RubyGems - puppet - Versions diffs - 0.9.2 - Mend

puppet 0.9.2

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (182) hide show

data/CHANGELOG +0 -0
data/COPYING +340 -0
data/LICENSE +17 -0
data/README +24 -0
data/Rakefile +294 -0
data/TODO +4 -0
data/bin/cf2puppet +186 -0
data/bin/puppet +176 -0
data/bin/puppetca +213 -0
data/bin/puppetd +246 -0
data/bin/puppetdoc +184 -0
data/bin/puppetmasterd +258 -0
data/examples/code/allatonce +13 -0
data/examples/code/assignments +11 -0
data/examples/code/classing +35 -0
data/examples/code/components +73 -0
data/examples/code/execs +16 -0
data/examples/code/failers/badclassnoparam +10 -0
data/examples/code/failers/badclassparam +10 -0
data/examples/code/failers/badcompnoparam +9 -0
data/examples/code/failers/badcompparam +9 -0
data/examples/code/failers/badtypeparam +3 -0
data/examples/code/file.bl +11 -0
data/examples/code/filedefaults +10 -0
data/examples/code/fileparsing +116 -0
data/examples/code/filerecursion +15 -0
data/examples/code/functions +3 -0
data/examples/code/groups +7 -0
data/examples/code/head +30 -0
data/examples/code/importing +8 -0
data/examples/code/nodes +20 -0
data/examples/code/one +8 -0
data/examples/code/relationships +34 -0
data/examples/code/selectors +28 -0
data/examples/code/simpletests +11 -0
data/examples/code/snippets/argumentdefaults +14 -0
data/examples/code/snippets/casestatement +39 -0
data/examples/code/snippets/classheirarchy.pp +15 -0
data/examples/code/snippets/classincludes.pp +17 -0
data/examples/code/snippets/classpathtest +11 -0
data/examples/code/snippets/dirchmod +19 -0
data/examples/code/snippets/failmissingexecpath.pp +13 -0
data/examples/code/snippets/falsevalues.pp +3 -0
data/examples/code/snippets/filecreate +11 -0
data/examples/code/snippets/implicititeration +15 -0
data/examples/code/snippets/multipleinstances +7 -0
data/examples/code/snippets/namevartest +9 -0
data/examples/code/snippets/scopetest +13 -0
data/examples/code/snippets/selectorvalues.pp +22 -0
data/examples/code/snippets/simpledefaults +5 -0
data/examples/code/snippets/simpleselector +38 -0
data/examples/code/svncommit +13 -0
data/examples/root/bin/sleeper +69 -0
data/examples/root/etc/configfile +0 -0
data/examples/root/etc/debian-passwd +29 -0
data/examples/root/etc/debian-syslog.conf +71 -0
data/examples/root/etc/init.d/sleeper +65 -0
data/examples/root/etc/otherfile +0 -0
data/examples/root/etc/puppet/fileserver.conf +3 -0
data/examples/root/etc/puppet/puppetmasterd.conf +10 -0
data/ext/module:puppet +195 -0
data/install.rb +270 -0
data/lib/puppet.rb +249 -0
data/lib/puppet/base64.rb +19 -0
data/lib/puppet/client.rb +519 -0
data/lib/puppet/config.rb +49 -0
data/lib/puppet/daemon.rb +208 -0
data/lib/puppet/element.rb +71 -0
data/lib/puppet/event.rb +259 -0
data/lib/puppet/log.rb +321 -0
data/lib/puppet/metric.rb +250 -0
data/lib/puppet/parsedfile.rb +38 -0
data/lib/puppet/parser/ast.rb +1560 -0
data/lib/puppet/parser/interpreter.rb +150 -0
data/lib/puppet/parser/lexer.rb +226 -0
data/lib/puppet/parser/parser.rb +1354 -0
data/lib/puppet/parser/scope.rb +755 -0
data/lib/puppet/server.rb +170 -0
data/lib/puppet/server/authstore.rb +227 -0
data/lib/puppet/server/ca.rb +140 -0
data/lib/puppet/server/filebucket.rb +147 -0
data/lib/puppet/server/fileserver.rb +477 -0
data/lib/puppet/server/logger.rb +43 -0
data/lib/puppet/server/master.rb +103 -0
data/lib/puppet/server/servlet.rb +247 -0
data/lib/puppet/sslcertificates.rb +737 -0
data/lib/puppet/statechange.rb +150 -0
data/lib/puppet/storage.rb +95 -0
data/lib/puppet/transaction.rb +179 -0
data/lib/puppet/transportable.rb +151 -0
data/lib/puppet/type.rb +1354 -0
data/lib/puppet/type/component.rb +141 -0
data/lib/puppet/type/cron.rb +543 -0
data/lib/puppet/type/exec.rb +316 -0
data/lib/puppet/type/group.rb +152 -0
data/lib/puppet/type/nameservice.rb +3 -0
data/lib/puppet/type/nameservice/netinfo.rb +173 -0
data/lib/puppet/type/nameservice/objectadd.rb +146 -0
data/lib/puppet/type/nameservice/posix.rb +200 -0
data/lib/puppet/type/package.rb +420 -0
data/lib/puppet/type/package/apt.rb +70 -0
data/lib/puppet/type/package/dpkg.rb +108 -0
data/lib/puppet/type/package/rpm.rb +81 -0
data/lib/puppet/type/package/sun.rb +117 -0
data/lib/puppet/type/package/yum.rb +58 -0
data/lib/puppet/type/pfile.rb +569 -0
data/lib/puppet/type/pfile/checksum.rb +219 -0
data/lib/puppet/type/pfile/create.rb +108 -0
data/lib/puppet/type/pfile/group.rb +129 -0
data/lib/puppet/type/pfile/mode.rb +131 -0
data/lib/puppet/type/pfile/source.rb +264 -0
data/lib/puppet/type/pfile/type.rb +31 -0
data/lib/puppet/type/pfile/uid.rb +166 -0
data/lib/puppet/type/pfilebucket.rb +80 -0
data/lib/puppet/type/pprocess.rb +97 -0
data/lib/puppet/type/service.rb +347 -0
data/lib/puppet/type/service/base.rb +17 -0
data/lib/puppet/type/service/debian.rb +50 -0
data/lib/puppet/type/service/init.rb +145 -0
data/lib/puppet/type/service/smf.rb +29 -0
data/lib/puppet/type/state.rb +182 -0
data/lib/puppet/type/symlink.rb +183 -0
data/lib/puppet/type/tidy.rb +183 -0
data/lib/puppet/type/typegen.rb +149 -0
data/lib/puppet/type/typegen/filerecord.rb +243 -0
data/lib/puppet/type/typegen/filetype.rb +316 -0
data/lib/puppet/type/user.rb +290 -0
data/lib/puppet/util.rb +138 -0
data/test/certmgr/certmgr.rb +265 -0
data/test/client/client.rb +203 -0
data/test/executables/puppetbin.rb +53 -0
data/test/executables/puppetca.rb +79 -0
data/test/executables/puppetd.rb +71 -0
data/test/executables/puppetmasterd.rb +153 -0
data/test/executables/puppetmodule.rb +60 -0
data/test/language/ast.rb +412 -0
data/test/language/interpreter.rb +71 -0
data/test/language/scope.rb +412 -0
data/test/language/snippets.rb +445 -0
data/test/other/events.rb +111 -0
data/test/other/log.rb +195 -0
data/test/other/metrics.rb +92 -0
data/test/other/overrides.rb +115 -0
data/test/other/parsedfile.rb +31 -0
data/test/other/relationships.rb +113 -0
data/test/other/state.rb +106 -0
data/test/other/storage.rb +39 -0
data/test/other/transactions.rb +235 -0
data/test/parser/lexer.rb +120 -0
data/test/parser/parser.rb +180 -0
data/test/puppet/conffiles.rb +104 -0
data/test/puppet/defaults.rb +100 -0
data/test/puppet/error.rb +23 -0
data/test/puppet/utiltest.rb +120 -0
data/test/puppettest.rb +774 -0
data/test/server/authstore.rb +209 -0
data/test/server/bucket.rb +227 -0
data/test/server/ca.rb +201 -0
data/test/server/fileserver.rb +710 -0
data/test/server/logger.rb +175 -0
data/test/server/master.rb +150 -0
data/test/server/server.rb +130 -0
data/test/tagging/tagging.rb +80 -0
data/test/test +51 -0
data/test/types/basic.rb +119 -0
data/test/types/component.rb +272 -0
data/test/types/cron.rb +261 -0
data/test/types/exec.rb +273 -0
data/test/types/file.rb +616 -0
data/test/types/filebucket.rb +167 -0
data/test/types/fileignoresource.rb +287 -0
data/test/types/filesources.rb +587 -0
data/test/types/filetype.rb +162 -0
data/test/types/group.rb +271 -0
data/test/types/package.rb +205 -0
data/test/types/query.rb +101 -0
data/test/types/service.rb +100 -0
data/test/types/symlink.rb +93 -0
data/test/types/tidy.rb +124 -0
data/test/types/type.rb +135 -0
data/test/types/user.rb +371 -0
metadata +243 -0

@@ -0,0 +1,170 @@
+# the server
+#
+# allow things to connect to us and communicate, and stuff
+require 'puppet'
+require 'puppet/daemon'
+$noservernetworking = false
+begin
+    require 'webrick'
+    require 'webrick/https'
+    require 'cgi'
+    require 'xmlrpc/server'
+    require 'xmlrpc/client'
+rescue LoadError => detail
+    $noservernetworking = detail
+end
+module Puppet
+    class ServerError < RuntimeError; end
+    #---------------------------------------------------------------
+    if $noservernetworking
+        Puppet.err "Could not create server: %s" % $noservernetworking
+        class Server; end
+    else
+        class Server < WEBrick::HTTPServer
+            include Puppet::Daemon
+            def initialize(hash = {})
+                daemonize = nil
+                if hash.include?(:Daemonize)
+                    daemonize = hash[:Daemonize]
+                end
+                if daemonize
+                    self.daemonize
+                end
+                # FIXME we should have some kind of access control here, using
+                # :RequestHandler
+                hash[:Port] ||= Puppet[:masterport]
+                hash[:Logger] ||= self.httplog
+                hash[:AccessLog] ||= [
+                    [ self.httplog, WEBrick::AccessLog::COMMON_LOG_FORMAT ],
+                    [ self.httplog, WEBrick::AccessLog::REFERER_LOG_FORMAT ]
+                ]
+                if hash.include?(:Handlers)
+                    unless hash[:Handlers].is_a?(Hash)
+                        raise ServerError, "Handlers must have arguments"
+                    end
+                    @handlers = hash[:Handlers].collect { |handler, args|
+                        hclass = nil
+                        unless hclass = Handler.handler(handler)
+                            raise ServerError, "Invalid handler %s" % handler
+                        end
+                        hclass.new(args)
+                    }
+                else
+                    raise ServerError, "A server must have handlers"
+                end
+                # okay, i need to retrieve my cert and set it up, somehow
+                # the default case will be that i'm also the ca
+                if ca = @handlers.find { |handler| handler.is_a?(Puppet::Server::CA) }
+                    @driver = ca
+                    @secureinit = true
+                    self.fqdn
+                end
+                unless self.readcert
+                    unless self.requestcert
+                        raise Puppet::Error, "Cannot start without certificates"
+                    end
+                end
+                hash[:SSLCertificate] = @cert
+                hash[:SSLPrivateKey] = @key
+                hash[:SSLStartImmediately] = true
+                hash[:SSLEnable] = true
+                hash[:SSLCACertificateFile] = @cacertfile
+                hash[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER
+                hash[:SSLCertName] = nil
+                super(hash)
+                Puppet.info "Listening on port %s" % hash[:Port]
+                # this creates a new servlet for every connection,
+                # but all servlets have the same list of handlers
+                # thus, the servlets can have their own state -- passing
+                # around the requests and such -- but the handlers
+                # have a global state
+                # mount has to be called after the server is initialized
+                self.mount("/RPC2", Puppet::Server::Servlet, @handlers)
+            end
+        end
+    end
+    class Server
+        # the base class for the different handlers
+        class Handler
+            attr_accessor :server
+            @subclasses = []
+            def self.each
+                @subclasses.each { |c| yield c }
+            end
+            def self.handler(name)
+                @subclasses.find { |h|
+                    h.name == name
+                }
+            end
+            def self.inherited(sub)
+                @subclasses << sub
+            end
+            def self.interface
+                if defined? @interface
+                    return @interface
+                else
+                    raise Puppet::DevError, "Handler %s has no defined interface" %
+                        self
+                end
+            end
+            def self.name
+                unless defined? @name
+                    @name = self.to_s.sub(/.+::/, '').intern
+                end
+                return @name
+            end
+            def initialize(hash = {})
+            end
+        end
+        class ServerStatus < Handler
+            @interface = XMLRPC::Service::Interface.new("status") { |iface|
+                iface.add_method("int status()")
+            }
+            @name = :Status
+            def status(status = nil, client = nil, clientip = nil)
+                return 1
+            end
+        end
+    end
+    #---------------------------------------------------------------
+end
+require 'puppet/server/authstore'
+require 'puppet/server/servlet'
+require 'puppet/server/master'
+require 'puppet/server/ca'
+require 'puppet/server/fileserver'
+require 'puppet/server/filebucket'
+require 'puppet/server/logger'
+require 'puppet/client'
+# $Id: server.rb 732 2005-10-28 05:39:59Z luke $

data/lib/puppet/server/authstore.rb ADDED

@@ -0,0 +1,227 @@
+#!/usr/bin/ruby -w
+#--------------------
+# standard module for determining whether a given hostname or IP has access to
+# the requested resource
+#
+# $Id: authstore.rb 742 2005-11-16 17:12:11Z luke $
+require 'ipaddr'
+module Puppet
+class Server
+    class AuthStoreError < Puppet::Error; end
+    class AuthorizationError < Puppet::Error; end
+    class AuthStore
+        ORDER = {
+            :ip => [:ip],
+            :name => [:hostname, :domain]
+        }
+        Puppet::Util.logmethods(self, false)
+        def allow(pattern)
+            # a simple way to allow anyone at all to connect
+            if pattern == "*"
+                @globalallow = true
+            else
+                store(pattern, @allow)
+            end
+        end
+        def allowed?(name, ip)
+            if name or ip
+                unless name and ip
+                    raise Puppet::DevError, "Name and IP must be passed to 'allowed?'"
+                end
+                # else, we're networked and such
+            else
+                # we're local
+                return true
+            end
+            # yay insecure overrides
+            if @globalallow
+                return true
+            end
+            value = nil
+            ORDER.each { |nametype, array|
+                if nametype == :ip
+                    value = IPAddr.new(ip)
+                else
+                    value = name.split(".").reverse
+                end
+                array.each { |type|
+                    [[@deny, false], [@allow, true]].each { |ary|
+                        hash, retval = ary
+                        if hash.include?(type)
+                            hash[type].each { |pattern|
+                                if match?(nametype, value, pattern)
+                                    return retval
+                                end
+                            }
+                        end
+                    }
+                }
+            }
+            self.info "Defaulting to false for %s" % name
+            # default to false
+            return false
+        end
+        def deny(pattern)
+            store(pattern, @deny)
+        end
+        def initialize
+            @globalallow = nil
+            @allow = Hash.new { |hash, key|
+                hash[key] = []
+            }
+            @deny = Hash.new { |hash, key|
+                hash[key] = []
+            }
+        end
+        private
+        def match?(nametype, value, pattern)
+            if value == pattern # simplest shortcut
+                return true
+            end
+            case nametype
+            when :ip: matchip?(value, pattern)
+            when :name: matchname?(value, pattern)
+            else
+                raise Puppet::DevError, "Invalid match type %s" % nametype
+            end
+        end
+        def matchip?(value, pattern)
+            # we're just using builtin stuff for this, thankfully
+            if pattern.include?(value)
+                return true
+            else
+                return false
+            end
+        end
+        def matchname?(value, pattern)
+            # yay, horribly inefficient
+            if pattern[-1] != '*' # the pattern has no metachars and is not equal
+                                    # thus, no match
+                #Puppet.info "%s is not equal with no * in %s" % [value, pattern]
+                return false
+            else
+                # we know the last field of the pattern is '*'
+                # if everything up to that doesn't match, we're definitely false
+                if pattern[0..-2] != value[0..pattern.length-2]
+                    #Puppet.notice "subpatterns didn't match; %s vs %s" %
+                    #    [pattern[0..-2], value[0..pattern.length-2]]
+                    return false
+                end
+                case value.length <=> pattern.length
+                when -1: # value is shorter than pattern
+                    if pattern.length - value.length == 1
+                        # only ever allowed when the value is the domain of a
+                        # splatted pattern
+                        #Puppet.info "allowing splatted domain %s" % [value]
+                        return true
+                    else
+                        return false
+                    end
+                when 0: # value is the same length as pattern
+                    if pattern[-1] == "*"
+                        #Puppet.notice "same length with *"
+                        return true
+                    else
+                        return false
+                    end
+                when 1: # value is longer than pattern
+                    # at this point we've already verified that everything up to
+                    # the '*' in the pattern matches, so we are true
+                    return true
+                end
+            end
+        end
+        def store(pattern, hash)
+            type, value = type(pattern)
+            if type and value
+                # this won't work once we get beyond simple stuff...
+                hash[type] << value
+            else
+                raise AuthStoreError, "Invalid pattern %s" % pattern
+            end
+        end
+        def type(pattern)
+            type = value = nil
+            case pattern
+            when /^(\d+\.){3}\d+$/:
+                type = :ip
+                begin
+                    value = IPAddr.new(pattern)
+                rescue ArgumentError => detail
+                    raise AuthStoreError, "Invalid IP address pattern %s" % pattern
+                end
+            when /^(\d+\.){3}\d+\/(\d+)$/:
+                mask = Integer($2)
+                if mask < 1 or mask > 32
+                    raise AuthStoreError, "Invalid IP mask %s" % mask
+                end
+                type = :ip
+                begin
+                    value = IPAddr.new(pattern)
+                rescue ArgumentError => detail
+                    raise AuthStoreError, "Invalid IP address pattern %s" % pattern
+                end
+            when /^(\d+\.){1,3}\*$/: # an ip address with a '*' at the end
+                type = :ip
+                match = $1
+                match.sub!(".", '')
+                ary = pattern.split(".")
+                mask = case ary.index(match)
+                when 0: 8
+                when 1: 16
+                when 2: 24
+                else
+                    raise AuthStoreError, "Invalid IP pattern %s" % pattern
+                end
+                ary.pop
+                while ary.length < 4
+                    ary.push("0")
+                end
+                begin
+                    value = IPAddr.new(ary.join(".") + "/" + mask.to_s)
+                rescue ArgumentError => detail
+                    raise AuthStoreError, "Invalid IP address pattern %s" % pattern
+                end
+            when /^[\d.]+$/: # necessary so incomplete IP addresses can't look
+                             # like hostnames
+                raise AuthStoreError, "Invalid IP address pattern %s" % pattern
+            when /^([a-zA-Z][-\w]*\.)+[-\w]+$/: # a full hostname
+                type = :hostname
+                value = pattern.split(".").reverse
+            when /^\*\.([a-zA-Z][-\w]*\.)+[-\w]+$/: # this doesn't match TLDs
+                type = :domain
+                value = pattern.split(".").reverse
+            else
+                raise AuthStoreError, "Invalid pattern %s" % pattern
+            end
+            return [type, value]
+        end
+    end
+end
+end

data/lib/puppet/server/ca.rb ADDED

@@ -0,0 +1,140 @@
+require 'openssl'
+require 'puppet'
+require 'puppet/sslcertificates'
+require 'xmlrpc/server'
+# Much of this was taken from QuickCert:
+#   http://segment7.net/projects/ruby/QuickCert/
+module Puppet
+class Server
+    class CAError < Puppet::Error; end
+    class CA < Handler
+        attr_reader :ca
+        @interface = XMLRPC::Service::Interface.new("puppetca") { |iface|
+            iface.add_method("array getcert(csr)")
+        }
+        # FIXME autosign? should probably accept both hostnames and IP addresses
+        def autosign?(hostname)
+            # simple values are easy
+            if @autosign == true or @autosign == false
+                return @autosign
+            end
+            # we only otherwise know how to handle files
+            unless @autosign =~ /^\//
+                raise Puppet::Error, "Invalid autosign value %s" %
+                    @autosign
+            end
+            unless FileTest.exists?(@autosign)
+                Puppet.info "Autosign is enabled but %s is missing" % @autosign
+                return false
+            end
+            auth = Puppet::Server::AuthStore.new
+            File.open(@autosign) { |f|
+                f.each { |line|
+                    auth.allow(line.chomp)
+                }
+            }
+            # for now, just cheat and pass a fake IP address to allowed?
+            return auth.allowed?(hostname, "127.1.1.1")
+        end
+        def initialize(hash = {})
+            @autosign = hash[:autosign] || Puppet[:autosign]
+            @ca = Puppet::SSLCertificates::CA.new()
+        end
+        # our client sends us a csr, and we either store it for later signing,
+        # or we sign it right away
+        def getcert(csrtext, client = nil, clientip = nil)
+            csr = OpenSSL::X509::Request.new(csrtext)
+            # Use the hostname from the CSR, not from the network.
+            subject = csr.subject
+            nameary = subject.to_a.find { |ary|
+                ary[0] == "CN"
+            }
+            if nameary.nil?
+                Puppet.err(
+                    "Invalid certificate request: could not retrieve server name"
+                )
+                return "invalid"
+            end
+            hostname = nameary[1]
+            unless @ca
+                Puppet.notice "Host %s asked for signing from non-CA master" % hostname
+                return ""
+            end
+            # okay, we're now going to store the public key if we don't already
+            # have it
+            public_key = csr.public_key
+            unless FileTest.directory?(Puppet[:publickeydir])
+                Puppet.recmkdir(Puppet[:publickeydir])
+            end
+            pkeyfile = File.join(Puppet[:publickeydir], [hostname, "pem"].join('.'))
+            if FileTest.exists?(pkeyfile)
+                currentkey = File.open(pkeyfile) { |k| k.read }
+                unless currentkey == public_key.to_s
+                    raise Puppet::Error, "public keys for %s differ" % hostname
+                end
+            else
+                File.open(pkeyfile, "w", 0644) { |f|
+                    f.print public_key.to_s
+                }
+            end
+            unless FileTest.directory?(Puppet[:certdir])
+                Puppet.recmkdir(Puppet[:certdir], 0770)
+            end
+            certfile = File.join(Puppet[:certdir], [hostname, "pem"].join("."))
+            #puts hostname
+            #puts certfile
+            unless FileTest.directory?(Puppet[:csrdir])
+                Puppet.recmkdir(Puppet[:csrdir], 0770)
+            end
+            # first check to see if we already have a signed cert for the host
+            cert, cacert = ca.getclientcert(hostname)
+            if cert and cacert
+                Puppet.info "Retrieving existing certificate for %s" % hostname
+                #Puppet.info "Cert: %s; Cacert: %s" % [cert.class, cacert.class]
+                return [cert.to_pem, cacert.to_pem]
+            elsif @ca
+                if self.autosign?(hostname) or client.nil?
+                    if client.nil?
+                        Puppet.info "Signing certificate for CA server"
+                    end
+                    # okay, we don't have a signed cert
+                    # if we're a CA and autosign is turned on, then go ahead and sign
+                    # the csr and return the results
+                    Puppet.info "Signing certificate for %s" % hostname
+                    cert, cacert = @ca.sign(csr)
+                    Puppet.info "Cert: %s; Cacert: %s" % [cert.class, cacert.class]
+                    return [cert.to_pem, cacert.to_pem]
+                else # just write out the csr for later signing
+                    if @ca.getclientcsr(hostname)
+                        Puppet.info "Not replacing existing request from %s" % hostname
+                    else
+                        Puppet.info "Storing certificate request for %s" % hostname
+                        @ca.storeclientcsr(csr)
+                    end
+                    return ["", ""]
+                end
+            else
+                raise "huh?"
+            end
+        end
+    end
+end
+end