puppet 2.7.11 → 2.7.12

data/lib/puppet/application.rb

@@ -119,7 +119,7 @@ class Application
   require 'puppet/util'
   include Puppet::Util
 
-  DOCPATTERN = File.expand_path(File.dirname(__FILE__) + "/util/command_line/*" )
+  DOCPATTERN = ::File.expand_path(::File.dirname(__FILE__) + "/util/command_line/*" )
 
   class << self
     include Puppet::Util
@@ -216,7 +216,7 @@ class Application
       klass = name.to_s.capitalize
 
       begin
-        require File.join('puppet', 'application', name.to_s.downcase)
+        require ::File.join('puppet', 'application', name.to_s.downcase)
       rescue LoadError => e
         puts "Unable to find application '#{name}'.  #{e}"
         Kernel::exit(1)
@@ -318,7 +318,10 @@ class Application
   end
 
   def setup
-    # Handle the logging settings
+    setup_logs
+  end
+
+  def setup_logs
     if options[:debug] or options[:verbose]
       Puppet::Util::Log.newdestination(:console)
       if options[:debug]
@@ -328,7 +331,7 @@ class Application
       end
     end
 
-    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
+    Puppet::Util::Log.setup_default unless options[:setdest]
   end
 
   def configure_indirector_routes

data/lib/puppet/application/agent.rb

@@ -27,6 +27,7 @@ class Puppet::Application::Agent < Puppet::Application
       :fqdn => nil,
       :serve => [],
       :digest => :MD5,
+      :graph => true,
       :fingerprint => false,
     }.each do |opt,val|
       options[opt] = val
@@ -39,12 +40,7 @@ class Puppet::Application::Agent < Puppet::Application
   end
 
   option("--centrallogging")
-
-  option("--disable [MESSAGE]") do |message|
-    options[:disable] = true
-    options[:disable_message] = message
-  end
-
+  option("--disable")
   option("--enable")
   option("--debug","-d")
   option("--fqdn FQDN","-f")
@@ -106,7 +102,7 @@ similar), or run interactively for testing purposes.
 USAGE
 -----
 puppet agent [--certname <name>] [-D|--daemonize|--no-daemonize]
-  [-d|--debug] [--detailed-exitcodes] [--digest <digest>] [--disable [message]] [--enable]
+  [-d|--debug] [--detailed-exitcodes] [--digest <digest>] [--disable] [--enable]
   [--fingerprint] [-h|--help] [-l|--logdest syslog|<file>|console]
   [--no-client] [--noop] [-o|--onetime] [--serve <handler>] [-t|--test]
   [-v|--verbose] [-V|--version] [-w|--waitforcert <seconds>]
@@ -210,9 +206,6 @@ configuration options can also be generated by running puppet agent with
   not want the central configuration to override the local state until
   everything is tested and committed.
 
-  Disable can also take an optional message that will be reported by the
-  'puppet agent' at the next disabled run.
-
   'puppet agent' uses the same lock file while it is running, so no more
   than one 'puppet agent' process is working at a time.
 
@@ -376,25 +369,11 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     options[:detailed_exitcodes] = true
   end
 
-  # Handle the logging settings.
-  def setup_logs
-    if options[:debug] or options[:verbose]
-      Puppet::Util::Log.newdestination(:console)
-      if options[:debug]
-        Puppet::Util::Log.level = :debug
-      else
-        Puppet::Util::Log.level = :info
-      end
-    end
-
-    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
-  end
-
   def enable_disable_client(agent)
     if options[:enable]
       agent.enable
     elsif options[:disable]
-      agent.disable(options[:disable_message] || 'reason not specified')
+      agent.disable
     end
     exit(0)
   end

data/lib/puppet/application/apply.rb

@@ -154,7 +154,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     if options[:catalog] == "-"
       text = $stdin.read
     else
-      text = File.read(options[:catalog])
+      text = ::File.read(options[:catalog])
     end
 
     begin
@@ -177,7 +177,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
       Puppet[:code] = options[:code] || STDIN.read
     else
       manifest = command_line.args.shift
-      raise "Could not find file #{manifest}" unless File.exist?(manifest)
+      raise "Could not find file #{manifest}" unless ::File.exist?(manifest)
       Puppet.warning("Only one file can be applied per run.  Skipping #{command_line.args.join(', ')}") if command_line.args.size > 0
       Puppet[:manifest] = manifest
     end
@@ -208,7 +208,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
           $stderr.puts "#{file} is not readable"
           exit(63)
         end
-        node.classes = File.read(file).split(/[\s\n]+/)
+        node.classes = ::File.read(file).split(/[\s\n]+/)
       end
     end
 

data/lib/puppet/application/device.rb

@@ -171,8 +171,8 @@ Licensed under the Apache 2.0 License
         Puppet.info "starting applying configuration to #{device.name} at #{device.url}"
 
         # override local $vardir and $certname
-        Puppet.settings.set_value(:confdir, File.join(Puppet[:devicedir], device.name), :cli)
-        Puppet.settings.set_value(:vardir, File.join(Puppet[:devicedir], device.name), :cli)
+        Puppet.settings.set_value(:confdir, ::File.join(Puppet[:devicedir], device.name), :cli)
+        Puppet.settings.set_value(:vardir, ::File.join(Puppet[:devicedir], device.name), :cli)
         Puppet.settings.set_value(:certname, device.name, :cli)
 
         # this will reload and recompute default settings and create the devices sub vardir, or we hope so :-)
@@ -201,20 +201,6 @@ Licensed under the Apache 2.0 License
     end
   end
 
-  # Handle the logging settings.
-  def setup_logs
-    if options[:debug] or options[:verbose]
-      Puppet::Util::Log.newdestination(:console)
-      if options[:debug]
-        Puppet::Util::Log.level = :debug
-      else
-        Puppet::Util::Log.level = :info
-      end
-    end
-
-    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
-  end
-
   def setup_host
     @host = Puppet::SSL::Host.new
     waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : 120)

data/lib/puppet/application/doc.rb

@@ -167,7 +167,7 @@ HELP
     unless @manifest
       env = Puppet::Node::Environment.new
       files += env.modulepath
-      files << File.dirname(env[:manifest])
+      files << ::File.dirname(env[:manifest])
     end
     files += command_line.args
     Puppet.info "scanning: #{files.inspect}"
@@ -252,7 +252,7 @@ HELP
       @unknown_args.each do |option|
         # force absolute path for modulepath when passed on commandline
         if option[:opt]=="--modulepath" or option[:opt] == "--manifestdir"
-          option[:arg] = option[:arg].split(File::PATH_SEPARATOR).collect { |p| File.expand_path(p) }.join(File::PATH_SEPARATOR)
+          option[:arg] = option[:arg].split(::File::PATH_SEPARATOR).collect { |p| ::File.expand_path(p) }.join(::File::PATH_SEPARATOR)
         end
         Puppet.settings.handlearg(option[:opt], option[:arg])
       end

data/lib/puppet/application/face_base.rb

@@ -37,10 +37,17 @@ class Puppet::Application::FaceBase < Puppet::Application
     @render_as or raise ArgumentError, "I don't know how to render '#{format}'"
   end
 
-  def render(result)
-    # Invoke the rendering hook supplied by the user, if appropriate.
-    if hook = action.when_rendering(render_as.name)
-      result = hook.call(result)
+  def render(result, args_and_options)
+    hook = action.when_rendering(render_as.name)
+
+    if hook
+      # when defining when_rendering on your action you can optionally
+      # include arguments and options
+      if hook.arity > 1
+        result = hook.call(result, *args_and_options)
+      else
+        result = hook.call(result)
+      end
     end
 
     render_as.render(result)
@@ -233,9 +240,19 @@ class Puppet::Application::FaceBase < Puppet::Application
     end
 
     result = @face.send(@action.name, *arguments)
-    puts render(result) unless result.nil?
+    puts render(result, arguments) unless result.nil?
     status = true
 
+  # We need an easy way for the action to set a specific exit code, so we
+  # rescue SystemExit here; This allows each action to set the desired exit
+  # code by simply calling Kernel::exit.  eg:
+  #
+  #   exit(2)
+  #
+  # --kelsey 2012-02-14
+  rescue SystemExit => detail
+    status = detail.status
+
   rescue Exception => detail
     puts detail.backtrace if Puppet[:trace]
     Puppet.err detail.to_s

data/lib/puppet/application/filebucket.rb

@@ -128,6 +128,8 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
   end
 
   def backup
+    raise "You must specify a file to back up" unless args.length > 0
+
     args.each do |file|
       unless FileTest.exists?(file)
         $stderr.puts "#{file}: no such file"

data/lib/puppet/application/inspect.rb

@@ -118,6 +118,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
       end
 
       @report.configuration_version = catalog.version
+      @report.environment = Puppet[:environment]
 
       inspect_starttime = Time.now
       @report.add_times("config_retrieval", inspect_starttime - retrieval_starttime)
@@ -164,7 +165,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
         end
         if Puppet[:archive_files] and ral_resource.type == :file and audited_attributes.include?(:content)
           path = ral_resource[:path]
-          if File.readable?(path)
+          if ::File.readable?(path)
             begin
               dipper.backup(path)
             rescue StandardError => detail

data/lib/puppet/application/kick.rb

@@ -76,16 +76,30 @@ copy things like LDAP settings.
 
 USAGE NOTES
 -----------
-Puppet kick is useless unless puppet agent is listening for incoming
-connections and allowing access to the `run` endpoint. This entails
-starting the agent with `listen = true` in its puppet.conf file, and
-allowing access to the `/run` path in its auth.conf file; see
-`http://docs.puppetlabs.com/guides/rest_auth_conf.html` for more
-details.
+Puppet kick needs the puppet agent on the target machine to be running as a
+daemon, be configured to listen for incoming network connections, and have an
+appropriate security configuration.
 
-Additionally, due to a known bug, you must make sure a
-namespaceauth.conf file exists in puppet agent's $confdir. This file
-will not be consulted, and may be left empty.  
+The specific changes required are:
+
+* Set `listen = true` in the agent's `puppet.conf` file (or `--listen` on the
+  command line)
+* Configure the node's firewall to allow incoming connections on port 8139
+* Insert the following stanza at the top of the node's `auth.conf` file:
+
+        # Allow puppet kick access
+        path    /run
+        method  save
+        auth    any
+        allow   workstation.example.com
+
+This example would allow the machine `workstation.example.com` to trigger a
+Puppet run; adjust the "allow" directive to suit your site. You may also use
+`allow *` to allow anyone to trigger a Puppet run, but that makes it possible
+to interfere with your site by triggering excessive Puppet runs.
+
+See `http://docs.puppetlabs.com/guides/rest_auth_conf.html` for more details
+about security settings.
 
 OPTIONS
 -------
@@ -287,6 +301,8 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
   end
 
   def setup
+    raise Puppet::Error.new("Puppet kick is not supported on Microsoft Windows") if Puppet.features.microsoft_windows?
+
     if options[:debug]
       Puppet::Util::Log.level = :debug
     else

data/lib/puppet/application/queue.rb

@@ -118,16 +118,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     end
   end
 
-  option("--logdest DEST", "-l DEST") do |arg|
-    begin
-      Puppet::Util::Log.newdestination(arg)
-      options[:setdest] = true
-    rescue => detail
-      puts detail.backtrace if Puppet[:debug]
-      $stderr.puts detail.to_s
-    end
-  end
-
   def main
     require 'puppet/indirector/catalog/queue' # provides Puppet::Indirector::Queue.subscribe
     Puppet.notice "Starting puppetqd #{Puppet.version}"
@@ -148,19 +138,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     Thread.list.each { |thread| thread.join }
   end
 
-  # Handle the logging settings.
-  def setup_logs
-    if options[:debug] or options[:verbose]
-      Puppet::Util::Log.newdestination(:console)
-      if options[:debug]
-        Puppet::Util::Log.level = :debug
-      else
-        Puppet::Util::Log.level = :info
-      end
-    end
-    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
-  end
-
   def setup
     unless Puppet.features.stomp?
       raise ArgumentError, "Could not load the 'stomp' library, which must be present for queueing to work.  You must install the required library."

data/lib/puppet/configurer.rb

@@ -116,6 +116,7 @@ class Puppet::Configurer
 
     report = options[:report]
     report.configuration_version = catalog.version
+    report.environment = Puppet[:environment]
 
     benchmark(:notice, "Finished catalog run") do
       catalog.apply(options)

data/lib/puppet/configurer/downloader.rb

@@ -71,12 +71,16 @@ class Puppet::Configurer::Downloader
       :recurse => true,
       :source => source,
       :tag => name,
-      :owner => Puppet.features.microsoft_windows? ? Sys::Admin.get_login : Process.uid,
-      :group => Puppet.features.microsoft_windows? ? 'S-1-0-0' : Process.gid,
       :purge => true,
       :force => true,
       :backup => false,
       :noop => false
-    }
+    }.merge(
+      Puppet.features.microsoft_windows? ? {} :
+      {
+        :owner => Process.uid,
+        :group => Process.gid
+      }
+    )
   end
 end

data/lib/puppet/defaults.rb

@@ -1,10 +1,10 @@
-# The majority of the system configuration parameters are set in this file.
+# The majority of Puppet's configuration settings are set in this file.
 module Puppet
   setdefaults(:main,
-    :confdir => [Puppet.run_mode.conf_dir, "The main Puppet configuration directory.  The default for this parameter is calculated based on the user.  If the process
+    :confdir => [Puppet.run_mode.conf_dir, "The main Puppet configuration directory.  The default for this setting is calculated based on the user.  If the process
     is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user,
     it defaults to being in the user's home directory."],
-    :vardir => [Puppet.run_mode.var_dir, "Where Puppet stores dynamic and growing data.  The default for this parameter is calculated specially, like `confdir`_."],
+    :vardir => [Puppet.run_mode.var_dir, "Where Puppet stores dynamic and growing data.  The default for this setting is calculated specially, like `confdir`_."],
     :name => [Puppet.application_name.to_s, "The name of the application, if we are running as one.  The
       default is essentially $0 without the path or `.rb`."],
     :run_mode => [Puppet.run_mode.name.to_s, "The effective 'run mode' of the application: master, agent, or user."]
@@ -42,18 +42,16 @@ module Puppet
       sense when used interactively.  Takes into account arguments specified
       on the CLI."],
     :configprint => ["",
-      "Print the value of a specific configuration parameter.  If a
-      parameter is provided for this, then the value is printed and puppet
+      "Print the value of a specific configuration setting.  If the name of a
+      setting is provided for this, then the value is printed and puppet
       exits.  Comma-separate multiple values.  For a list of all values,
-      specify 'all'.  This feature is only available in Puppet versions
-      higher than 0.18.4."],
+      specify 'all'."],
     :color => {
       :default => (Puppet.features.microsoft_windows? ? "false" : "ansi"),
       :type    => :setting,
-      :desc    => "Whether to use colors when logging to the console.
-      Valid values are `ansi` (equivalent to `true`), `html` (mostly
-      used during testing with TextMate), and `false`, which produces
-      no color.",
+      :desc    => "Whether to use colors when logging to the console.  Valid values are
+      `ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
+      Defaults to false on Windows, as its console does not support ansi colors.",
     },
     :mkusers => [false,
       "Whether to create the necessary user and group that puppet agent will
@@ -94,9 +92,9 @@ module Puppet
         $LOAD_PATH << value
       end
     },
-    :ignoreimport => [false, "A parameter that can be used in commit
-      hooks, since it enables you to parse-check a single file rather
-      than requiring that all files exist."],
+    :ignoreimport => [false, "If true, allows the parser to continue without requiring
+      all files referenced with `import` statements to exist. This setting was primarily
+      designed for use with commit hooks for parse-checking."],
     :authconfig => [ "$confdir/namespaceauth.conf",
       "The configuration file that defines the rights to the different
       namespaces and methods.  This can be used as a coarse-grained
@@ -107,15 +105,22 @@ module Puppet
       is used to find modules and much more.  For servers (i.e., `puppet master`) this provides the default environment for nodes
       we know nothing about."
     },
-    :diff_args => ["-u", "Which arguments to pass to the diff command when printing differences between files."],
-    :diff => ["diff", "Which diff command to use when printing differences between files."],
+    :diff_args => ["-u", "Which arguments to pass to the diff command when printing differences between
+      files. The command to use can be chosen with the `diff` setting."],
+    :diff => {
+      :default => (Puppet.features.microsoft_windows? ? "" : "diff"),
+      :desc    => "Which diff command to use when printing differences between files. This setting
+        has no default value on Windows, as standard `diff` is not available, but Puppet can use many
+        third-party diff tools.",
+    },
     :show_diff => [false, "Whether to log and report a contextual diff when files are being replaced.  This causes
       partial file contents to pass through Puppet's normal logging and reporting system, so this setting should be
       used with caution if you are sending Puppet's reports to an insecure destination.
       This feature currently requires the `diff/lcs` Ruby library."],
     :daemonize => {
       :default => (Puppet.features.microsoft_windows? ? false : true),
-      :desc => "Send the process into the background.  This is the default.",
+      :desc => "Whether to send the process into the background.  This defaults to true on POSIX systems,
+        and to false on Windows (where Puppet currently cannot daemonize).",
       :short => "D",
       :hook => proc do |value|
         if value and Puppet.features.microsoft_windows?
@@ -421,17 +426,17 @@ EOT
         uses that configuration file to determine which keys to sign."},
     :allow_duplicate_certs => [false, "Whether to allow a new certificate
       request to overwrite an existing certificate."],
-    :ca_days => ["", "How long a certificate should be valid.
-      This parameter is deprecated, use ca_ttl instead"],
+    :ca_days => ["", "How long a certificate should be valid, in days.
+      This setting is deprecated; use `ca_ttl` instead"],
     :ca_ttl => ["5y", "The default TTL for new certificates; valid values
       must be an integer, optionally followed by one of the units
       'y' (years of 365 days), 'd' (days), 'h' (hours), or
-      's' (seconds). The unit defaults to seconds. If this parameter
+      's' (seconds). The unit defaults to seconds. If this setting
       is set, ca_days is ignored. Examples are '3600' (one hour)
       and '1825d', which is the same as '5y' (5 years) "],
     :ca_md => ["md5", "The type of hash used in certificates."],
-    :req_bits => [2048, "The bit length of the certificates."],
-    :keylength => [1024, "The bit length of keys."],
+    :req_bits => [4096, "The bit length of the certificates."],
+    :keylength => [4096, "The bit length of keys."],
     :cert_inventory => {
       :default => "$cadir/inventory.txt",
       :mode => 0644,
@@ -504,7 +509,7 @@ EOT
     :ca => [true, "Wether the master should function as a certificate authority."],
     :modulepath => {
       :default => "$confdir/modules#{File::PATH_SEPARATOR}/usr/share/puppet/modules",
-      :desc => "The search path for modules as a list of directories separated by the '#{File::PATH_SEPARATOR}' character.",
+      :desc => "The search path for modules, as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)",
       :type => :setting # We don't want this to be considered a file, since it's multiple files.
     },
     :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated
@@ -755,7 +760,7 @@ EOT
     :main,
     :factpath => {:default => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts",
       :desc => "Where Puppet should look for facts.  Multiple directories should
-        be colon-separated, like normal PATH variables.",
+        be separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)",
 
       :call_on_define => true, # Call our hook with the default value, so we always get the value added to facter.
       :type => :setting, # Don't consider it a file, because it could be multiple colon-separated files
@@ -841,10 +846,10 @@ EOT
     :main,
     :external_nodes => ["none",
 
-      "An external command that can produce node information.  The output
-      must be a YAML dump of a hash, and that hash must have one or both of
-      `classes` and `parameters`, where `classes` is an array and
-      `parameters` is a hash.  For unknown nodes, the commands should
+      "An external command that can produce node information.  The command's output
+      must be a YAML dump of a hash, and that hash must have a `classes` key and/or
+      a `parameters` key, where `classes` is an array or hash and
+      `parameters` is a hash.  For unknown nodes, the command should
       exit with a non-zero exit code.
 
       This command makes it straightforward to store your node mapping
@@ -936,7 +941,7 @@ database from within the Puppet Master process."
 
     :lexical => [false, "Whether to use lexical scoping (vs. dynamic)."],
     :templatedir => ["$vardir/templates",
-      "Where Puppet looks for template files.  Can be a list of colon-seperated
+      "Where Puppet looks for template files.  Can be a list of colon-separated
       directories."
     ]
   )