 +242,7 @@ module Puppet
                 when /^\*(\.(\w[-\w]*)){1,}$/                             # *.domain.com
                     host_sans_star = munge_name(value)[0..-2]
                     [:domain,:inexact,host_sans_star.length,host_sans_star]
-                when /\$\d+/                                              # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
+                when /\$\d+/                                              # a backreference pattern ala $1.puppetlabs.com or 192.168.0.$1 or $1.$2
                     [:dynamic,:exact,nil,munge_name(value)]
                 when /^\w[-.@\w]*$/                                       # ? Just like a host name but allow '@'s and ending '.'s
                     [:opaque,:exact,nil,[value]]

data/lib/puppet/network/format_handler.rb

@@ -142,7 +142,7 @@ module Puppet::Network::FormatHandler
                 list.delete(preferred_format)
                 list.unshift(preferred_format)
             else
-                Puppet.warning "Value of 'preferred_serialization_format' (#{preferred_format}) is invalid for #{friendly_name}, using default (#{list.first})"
+                Puppet.debug "Value of 'preferred_serialization_format' (#{preferred_format}) is invalid for #{friendly_name}, using default (#{list.first})"
             end
             list
         end

data/lib/puppet/network/handler/fileserver.rb

@@ -283,8 +283,8 @@ class Puppet::Network::Handler
                         when /\[([-\w]+)\]/
                             name = $1
                             if newmounts.include?(name)
-                                raise FileServerError, "%s is already mounted at %s" %
-                                    [newmounts[name], name], count, @configuration.file
+                                raise FileServerError, "%s is already mounted as %s in %s" %
+                                    [newmounts[name], name, @configuration.file]
                             end
                             mount = Mount.new(name)
                             newmounts[name] = mount

data/lib/puppet/network/handler/master.rb

@@ -66,7 +66,7 @@ class Puppet::Network::Handler
 
             case format
             when "yaml"
-                return CGI.escape(catalog.extract.to_yaml(:UseBlock => true))
+                return CGI.escape(catalog.extract.to_yaml)
             when "marshal"
                 return CGI.escape(Marshal.dump(catalog.extract))
             else

data/lib/puppet/network/http_pool.rb

@@ -94,8 +94,6 @@ module Puppet::Network::HttpPool
         # Use configured timeout (#1176)
         http.read_timeout = Puppet[:configtimeout]
         http.open_timeout = Puppet[:configtimeout]
-        # JJM Configurable fix for #896.
-        http.enable_post_connection_check = Puppet[:http_enable_post_connection_check]
 
         cert_setup(http)
 

data/lib/puppet/network/http_server/webrick.rb

@@ -28,7 +28,7 @@ module Puppet
                 crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
                 store = OpenSSL::X509::Store.new
                 store.purpose = OpenSSL::X509::PURPOSE_ANY
-                store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
+                store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK if Puppet.settings[:certificate_revocation]
                 unless self.ca_cert
                     raise Puppet::Error, "Could not find CA certificate"
                 end

data/lib/puppet/parser/ast/casestatement.rb

@@ -11,9 +11,9 @@ class Puppet::Parser::AST
         # Short-curcuit evaluation.  Return the value of the statements for
         # the first option that matches.
         def evaluate(scope)
+            level = scope.ephemeral_level
+
             value = @test.safeevaluate(scope)
-            sensitive = Puppet[:casesensitive]
-            value = value.downcase if ! sensitive and value.respond_to?(:downcase)
 
             retvalue = nil
             found = false
@@ -22,7 +22,7 @@ class Puppet::Parser::AST
             default = nil
             @options.each do |option|
                 option.eachopt do |opt|
-                    return option.safeevaluate(scope) if opt.evaluate_match(value, scope, :file => file, :line => line, :sensitive => sensitive)
+                    return option.safeevaluate(scope) if opt.evaluate_match(value, scope, :file => file, :line => line, :sensitive => Puppet[:casesensitive])
                 end
 
                 default = option if option.default?
@@ -34,7 +34,7 @@ class Puppet::Parser::AST
             Puppet.debug "No true answers and no default"
             return nil
         ensure
-            scope.unset_ephemeral_var
+            scope.unset_ephemeral_var(level)
         end
 
         def each

data/lib/puppet/parser/ast/ifstatement.rb

@@ -16,6 +16,7 @@ class Puppet::Parser::AST
         # else if there's an 'else' setting, evaluate it.
         # the first option that matches.
         def evaluate(scope)
+            level = scope.ephemeral_level
             value = @test.safeevaluate(scope)
 
             # let's emulate a new scope for each branches
@@ -30,7 +31,7 @@ class Puppet::Parser::AST
                     end
                 end
             ensure
-                scope.unset_ephemeral_var
+                scope.unset_ephemeral_var(level)
             end
         end
     end

data/lib/puppet/parser/ast/leaf.rb

@@ -16,6 +16,7 @@ class Puppet::Parser::AST
             if ! options[:sensitive] && obj.respond_to?(:downcase)
                 obj = obj.downcase
             end
+            value = value.downcase if not options[:sensitive] and value.respond_to?(:downcase)
             obj == value
         end
 

data/lib/puppet/parser/ast/selector.rb

@@ -12,13 +12,12 @@ class Puppet::Parser::AST
 
         # Find the value that corresponds with the test.
         def evaluate(scope)
+            level = scope.ephemeral_level
             # Get our parameter.
             paramvalue = @param.safeevaluate(scope)
 
             sensitive = Puppet[:casesensitive]
 
-            paramvalue = paramvalue.downcase if not sensitive and paramvalue.respond_to?(:downcase)
-
             default = nil
 
             unless @values.instance_of? AST::ASTArray or @values.instance_of? Array
@@ -39,7 +38,7 @@ class Puppet::Parser::AST
 
             self.fail Puppet::ParseError, "No matching value for selector param '%s'" % paramvalue
         ensure
-            scope.unset_ephemeral_var
+            scope.unset_ephemeral_var(level)
         end
 
         def to_s

data/lib/puppet/parser/functions/generate.rb

@@ -1,6 +1,6 @@
 # Runs an external command and returns the results
 Puppet::Parser::Functions::newfunction(:generate, :type => :rvalue,
-        :doc => "Calls an external command on the Puppet master and returns 
+        :doc => "Calls an external command on the Puppet master and returns
         the results of the command.  Any arguments are passed to the external command as
         arguments.  If the generator does not exit with return code of 0,
         the generator is considered to have failed and a parse error is
@@ -26,10 +26,8 @@ Puppet::Parser::Functions::newfunction(:generate, :type => :rvalue,
             end
 
             begin
-                output = Puppet::Util.execute(args)
+                Dir.chdir(File.dirname(args[0])) { Puppet::Util.execute(args) }
             rescue Puppet::ExecutionFailure => detail
-                raise Puppet::ParseError, "Failed to execute generator %s: %s" %
-                    [args[0], detail]
+                raise Puppet::ParseError, "Failed to execute generator #{args[0]}: #{detail}"
             end
-            output
 end

data/lib/puppet/parser/functions/require.rb

@@ -37,13 +37,20 @@ fail if used with earlier clients.
         vals = [vals] unless vals.is_a?(Array)
 
         vals.each do |klass|
+            # lookup the class in the scopes
+            if classobj = find_hostclass(klass)
+                klass = classobj.classname
+            else
+                raise Puppet::ParseError, "Could not find class %s" % klass
+            end
+
             # This is a bit hackish, in some ways, but it's the only way
             # to configure a dependency that will make it to the client.
             # The 'obvious' way is just to add an edge in the catalog,
             # but that is considered a containment edge, not a dependency
             # edge, so it usually gets lost on the client.
             ref = Puppet::Parser::Resource::Reference.new(:type => :class, :title => klass)
-            resource.set_parameter(:require, ref)
+            resource.set_parameter(:require, [resource[:require]].flatten.compact << ref)
         end
     end
 end

data/lib/puppet/parser/functions/template.rb

@@ -1,6 +1,6 @@
 Puppet::Parser::Functions::newfunction(:template, :type => :rvalue, :doc =>
     "Evaluate a template and return its value.  See `the templating docs
-    </trac/puppet/wiki/PuppetTemplating>`_ for more information.  Note that
+    <http://docs.puppetlabs.com/guides/templating.html>`_ for more information.  Note that
     if multiple templates are specified, their output is all concatenated
     and returned as the output of the function.") do |vals|
         require 'erb'

data/lib/puppet/parser/lexer.rb

@@ -262,16 +262,10 @@ class Puppet::Parser::Lexer
         return array
     end
 
-    # this is probably pretty damned inefficient...
-    # it'd be nice not to have to load the whole file first...
     def file=(file)
         @file = file
         @line = 1
-        File.open(file) { |of|
-            str = ""
-            of.each { |line| str += line }
-            @scanner = StringScanner.new(str)
-        }
+        @scanner = StringScanner.new(File.read(file))
     end
 
     def find_string_token

data/lib/puppet/parser/resource.rb

@@ -377,10 +377,16 @@ class Puppet::Parser::Resource
 
         # If we've gotten this far, we're allowed to override.
 
-        # Merge with previous value, if the parameter was generated with the +> syntax.
-        # It's important that we use the new param instance here, not the old one,
-        # so that the source is registered correctly for later overrides.
-        param.value = [current.value, param.value].flatten if param.add
+        # Merge with previous value, if the parameter was generated with the +> 
+        # syntax.  It's important that we use a copy of the new param instance 
+        # here, not the old one, and not the original new one, so that the source 
+        # is registered correctly for later overrides but the values aren't 
+        # implcitly shared when multiple resources are overrriden at once (see
+        # ticket #3556).
+        if param.add
+            param = param.dup 
+            param.value = [current.value, param.value].flatten
+        end
 
         set_parameter(param)
     end

data/lib/puppet/parser/scope.rb

@@ -20,6 +20,30 @@ class Puppet::Parser::Scope
     attr_accessor :top, :translated, :compiler
     attr_writer :parent
 
+    # thin wrapper around an ephemeral
+    # symbol table.
+    # when a symbol
+    class Ephemeral
+        def initialize(parent=nil)
+            @symbols = {}
+            @parent = parent
+        end
+
+        [:include?, :delete, :[]=].each do |m|
+            define_method(m) do |*args|
+                @symbols.send(m, *args)
+            end
+        end
+
+        def [](name)
+            unless @symbols.include?(name) or @parent.nil?
+                @parent[name]
+            else
+                @symbols[name]
+            end
+        end
+    end
+
     # A demeterific shortcut to the catalog.
     def catalog
         compiler.catalog
@@ -131,7 +155,9 @@ class Puppet::Parser::Scope
         # the ephemeral symbol tables
         # those should not persist long, and are used for the moment only
         # for $0..$xy capture variables of regexes
-        @ephemeral = {}
+        # this is actually implemented as a stack, with each ephemeral scope
+        # shadowing the previous one
+        @ephemeral = [ Ephemeral.new ]
 
         # All of the defaults set for types.  It's a hash of hashes,
         # with the first key being the type, then the second key being
@@ -194,13 +220,13 @@ class Puppet::Parser::Scope
     # Look up a variable.  The simplest value search we do.  Default to returning
     # an empty string for missing values, but support returning a constant.
     def lookupvar(name, usestring = true)
-        table = ephemeral?(name) ? @ephemeral : @symtable
+        table = ephemeral?(name) ? @ephemeral.last : @symtable
         # If the variable is qualified, then find the specified scope and look the variable up there instead.
         if name =~ /::/
             return lookup_qualified_var(name, usestring)
         end
         # We can't use "if table[name]" here because the value might be false
-        if table.include?(name)
+        if ephemeral_include?(name) or table.include?(name)
             if usestring and table[name] == :undef
                 return ""
             else
@@ -293,7 +319,7 @@ class Puppet::Parser::Scope
     # in scopes above, but will not allow variables in the current scope
     # to be reassigned.
     def setvar(name,value, options = {})
-        table = options[:ephemeral] ? @ephemeral : @symtable
+        table = options[:ephemeral] ? @ephemeral.last : @symtable
         #Puppet.debug "Setting %s to '%s' at level %s mode append %s" %
         #    [name.inspect,value,self.level, append]
         if table.include?(name)
@@ -338,7 +364,7 @@ class Puppet::Parser::Scope
                 else # look the variable up
                     # make sure $0-$9 are lookupable only if ephemeral
                     var = ss[1] || ss[3] || ss[4]
-                    if var and var =~ /^[0-9]+$/ and not ephemeral?(var)
+                    if var and var =~ /^[0-9]+$/ and not ephemeral_include?(var)
                         next
                     end
                     out << lookupvar(var).to_s || ""
@@ -403,23 +429,49 @@ class Puppet::Parser::Scope
 
     # Undefine a variable; only used for testing.
     def unsetvar(var)
-        table = ephemeral?(var) ? @ephemeral : @symtable
+        table = ephemeral?(var) ? @ephemeral.last : @symtable
         if table.include?(var)
             table.delete(var)
         end
     end
 
-    def unset_ephemeral_var
-        @ephemeral = {}
+    # remove ephemeral scope up to level
+    def unset_ephemeral_var(level=:all)
+        if level == :all
+            @ephemeral = [ Ephemeral.new ]
+        else
+            (@ephemeral.size - level).times do 
+                @ephemeral.pop
+            end
+        end
+    end
+
+    # check if name exists in one of the ephemeral scope.
+    def ephemeral_include?(name)
+        @ephemeral.reverse.each do |eph|
+            return true if eph.include?(name)
+        end
+        false
     end
 
+    # is name an ephemeral variable?
     def ephemeral?(name)
-        @ephemeral.include?(name)
+        name =~ /^\d+$/
+    end
+
+    def ephemeral_level
+        @ephemeral.size
+    end
+
+    def new_ephemeral
+        @ephemeral.push(Ephemeral.new(@ephemeral.last))
     end
 
     def ephemeral_from(match, file = nil, line = nil)
         raise(ArgumentError,"Invalid regex match data") unless match.is_a?(MatchData)
 
+        new_ephemeral
+
         setvar("0", match[0], :file => file, :line => line, :ephemeral => true)
         match.captures.each_with_index do |m,i|
             setvar("#{i+1}", m, :file => file, :line => line, :ephemeral => true)