puppet 2.6.12 → 2.6.13

data/lib/puppet.rb

@@ -24,7 +24,7 @@ require 'puppet/util/run_mode'
 # it's also a place to find top-level commands like 'debug'
 
 module Puppet
-  PUPPETVERSION = '2.6.12'
+  PUPPETVERSION = '2.6.13'
 
   def Puppet.version
     PUPPETVERSION

data/lib/puppet/application/inspect.rb

@@ -1,6 +1,4 @@
-require 'puppet'
 require 'puppet/application'
-require 'puppet/file_bucket/dipper'
 
 class Puppet::Application::Inspect < Puppet::Application
 
@@ -97,6 +95,11 @@ Licensed under the GNU General Public License version 2
     Puppet::Resource::Catalog.terminus_class = :yaml
   end
 
+  def preinit
+    require 'puppet'
+    require 'puppet/file_bucket/dipper'
+  end
+
   def run_command
     benchmark(:notice, "Finished inspection") do
       retrieval_starttime = Time.now

data/lib/puppet/application/queue.rb

@@ -10,7 +10,6 @@ class Puppet::Application::Queue < Puppet::Application
     require 'puppet/daemon'
     @daemon = Puppet::Daemon.new
     @daemon.argv = ARGV.dup
-    Puppet::Util::Log.newdestination(:console)
 
     # Do an initial trap, so that cancels don't get a stack trace.
 
@@ -37,6 +36,16 @@ class Puppet::Application::Queue < Puppet::Application
   option("--debug","-d")
   option("--verbose","-v")
 
+  option("--logdest DEST", "-l DEST") do |arg|
+    begin
+      Puppet::Util::Log.newdestination(arg)
+      options[:setdest] = true
+    rescue => detail
+      puts detail.backtrace if Puppet[:debug]
+      $stderr.puts detail.to_s
+    end
+  end
+
   def main
     require 'puppet/indirector/catalog/queue' # provides Puppet::Indirector::Queue.subscribe
     Puppet.notice "Starting puppetqd #{Puppet.version}"
@@ -67,6 +76,7 @@ class Puppet::Application::Queue < Puppet::Application
         Puppet::Util::Log.level = :info
       end
     end
+    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
   end
 
   def setup

data/lib/puppet/application/resource.rb

@@ -81,6 +81,9 @@ class Puppet::Application::Resource < Puppet::Application
         [ Puppet::Resource.new( type, name, :parameters => params ).save( key ) ]
       end
     else
+      if type == "file"
+        raise "Listing all file instances is not supported.  Please specify a file or directory, e.g. puppet resource file /etc"
+      end
       Puppet::Resource.search( key, {} )
     end.map(&format).join("\n")
 

data/lib/puppet/defaults.rb

@@ -124,7 +124,8 @@ module Puppet
       :desc => "The node facts terminus.",
       :hook => proc do |value|
         require 'puppet/node/facts'
-        if value.to_s == "rest"
+        # Cache to YAML if we're uploading facts away
+        if %w[rest inventory_service].include? value.to_s
           Puppet::Node::Facts.cache_class = :yaml
         end
       end

data/lib/puppet/indirector/facts/inventory_service.rb

@@ -0,0 +1,20 @@
+require 'puppet/node/facts'
+require 'puppet/indirector/rest'
+
+class Puppet::Node::Facts::InventoryService < Puppet::Indirector::REST
+  desc "Find and save facts about nodes using a remote inventory service."
+  use_server_setting(:inventory_server)
+  use_port_setting(:inventory_port)
+
+  # We don't want failing to upload to the inventory service to cause any
+  # failures, so we just suppress them and warn.
+  def save(request)
+    begin
+      super
+      true
+    rescue => e
+      Puppet.warning "Could not upload facts for #{request.key} to inventory service: #{e.to_s}"
+      false
+    end
+  end
+end

data/lib/puppet/indirector/report/processor.rb

@@ -20,9 +20,11 @@ class Puppet::Transaction::Report::Processor < Puppet::Indirector::Code
   # LAK:NOTE This isn't necessarily the best design, but it's backward
   # compatible and that's good enough for now.
   def process(report)
+    Puppet.debug "Recieved report to process from #{report.host}"
     return if Puppet[:reports] == "none"
 
     reports.each do |name|
+      Puppet.debug "Processing report from #{report.host} with processor #{name}"
       if mod = Puppet::Reports.report(name)
         # We have to use a dup because we're including a module in the
         # report.

data/lib/puppet/network/handler/filebucket.rb

@@ -1,6 +1,8 @@
 require 'fileutils'
 require 'digest/md5'
 require 'puppet/external/base64'
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 
 class Puppet::Network::Handler # :nodoc:
   # Accept files and store them by md5 sum, returning the md5 sum back

data/lib/puppet/network/handler/fileserver.rb

@@ -4,6 +4,7 @@ require 'webrick/httpstatus'
 require 'cgi'
 require 'delegate'
 require 'sync'
+require 'puppet/network/handler'
 
 require 'puppet/network/handler'
 require 'puppet/network/xmlrpc/server'

data/lib/puppet/network/handler/master.rb

@@ -2,6 +2,7 @@ require 'openssl'
 require 'puppet'
 require 'xmlrpc/server'
 require 'yaml'
+require 'puppet/network/handler'
 
 class Puppet::Network::Handler
   class MasterError < Puppet::Error; end

data/lib/puppet/network/handler/report.rb

@@ -1,5 +1,7 @@
 require 'puppet/util/instance_loader'
 require 'puppet/reports'
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 
 # A simple server for triggering a new run on a Puppet client.
 class Puppet::Network::Handler

data/lib/puppet/network/handler/runner.rb

@@ -1,5 +1,6 @@
 require 'puppet/run'
 require 'puppet/network/handler'
+require 'xmlrpc/server'
 
 class Puppet::Network::Handler
   class MissingMasterError < RuntimeError; end # Cannot find the master client

data/lib/puppet/network/handler/status.rb

@@ -1,3 +1,5 @@
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 class Puppet::Network::Handler
   class Status < Handler
     desc "A simple interface for testing Puppet connectivity."

data/lib/puppet/network/http_server.rb

@@ -0,0 +1,3 @@
+# Just a stub, so we can correctly scope other classes.
+module Puppet::Network::HTTPServer # :nodoc:
+end

data/lib/puppet/network/http_server/mongrel.rb

@@ -0,0 +1,129 @@
+#!/usr/bin/env ruby
+# File:       06-11-14-mongrel_xmlrpc.rb
+# Author:     Manuel Holtgrewe <purestorm at ggnore.net>
+#
+# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
+#
+# This file is based heavily on a file retrieved from
+# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
+
+require 'rubygems'
+require 'mongrel'
+require 'xmlrpc/server'
+require 'puppet/network/xmlrpc/server'
+require 'puppet/network/http_server'
+require 'puppet/network/client_request'
+require 'puppet/network/handler'
+
+require 'resolv'
+
+# This handler can be hooked into Mongrel to accept HTTP requests. After
+# checking whether the request itself is sane, the handler forwards it
+# to an internal instance of XMLRPC::BasicServer to process it.
+#
+# You can access the server by calling the Handler's "xmlrpc_server"
+# attribute accessor method and add XMLRPC handlers there. For example:
+#
+# <pre>
+# handler = XmlRpcHandler.new
+# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
+# </pre>
+module Puppet::Network
+  class HTTPServer::Mongrel < ::Mongrel::HttpHandler
+    attr_reader :xmlrpc_server
+
+    def initialize(handlers)
+      if Puppet[:debug]
+        $mongrel_debug_client = true
+        Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
+      end
+      # Create a new instance of BasicServer. We are supposed to subclass it
+      # but that does not make sense since we would not introduce any new
+      # behaviour and we have to subclass Mongrel::HttpHandler so our handler
+      # works for Mongrel.
+      @xmlrpc_server = Puppet::Network::XMLRPCServer.new
+      handlers.each do |name|
+        unless handler = Puppet::Network::Handler.handler(name)
+          raise ArgumentError, "Invalid handler #{name}"
+        end
+        @xmlrpc_server.add_handler(handler.interface, handler.new({}))
+      end
+    end
+
+    # This method produces the same results as XMLRPC::CGIServer.serve
+    # from Ruby's stdlib XMLRPC implementation.
+    def process(request, response)
+      # Make sure this has been a POST as required for XMLRPC.
+      request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
+      if request_method != "POST"
+        response.start(405) { |head, out| out.write("Method Not Allowed") }
+        return
+      end
+
+      # Make sure the user has sent text/xml data.
+      request_mime = request.params["CONTENT_TYPE"] || "text/plain"
+      if parse_content_type(request_mime).first != "text/xml"
+        response.start(400) { |head, out| out.write("Bad Request") }
+        return
+      end
+
+      # Make sure there is data in the body at all.
+      length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
+      if length <= 0
+        response.start(411) { |head, out| out.write("Length Required") }
+        return
+      end
+
+      # Check the body to be valid.
+      if request.body.nil? or request.body.size != length
+        response.start(400) { |head, out| out.write("Bad Request") }
+        return
+      end
+
+      info = client_info(request)
+
+      # All checks above passed through
+      response.start(200) do |head, out|
+        head["Content-Type"] = "text/xml; charset=utf-8"
+        begin
+          out.write(@xmlrpc_server.process(request.body, info))
+        rescue => detail
+          puts detail.backtrace
+          raise
+        end
+      end
+    end
+
+    private
+
+    def client_info(request)
+      params = request.params
+      ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
+      # JJM #906 The following dn.match regular expression is forgiving
+      # enough to match the two Distinguished Name string contents
+      # coming from Apache, Pound or other reverse SSL proxies.
+      if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        client = dn_matchdata[1].to_str
+        valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
+      else
+        begin
+          client = Resolv.getname(ip)
+        rescue => detail
+          Puppet.err "Could not resolve #{ip}: #{detail}"
+          client = "unknown"
+        end
+        valid = false
+      end
+
+      info = Puppet::Network::ClientRequest.new(client, ip, valid)
+
+      info
+    end
+
+    # Taken from XMLRPC::ParseContentType
+    def parse_content_type(str)
+      a, *b = str.split(";")
+      return a.strip, *b
+    end
+  end
+end

data/lib/puppet/provider/exec/posix.rb

@@ -4,9 +4,12 @@ Puppet::Type.type(:exec).provide :posix do
   confine :feature => :posix
   defaultfor :feature => :posix
 
-  desc "Execute external binaries directly, on POSIX systems.
-This does not pass through a shell, or perform any interpolation, but
-only directly calls the command with the arguments given."
+  desc <<-EOT
+    Executes external binaries directly, without passing through a shell or
+    performing any interpolation. This is a safer and more predictable way
+    to execute most commands, but prevents the use of globbing and shell
+    built-ins (including control logic like "for" and "if" statements).
+  EOT
 
   def run(command, check = false)
     output = nil

data/lib/puppet/provider/exec/shell.rb

@@ -3,8 +3,17 @@ Puppet::Type.type(:exec).provide :shell, :parent => :posix do
 
   confine :feature => :posix
 
-  desc "Execute external binaries directly, on POSIX systems.
-passing through a shell so that shell built ins are available."
+  desc <<-EOT
+    Passes the provided command through `/bin/sh`; only available on
+    POSIX systems. This allows the use of shell globbing and built-ins, and
+    does not require that the path to a command be fully-qualified. Although
+    this can be more convenient than the `posix` provider, it also means that
+    you need to be more careful with escaping; as ever, with great power comes
+    etc. etc.
+
+    This provider closely resembles the behavior of the `exec` type
+    in Puppet 0.25.x.
+  EOT
 
   def run(command, check = false)
     command = %Q{/bin/sh -c "#{command.gsub(/"/,'\"')}"}

data/lib/puppet/resource/catalog.rb

@@ -98,7 +98,7 @@ class Puppet::Resource::Catalog < Puppet::SimpleGraph
     resource.ref =~ /^(.+)\[/
     class_name = $1 || resource.class.name
 
-    newref = [class_name, key]
+    newref = [class_name, key].flatten
 
     if key.is_a? String
       ref_string = "#{class_name}[#{key}]"
@@ -111,7 +111,10 @@ class Puppet::Resource::Catalog < Puppet::SimpleGraph
     # isn't sufficient.
     if existing = @resource_table[newref]
       return if existing == resource
-      raise(ArgumentError, "Cannot alias #{resource.ref} to #{key.inspect}; resource #{newref.inspect} already exists")
+      resource_definition = " at #{resource.file}:#{resource.line}" if resource.file and resource.line
+      existing_definition = " at #{existing.file}:#{existing.line}" if existing.file and existing.line
+      msg = "Cannot alias #{resource.ref} to #{key.inspect}#{resource_definition}; resource #{newref.inspect} already defined#{existing_definition}"
+      raise ArgumentError, msg
     end
     @resource_table[newref] = resource
     @aliases[resource.ref] ||= []
@@ -377,7 +380,7 @@ class Puppet::Resource::Catalog < Puppet::SimpleGraph
       res = Puppet::Resource.new(nil, type)
     end
     title_key      = [res.type, res.title.to_s]
-    uniqueness_key = [res.type, res.uniqueness_key]
+    uniqueness_key = [res.type, res.uniqueness_key].flatten
     @resource_table[title_key] || @resource_table[uniqueness_key]
   end
 

data/lib/puppet/ssl/host.rb

@@ -151,6 +151,8 @@ class Puppet::SSL::Host
       # ...add our configured dns_alt_names
       if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
         options[:dns_alt_names] ||= Puppet[:dns_alt_names]
+      elsif Puppet::SSL::CertificateAuthority.ca? and fqdn = Facter.value(:fqdn) and domain = Facter.value(:domain)
+        options[:dns_alt_names] = "puppet, #{fqdn}, puppet.#{domain}"
       end
     end
 

data/lib/puppet/type/cron.rb

@@ -3,11 +3,12 @@ require 'facter'
 require 'puppet/util/filetype'
 
 Puppet::Type.newtype(:cron) do
-  @doc = "Installs and manages cron jobs.  All fields except the command
-    and the user are optional, although specifying no periodic
-    fields would result in the command being executed every
-    minute.  While the name of the cron job is not part of the actual
-    job, it is used by Puppet to store and retrieve it.
+  @doc = <<-EOT
+    Installs and manages cron jobs.  Every cron resource requires a command
+    and user attribute, as well as at least one periodic attribute (hour,
+    minute, month, monthday, weekday, or special).  While the name of the cron
+    job is not part of the actual job, it is used by Puppet to store and
+    retrieve it.
 
     If you specify a cron job that matches an existing job in every way
     except name, then the jobs will be considered equivalent and the
@@ -18,30 +19,30 @@ Puppet::Type.newtype(:cron) do
     Example:
 
         cron { logrotate:
-          command => \"/usr/sbin/logrotate\",
+          command => "/usr/sbin/logrotate",
           user => root,
           hour => 2,
           minute => 0
         }
 
-    Note that all cron values can be specified as an array of values:
+    Note that all periodic attributes can be specified as an array of values:
 
         cron { logrotate:
-          command => \"/usr/sbin/logrotate\",
+          command => "/usr/sbin/logrotate",
           user => root,
           hour => [2, 4]
         }
 
-    Or using ranges, or the step syntax `*/2` (although there's no guarantee that
-    your `cron` daemon supports it):
+    ...or using ranges or the step syntax `*/2` (although there's no guarantee
+    that your `cron` daemon supports these):
 
         cron { logrotate:
-          command => \"/usr/sbin/logrotate\",
+          command => "/usr/sbin/logrotate",
           user => root,
           hour => ['2-4'],
           minute => '*/10'
         }
-    "
+  EOT
   ensurable
 
   # A base class for all of the Cron parameters, since they all have

data/lib/puppet/type/file.rb

@@ -309,8 +309,8 @@ Puppet::Type.newtype(:file) do
     super(path.gsub(/\/+/, '/').sub(/\/$/, ''))
   end
 
-  def self.instances(base = '/')
-    return self.new(:name => base, :recurse => true, :recurselimit => 1, :audit => :all).recurse_local.values
+  def self.instances
+    return []
   end
 
   @depthfirst = false