puppet 2.7.18 → 2.7.19

data/Rakefile

@@ -2,14 +2,30 @@
 
 $LOAD_PATH << File.join(File.dirname(__FILE__), 'tasks')
 
+begin
+  require 'rubygems'
+  require 'rubygems/package_task'
+rescue LoadError
+  # Users of older versions of Rake (0.8.7 for example) will not necessarily
+  # have rubygems installed, or the newer rubygems package_task for that
+  # matter.
+  require 'rake/packagetask'
+  require 'rake/gempackagetask'
+end
+
 require 'rake'
-require 'rake/packagetask'
-require 'rake/gempackagetask'
 require 'rspec'
 require "rspec/core/rake_task"
 
+
 module Puppet
-    PUPPETVERSION = File.read('lib/puppet.rb')[/PUPPETVERSION *= *'(.*)'/,1] or fail "Couldn't find PUPPETVERSION"
+    %x{which git &> /dev/null}
+    if $?.success? and File.exist?('.git')
+        # remove the git hash from git describe string
+        PUPPETVERSION=%x{git describe}.chomp.gsub('-','.').split('.')[0..3].join('.')
+    else
+        PUPPETVERSION=File.read('lib/puppet.rb')[/PUPPETVERSION *= *'(.*)'/,1] or fail "Couldn't find PUPPETVERSION"
+    end
 end
 
 Dir['tasks/**/*.rake'].each { |t| load t }

data/conf/osx/createpackage.sh

@@ -53,6 +53,7 @@ function install_puppet() {
   "${installer}" --destdir="${pkgroot}" --bindir="${BINDIR}" --sbindir="${SBINDIR}" --sitelibdir="${SITELIBDIR}"
   mkdir -p ${pkgroot}/var/lib/puppet
   chown -R root:admin "${pkgroot}"
+  chmod -R go-w "${pkgroot}"
 }
 
 function install_docs() {
@@ -107,7 +108,8 @@ function create_package() {
   rm -fr "$(pwd)/puppet-${puppet_version}.pkg"
   echo "Building package"
   echo "Note that packagemaker is reknowned for spurious errors. Don't panic."
-  "${PACKAGEMAKER}" --root "${pkgroot}" \
+  "${PACKAGEMAKER}" --verbose --no-recommend --no-relocate \
+                    --root "${pkgroot}" \
                     --info "${pkgtemp}/${PROTO_PLIST}" \
                     --scripts ${pkgtemp}/scripts \
                     --out "$(pwd)/puppet-${puppet_version}.pkg"

data/conf/redhat/logrotate

@@ -4,7 +4,7 @@
   create 0644 puppet puppet
   sharedscripts
   postrotate
-    [ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster condrestart >/dev/null 2>&1 || true
+    pkill -USR2 -u puppet -f /usr/sbin/puppetmasterd || true
     [ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true
   endscript
 }

data/conf/redhat/puppet.spec

@@ -1,20 +1,28 @@
 # Augeas and SELinux requirements may be disabled at build time by passing
 # --without augeas and/or --without selinux to rpmbuild or mock
 
-%{!?ruby_sitelibdir: %global ruby_sitelibdir %(ruby -rrbconfig -e 'puts Config::CONFIG["sitelibdir"]')}
+# Fedora 17 ships with Ruby 1.9, which uses vendorlibdir instead of
+# sitelibdir. Adjust our target if installing on f17.
+%if 0%{?fedora} >= 17
+%global puppet_libdir   %(ruby -rrbconfig -e 'puts RbConfig::CONFIG["vendorlibdir"]')
+%else
+%global puppet_libdir   %(ruby -rrbconfig -e 'puts RbConfig::CONFIG["sitelibdir"]')
+%endif
+
 %global confdir conf/redhat
 
 Name:           puppet
-Version:        2.7.18
-#Release:        0.1rc1.2%{?dist}
+Version:        2.7.19
+#Release:        0.1rc3%{?dist}
 Release:        1%{?dist}
+Vendor:         %{?_host_vendor}
 Summary:        A network tool for managing many disparate systems
 License:        ASL 2.0
 URL:            http://puppetlabs.com
 Source0:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}.tar.gz
-#Source0:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc1.tar.gz
+#Source0:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc3.tar.gz
 Source1:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}.tar.gz.asc
-#Source1:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc1.tar.gz.asc
+#Source1:        http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc3.tar.gz.asc
 
 Group:          System Environment/Base
 
@@ -67,7 +75,7 @@ The server can also function as a certificate authority and file server.
 
 %prep
 %setup -q -n %{name}-%{version}
-#%setup -q -n %{name}-%{version}rc1
+#%setup -q -n %{name}-%{version}rc3
 patch -s -p1 < conf/redhat/rundir-perms.patch
 
 
@@ -91,7 +99,7 @@ mv conf/puppet-queue.conf examples/etc/puppet/
 
 %install
 rm -rf %{buildroot}
-ruby install.rb --destdir=%{buildroot} --quick --no-rdoc
+ruby install.rb --destdir=%{buildroot} --quick --no-rdoc --sitelibdir=%{puppet_libdir}
 
 install -d -m0755 %{buildroot}%{_sysconfdir}/puppet/manifests
 install -d -m0755 %{buildroot}%{_datadir}/%{name}/modules
@@ -136,6 +144,9 @@ echo "D /var/run/%{name} 0755 %{name} %{name} -" > \
     %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf
 %endif
 
+# Create puppet modules directory for puppet module tool
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}/modules
+
 %files
 %defattr(-, root, root, 0755)
 %doc CHANGELOG LICENSE README.md examples
@@ -146,9 +157,10 @@ echo "D /var/run/%{name} 0755 %{name} %{name} -" > \
 %{_bindir}/puppetdoc
 %{_sbindir}/puppetca
 %{_sbindir}/puppetd
-%{ruby_sitelibdir}/*
+%{puppet_libdir}/*
 %{_initrddir}/puppet
 %dir %{_sysconfdir}/puppet
+%dir %{_sysconfdir}/%{name}/modules
 %if 0%{?fedora} >= 15
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
 %endif
@@ -289,6 +301,21 @@ fi
 rm -rf %{buildroot}
 
 %changelog
+* Tue Aug 21 2012 Moses Mendoza <moses@puppetlabs.com> - 2.7.19-1
+- Update for 2.7.19
+
+* Tue Aug 14 2012 Moses Mendoza <moses@puppetlabs.com> - 2.7.19-0.1rc3
+- Update for 2.7.19rc3
+
+* Tue Aug 7 2012 Moses Mendoza <moses@puppetlabs.com> - 2.7.19-0.1rc2
+- Update for 2.7.19rc2
+
+* Wed Aug 1 2012 Moses Mendoza <moses@puppetlabs.com> - 2.7.19-0.1rc1
+- Update for 2.7.19rc1
+
+* Wed Jul 11 2012 William Hopper <whopper@puppetlabs.com> - 2.7.18-2
+- (#15221) Create /etc/puppet/modules for puppet module tool
+
 * Mon Jul 9 2012 Moses Mendoza <moses@puppetlabs.com> - 2.7.18-1
 - Update for 2.7.18
 

data/lib/puppet.rb

@@ -24,7 +24,7 @@ require 'puppet/util/run_mode'
 # it's also a place to find top-level commands like 'debug'
 
 module Puppet
-  PUPPETVERSION = '2.7.18'
+  PUPPETVERSION = '2.7.19'
 
   def Puppet.version
     PUPPETVERSION

data/lib/puppet/application/agent.rb

@@ -293,6 +293,8 @@ Puppet agent accepts the following signals:
   Shut down the puppet agent daemon.
 * SIGUSR1:
   Immediately retrieve and apply configurations from the puppet master.
+* SIGUSR2:
+  Close file descriptors for log files and reopen them. Used with logrotate.
 
 AUTHOR
 ------

data/lib/puppet/application/master.rb

@@ -112,6 +112,8 @@ following signals:
   Restart the puppet master server.
 * SIGINT and SIGTERM:
   Shut down the puppet master server.
+* SIGUSR2:
+  Close file descriptors for log files and reopen them. Used with logrotate.
 
 AUTHOR
 ------

data/lib/puppet/configurer.rb

@@ -180,9 +180,8 @@ class Puppet::Configurer
 
   def save_last_run_summary(report)
     mode = Puppet.settings.setting(:lastrunfile).mode
-    Puppet::Util::FileLocking.writelock(Puppet[:lastrunfile]) do |file|
-      file.chmod(mode)
-      file.print YAML.dump(report.raw_summary)
+    Puppet::Util.replace_file(Puppet[:lastrunfile], mode) do |fh|
+      fh.print YAML.dump(report.raw_summary)
     end
   rescue => detail
     puts detail.backtrace if Puppet[:trace]

data/lib/puppet/defaults.rb

@@ -180,9 +180,10 @@ module Puppet
       end
     },
     :thin_storeconfigs => {:default => false, :desc =>
-      "Boolean; wether storeconfigs store in the database only the facts and exported resources.
-      If true, then storeconfigs performance will be higher and still allow exported/collected
-      resources, but other usage external to Puppet might not work",
+      "Boolean; whether Puppet should store only facts and exported resources in the storeconfigs
+      database. This will improve the performance of exported resources with the older
+      `active_record` backend, but will disable external tools that search the storeconfigs database.
+      Thinning catalogs is generally unnecessary when using PuppetDB to store catalogs.",
       :hook => proc do |value|
         Puppet.settings[:storeconfigs] = true if value
         end
@@ -505,7 +506,7 @@ EOT
       rest indirections.  This can be used as a fine-grained
       authorization system for `puppet master`."
     ],
-    :ca => [true, "Wether the master should function as a certificate authority."],
+    :ca => [true, "Whether the master should function as a certificate authority."],
     :modulepath => {
       :default => "$confdir/modules#{File::PATH_SEPARATOR}/usr/share/puppet/modules",
       :desc => "The search path for modules, as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)",
@@ -713,7 +714,7 @@ EOT
       "Whether to send reports after every transaction."
     ],
     :lastrunfile =>  { :default => "$statedir/last_run_summary.yaml",
-      :mode => 0640,
+      :mode => 0644,
       :desc => "Where puppet agent stores the last run report summary in yaml format."
     },
     :lastrunreport =>  { :default => "$statedir/last_run_report.yaml",

data/lib/puppet/face/module/install.rb

@@ -147,13 +147,14 @@ Puppet::Face.define(:module, '1.0.0') do
 
     when_invoked do |name, options|
       sep = File::PATH_SEPARATOR
+
       if options[:target_dir]
-        options[:target_dir] = File.expand_path(options[:target_dir])
         options[:modulepath] = "#{options[:target_dir]}#{sep}#{options[:modulepath]}"
       end
 
       Puppet.settings[:modulepath] = options[:modulepath]
       options[:target_dir] = Puppet.settings[:modulepath].split(sep).first
+      options[:target_dir] = File.expand_path(options[:target_dir])
 
       Puppet.notice "Preparing to install into #{options[:target_dir]} ..."
       Puppet::ModuleTool::Applications::Installer.run(name, options)

data/lib/puppet/file_bucket/dipper.rb

@@ -1,3 +1,4 @@
+require 'pathname'
 require 'puppet/file_bucket'
 require 'puppet/file_bucket/file'
 require 'puppet/indirector/request'
@@ -99,7 +100,6 @@ class Puppet::FileBucket::Dipper
 
   private
   def absolutize_path( path )
-    require 'pathname'
     Pathname.new(path).realpath
   end
 

data/lib/puppet/indirector/file_content.rb

@@ -1,5 +1,5 @@
-require 'puppet/file_serving/content'
-
 # A stub class, so our constants work.
 class Puppet::Indirector::FileContent # :nodoc:
 end
+
+require 'puppet/file_serving/content'

data/lib/puppet/indirector/file_metadata.rb

@@ -1,5 +1,5 @@
-require 'puppet/file_serving/metadata'
-
 # A stub class, so our constants work.
 class Puppet::Indirector::FileMetadata # :nodoc:
 end
+
+require 'puppet/file_serving/metadata'

data/lib/puppet/indirector/indirection.rb

@@ -10,6 +10,9 @@ class Puppet::Indirector::Indirection
   include Puppet::Util::Docs
   extend Puppet::Util::Instrumentation::Instrumentable
 
+  attr_accessor :name, :model
+  attr_reader :termini
+
   probe :find, :label => Proc.new { |parent, key, *args| "find_#{parent.name}_#{parent.terminus_class}" }, :data => Proc.new { |parent, key, *args| { :key => key }}
   probe :save, :label => Proc.new { |parent, key, *args| "save_#{parent.name}_#{parent.terminus_class}" }, :data => Proc.new { |parent, key, *args| { :key => key }}
   probe :search, :label => Proc.new { |parent, key, *args| "search_#{parent.name}_#{parent.terminus_class}" }, :data => Proc.new { |parent, key, *args| { :key => key }}
@@ -36,10 +39,6 @@ class Puppet::Indirector::Indirection
     match.model
   end
 
-  attr_accessor :name, :model
-
-  attr_reader :termini
-
   # Create and return our cache terminus.
   def cache
     raise(Puppet::DevError, "Tried to cache when no cache class was set") unless cache_class

data/lib/puppet/indirector/rest.rb

@@ -80,21 +80,27 @@ class Puppet::Indirector::REST < Puppet::Indirector::Terminus
   def http_request(method, request, *args)
     http_connection = network(request)
     peer_certs = []
+    verify_errors = []
 
-    # We add the callback to collect the certificates for use in constructing
-    # the error message if the verification failed.  This is necessary since we
-    # don't have direct access to the cert that we expected the connection to
-    # use otherwise.
-    #
     http_connection.verify_callback = proc do |preverify_ok, ssl_context|
+      # We use the callback to collect the certificates for use in constructing
+      # the error message if the verification failed.  This is necessary since we
+      # don't have direct access to the cert that we expected the connection to
+      # use otherwise.
       peer_certs << Puppet::SSL::Certificate.from_s(ssl_context.current_cert.to_pem)
+      # And also keep the detailed verification error if such an error occurs
+      if ssl_context.error_string and not preverify_ok
+        verify_errors << "#{ssl_context.error_string} for #{ssl_context.current_cert.subject}"
+      end
       preverify_ok
     end
 
     http_connection.send(method, *args)
   rescue OpenSSL::SSL::SSLError => error
     if error.message.include? "certificate verify failed"
-      raise Puppet::Error, "#{error.message}.  This is often because the time is out of sync on the server or client"
+      msg = error.message
+      msg << ": [" + verify_errors.join('; ') + "]"
+      raise Puppet::Error, msg
     elsif error.message =~ /hostname (was )?not match/
       raise unless cert = peer_certs.find { |c| c.name !~ /^puppet ca/i }
 

data/lib/puppet/interface/action_manager.rb

@@ -1,11 +1,10 @@
 require 'puppet/interface/action'
+require 'puppet/interface/action_builder'
 
 module Puppet::Interface::ActionManager
   # Declare that this app can take a specific action, and provide
   # the code to do so.
   def action(name, &block)
-    require 'puppet/interface/action_builder'
-
     @actions ||= {}
     raise "Action #{name} already defined for #{self}" if action?(name)
 

data/lib/puppet/module_tool/applications/unpacker.rb

@@ -21,16 +21,35 @@ module Puppet::ModuleTool
         @module_dir
       end
 
+      # Obtain a suitable temporary path for building and unpacking tarballs
+      #
+      # @return [Pathname] path to temporary build location
+      def build_dir
+        Puppet::Forge::Cache.base_path + "tmp-unpacker-#{Digest::SHA1.hexdigest(@filename.basename.to_s)}"
+      end
+
       private
       def extract_module_to_install_dir
         delete_existing_installation_or_abort!
 
-        build_dir = Puppet::Forge::Cache.base_path + "tmp-unpacker-#{Digest::SHA1.hexdigest(@filename.basename.to_s)}"
         build_dir.mkpath
         begin
-          unless system "tar xzf #{@filename} -C #{build_dir}"
-            raise RuntimeError, "Could not extract contents of module archive."
+          begin
+            if Facter.value('operatingsystem') == "Solaris"
+              # Solaris tar is not as safe and works differently, so we prefer
+              # gnutar instead.
+              if Puppet::Util.which('gtar')
+                Puppet::Util.execute("gtar xzf #{@filename} -C #{build_dir}")
+              else
+                raise RuntimeError, "Cannot find the command 'gtar'. Make sure GNU tar is installed, and is in your PATH."
+              end
+            else
+              Puppet::Util.execute("tar xzf #{@filename} -C #{build_dir}")
+            end
+          rescue Puppet::ExecutionFailure => e
+            raise RuntimeError, "Could not extract contents of module archive: #{e.message}"
           end
+
           # grab the first directory
           extracted = build_dir.children.detect { |c| c.directory? }
           FileUtils.mv extracted, @module_dir

data/lib/puppet/network/handler/fileserver.rb

@@ -645,9 +645,9 @@ class Puppet::Network::Handler
         nil
       end
 
+      require 'puppet/file_serving'
+      require 'puppet/file_serving/fileset'
       def reclist(abspath, recurse, ignore)
-        require 'puppet/file_serving'
-        require 'puppet/file_serving/fileset'
         if recurse.is_a?(Fixnum)
           args = { :recurse => true, :recurselimit => recurse, :links => :follow }
         else

data/lib/puppet/parser/ast/resource.rb

@@ -32,14 +32,21 @@ class Resource < AST::Branch
       resource_titles = instance.title.safeevaluate(scope)
 
       # it's easier to always use an array, even for only one name
-      resource_titles = [resource_titles] unless resource_titles.is_a?(Array)
+      resource_titles = [resource_titles].flatten.collect do |title|
+        case title
+        when ::String, ::Numeric, ::Symbol, true, false
+          title.to_s
+        else
+          raise Puppet::ParseError, "Resource title must be a String, not #{title.class}"
+        end
+      end
 
       fully_qualified_type, resource_titles = scope.resolve_type_and_titles(type, resource_titles)
 
       # Second level of implicit iteration; build a resource for each
       # title.  This handles things like:
       # file { ['/foo', '/bar']: owner => blah }
-      resource_titles.flatten.collect { |resource_title|
+      resource_titles.collect { |resource_title|
         exceptwrap :type => Puppet::ParseError do
           resource = Puppet::Parser::Resource.new(
             fully_qualified_type, resource_title,

data/lib/puppet/parser/functions/fqdn_rand.rb

@@ -1,3 +1,5 @@
+require 'digest/md5'
+
 Puppet::Parser::Functions::newfunction(:fqdn_rand, :type => :rvalue, :doc =>
   "Generates random numbers based on the node's fqdn. Generated random values
   will be a range from 0 up to and excluding n, where n is the first parameter.
@@ -5,7 +7,6 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :type => :rvalue, :doc =>
 
       $random_number = fqdn_rand(30)
       $random_number_seed = fqdn_rand(30,30)") do |args|
-    require 'digest/md5'
     max = args.shift
     srand(Digest::MD5.hexdigest([lookupvar('::fqdn'),args].join(':')).hex)
     rand(max).to_s

data/lib/puppet/parser/functions/md5.rb

@@ -1,5 +1,5 @@
-Puppet::Parser::Functions::newfunction(:md5, :type => :rvalue, :doc => "Returns a MD5 hash value from a provided string.") do |args|
-      require 'md5'
+require 'digest/md5'
 
+Puppet::Parser::Functions::newfunction(:md5, :type => :rvalue, :doc => "Returns a MD5 hash value from a provided string.") do |args|
       Digest::MD5.hexdigest(args[0])
 end