puppet 2.7.6 → 2.7.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +168 -0
- data/conf/auth.conf +5 -4
- data/conf/redhat/puppet.spec +16 -1
- data/conf/solaris/pkginfo +2 -2
- data/conf/suse/puppet.spec +9 -3
- data/ext/upload_facts.rb +120 -0
- data/install.rb +11 -16
- data/lib/puppet.rb +1 -1
- data/lib/puppet/application/agent.rb +0 -3
- data/lib/puppet/application/apply.rb +0 -3
- data/lib/puppet/application/queue.rb +21 -1
- data/lib/puppet/defaults.rb +6 -4
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/feature/base.rb +2 -1
- data/lib/puppet/file_bucket/dipper.rb +3 -2
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +5 -2
- data/lib/puppet/indirector/facts/inventory_service.rb +20 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +3 -2
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/network/handler/filebucket.rb +2 -0
- data/lib/puppet/network/handler/fileserver.rb +1 -1
- data/lib/puppet/network/handler/master.rb +1 -0
- data/lib/puppet/network/handler/report.rb +2 -0
- data/lib/puppet/network/handler/runner.rb +1 -0
- data/lib/puppet/network/handler/status.rb +2 -0
- data/lib/puppet/network/http/mongrel/rest.rb +8 -1
- data/lib/puppet/network/http_server.rb +3 -0
- data/lib/puppet/network/http_server/mongrel.rb +129 -0
- data/lib/puppet/network/rest_authconfig.rb +12 -4
- data/lib/puppet/parameter.rb +18 -0
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/grammar.ra +1 -1
- data/lib/puppet/parser/parser.rb +360 -350
- data/lib/puppet/property.rb +3 -3
- data/lib/puppet/provider/augeas/augeas.rb +1 -1
- data/lib/puppet/provider/exec/windows.rb +6 -7
- data/lib/puppet/provider/file/windows.rb +9 -2
- data/lib/puppet/provider/group/aix.rb +8 -8
- data/lib/puppet/provider/group/groupadd.rb +1 -3
- data/lib/puppet/provider/group/ldap.rb +8 -10
- data/lib/puppet/provider/group/windows_adsi.rb +8 -2
- data/lib/puppet/provider/package/aix.rb +1 -1
- data/lib/puppet/provider/package/macports.rb +3 -3
- data/lib/puppet/provider/package/msi.rb +12 -5
- data/lib/puppet/provider/package/nim.rb +1 -1
- data/lib/puppet/provider/package/pkgdmg.rb +3 -3
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +560 -0
- data/lib/puppet/provider/service/base.rb +2 -2
- data/lib/puppet/provider/service/bsd.rb +4 -3
- data/lib/puppet/provider/service/daemontools.rb +25 -25
- data/lib/puppet/provider/service/debian.rb +6 -4
- data/lib/puppet/provider/service/freebsd.rb +1 -1
- data/lib/puppet/provider/service/gentoo.rb +4 -3
- data/lib/puppet/provider/service/init.rb +3 -8
- data/lib/puppet/provider/service/launchd.rb +129 -96
- data/lib/puppet/provider/service/redhat.rb +2 -3
- data/lib/puppet/provider/service/runit.rb +20 -20
- data/lib/puppet/provider/service/smf.rb +8 -7
- data/lib/puppet/provider/service/src.rb +5 -6
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/service/upstart.rb +3 -5
- data/lib/puppet/provider/service/windows.rb +7 -7
- data/lib/puppet/provider/sshkey/parsed.rb +2 -3
- data/lib/puppet/provider/user/aix.rb +21 -21
- data/lib/puppet/provider/user/hpux.rb +3 -1
- data/lib/puppet/provider/user/ldap.rb +7 -7
- data/lib/puppet/provider/user/user_role_add.rb +10 -6
- data/lib/puppet/provider/user/useradd.rb +3 -1
- data/lib/puppet/provider/user/windows_adsi.rb +4 -3
- data/lib/puppet/rb_tree_map.rb +388 -0
- data/lib/puppet/reference/configuration.rb +7 -7
- data/lib/puppet/reference/indirection.rb +5 -6
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/network.rb +8 -8
- data/lib/puppet/reference/providers.rb +17 -21
- data/lib/puppet/reference/type.rb +12 -9
- data/lib/puppet/resource.rb +2 -5
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/ssl/certificate_request.rb +70 -0
- data/lib/puppet/ssl/host.rb +6 -0
- data/lib/puppet/transaction.rb +158 -55
- data/lib/puppet/transaction/event_manager.rb +1 -1
- data/lib/puppet/type.rb +60 -30
- data/lib/puppet/type/augeas.rb +83 -49
- data/lib/puppet/type/computer.rb +1 -1
- data/lib/puppet/type/cron.rb +11 -11
- data/lib/puppet/type/exec.rb +28 -21
- data/lib/puppet/type/file.rb +17 -7
- data/lib/puppet/type/file/content.rb +2 -2
- data/lib/puppet/type/file/ensure.rb +15 -12
- data/lib/puppet/type/file/mode.rb +30 -5
- data/lib/puppet/type/file/source.rb +11 -10
- data/lib/puppet/type/file/target.rb +2 -2
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/type/group.rb +4 -5
- data/lib/puppet/type/host.rb +1 -1
- data/lib/puppet/type/interface.rb +13 -10
- data/lib/puppet/type/k5login.rb +6 -6
- data/lib/puppet/type/macauthorization.rb +37 -36
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +6 -6
- data/lib/puppet/type/mount.rb +3 -2
- data/lib/puppet/type/notify.rb +1 -1
- data/lib/puppet/type/package.rb +24 -23
- data/lib/puppet/type/router.rb +4 -1
- data/lib/puppet/type/schedule.rb +52 -44
- data/lib/puppet/type/scheduled_task.rb +222 -0
- data/lib/puppet/type/selmodule.rb +10 -6
- data/lib/puppet/type/service.rb +11 -11
- data/lib/puppet/type/ssh_authorized_key.rb +2 -5
- data/lib/puppet/type/sshkey.rb +1 -1
- data/lib/puppet/type/stage.rb +1 -1
- data/lib/puppet/type/tidy.rb +10 -8
- data/lib/puppet/type/user.rb +61 -53
- data/lib/puppet/type/vlan.rb +4 -4
- data/lib/puppet/type/whit.rb +6 -2
- data/lib/puppet/type/yumrepo.rb +33 -31
- data/lib/puppet/type/zfs.rb +34 -32
- data/lib/puppet/type/zone.rb +21 -19
- data/lib/puppet/type/zpool.rb +3 -3
- data/lib/puppet/util.rb +24 -6
- data/lib/puppet/util/adsi.rb +12 -7
- data/lib/puppet/util/checksums.rb +1 -1
- data/lib/puppet/util/diff.rb +1 -1
- data/lib/puppet/util/nagios_maker.rb +2 -2
- data/lib/puppet/util/reference.rb +16 -17
- data/lib/puppet/util/settings/file_setting.rb +14 -2
- data/lib/puppet/util/windows/security.rb +96 -32
- data/spec/integration/file_serving/terminus_helper_spec.rb +1 -1
- data/spec/integration/indirector/direct_file_server_spec.rb +9 -15
- data/spec/integration/indirector/file_content/file_server_spec.rb +1 -1
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +1 -1
- data/spec/integration/provider/package_spec.rb +4 -0
- data/spec/integration/provider/service/init_spec.rb +8 -2
- data/spec/integration/reference/providers_spec.rb +1 -1
- data/spec/integration/ssl/certificate_request_spec.rb +1 -2
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -2
- data/spec/integration/ssl/host_spec.rb +1 -2
- data/spec/integration/transaction_spec.rb +25 -17
- data/spec/integration/type/exec_spec.rb +77 -0
- data/spec/integration/type/file_spec.rb +322 -2
- data/spec/integration/util/windows/security_spec.rb +393 -230
- data/spec/integration/util_spec.rb +16 -0
- data/spec/lib/puppet_spec/files.rb +3 -7
- data/spec/unit/application/apply_spec.rb +0 -9
- data/spec/unit/application/inspect_spec.rb +1 -0
- data/spec/unit/configurer/downloader_spec.rb +3 -3
- data/spec/unit/face/certificate_spec.rb +6 -2
- data/spec/unit/file_bucket/dipper_spec.rb +67 -10
- data/spec/unit/file_bucket/file_spec.rb +22 -28
- data/spec/unit/file_serving/content_spec.rb +1 -1
- data/spec/unit/file_serving/metadata_spec.rb +30 -3
- data/spec/unit/indirector/facts/inventory_service_spec.rb +22 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +21 -24
- data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/resource/ral_spec.rb +1 -1
- data/spec/unit/indirector/resource_type/parser_spec.rb +2 -2
- data/spec/unit/indirector/rest_spec.rb +1 -1
- data/spec/unit/network/handler/ca_spec.rb +1 -1
- data/spec/unit/network/http/mongrel/rest_spec.rb +54 -25
- data/spec/unit/parameter_spec.rb +36 -0
- data/spec/unit/parser/parser_spec.rb +4 -0
- data/spec/unit/property_spec.rb +2 -2
- data/spec/unit/provider/exec/windows_spec.rb +2 -8
- data/spec/unit/provider/file/posix_spec.rb +6 -0
- data/spec/unit/provider/file/windows_spec.rb +18 -0
- data/spec/unit/provider/group/windows_adsi_spec.rb +22 -6
- data/spec/unit/provider/mount/parsed_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +2 -2
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +1571 -0
- data/spec/unit/provider/service/launchd_spec.rb +143 -130
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -0
- data/spec/unit/provider/user/user_role_add_spec.rb +39 -9
- data/spec/unit/provider/user/useradd_spec.rb +1 -1
- data/spec/unit/provider/user/windows_adsi_spec.rb +8 -1
- data/spec/unit/rb_tree_map_spec.rb +572 -0
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/simple_graph_spec.rb +9 -9
- data/spec/unit/ssl/host_spec.rb +60 -12
- data/spec/unit/transaction/report_spec.rb +3 -3
- data/spec/unit/transaction_spec.rb +394 -11
- data/spec/unit/type/exec_spec.rb +35 -15
- data/spec/unit/type/file/content_spec.rb +11 -10
- data/spec/unit/type/file/mode_spec.rb +73 -19
- data/spec/unit/type/file/source_spec.rb +1 -1
- data/spec/unit/type/file_spec.rb +15 -0
- data/spec/unit/type/group_spec.rb +1 -1
- data/spec/unit/type/mount_spec.rb +5 -5
- data/spec/unit/type/resources_spec.rb +3 -3
- data/spec/unit/type/scheduled_task_spec.rb +102 -0
- data/spec/unit/type/ssh_authorized_key_spec.rb +2 -3
- data/spec/unit/type/user_spec.rb +2 -1
- data/spec/unit/type_spec.rb +48 -4
- data/spec/unit/util/adsi_spec.rb +18 -7
- data/spec/unit/util/checksums_spec.rb +20 -2
- data/spec/unit/util/execution_stub_spec.rb +10 -5
- data/spec/unit/util/logging_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +1 -1
- data/spec/unit/util/reference_spec.rb +29 -0
- data/spec/unit/util/settings/file_setting_spec.rb +8 -2
- data/spec/unit/util_spec.rb +115 -0
- data/test/other/transactions.rb +5 -11
- data/test/ral/type/exec.rb +1 -1
- metadata +24 -11
@@ -423,9 +423,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
|
|
423
423
|
|
424
424
|
exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
|
425
425
|
|
426
|
-
# If noop is set, then also enable diffs
|
427
|
-
Puppet[:show_diff] = true if Puppet[:noop]
|
428
|
-
|
429
426
|
args[:Server] = Puppet[:server]
|
430
427
|
if options[:fqdn]
|
431
428
|
args[:FQDN] = options[:fqdn]
|
@@ -231,9 +231,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
|
|
231
231
|
def setup
|
232
232
|
exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
|
233
233
|
|
234
|
-
# If noop is set, then also enable diffs
|
235
|
-
Puppet[:show_diff] = true if Puppet[:noop]
|
236
|
-
|
237
234
|
Puppet::Util::Log.newdestination(:console) unless options[:logset]
|
238
235
|
client = nil
|
239
236
|
server = nil
|
@@ -10,7 +10,6 @@ class Puppet::Application::Queue < Puppet::Application
|
|
10
10
|
require 'puppet/daemon'
|
11
11
|
@daemon = Puppet::Daemon.new
|
12
12
|
@daemon.argv = ARGV.dup
|
13
|
-
Puppet::Util::Log.newdestination(:console)
|
14
13
|
|
15
14
|
# Do an initial trap, so that cancels don't get a stack trace.
|
16
15
|
|
@@ -109,6 +108,26 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
|
|
109
108
|
HELP
|
110
109
|
end
|
111
110
|
|
111
|
+
option("--logdest DEST", "-l DEST") do |arg|
|
112
|
+
begin
|
113
|
+
Puppet::Util::Log.newdestination(arg)
|
114
|
+
options[:setdest] = true
|
115
|
+
rescue => detail
|
116
|
+
puts detail.backtrace if Puppet[:debug]
|
117
|
+
$stderr.puts detail.to_s
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
option("--logdest DEST", "-l DEST") do |arg|
|
122
|
+
begin
|
123
|
+
Puppet::Util::Log.newdestination(arg)
|
124
|
+
options[:setdest] = true
|
125
|
+
rescue => detail
|
126
|
+
puts detail.backtrace if Puppet[:debug]
|
127
|
+
$stderr.puts detail.to_s
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
112
131
|
def main
|
113
132
|
require 'puppet/indirector/catalog/queue' # provides Puppet::Indirector::Queue.subscribe
|
114
133
|
Puppet.notice "Starting puppetqd #{Puppet.version}"
|
@@ -139,6 +158,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
|
|
139
158
|
Puppet::Util::Log.level = :info
|
140
159
|
end
|
141
160
|
end
|
161
|
+
Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
|
142
162
|
end
|
143
163
|
|
144
164
|
def setup
|
data/lib/puppet/defaults.rb
CHANGED
@@ -109,8 +109,9 @@ module Puppet
|
|
109
109
|
},
|
110
110
|
:diff_args => ["-u", "Which arguments to pass to the diff command when printing differences between files."],
|
111
111
|
:diff => ["diff", "Which diff command to use when printing differences between files."],
|
112
|
-
:show_diff => [false, "Whether to
|
113
|
-
|
112
|
+
:show_diff => [false, "Whether to log and report a contextual diff when files are being replaced. This causes
|
113
|
+
partial file contents to pass through Puppet's normal logging and reporting system, so this setting should be
|
114
|
+
used with caution if you are sending Puppet's reports to an insecure destination.
|
114
115
|
This feature currently requires the `diff/lcs` Ruby library."],
|
115
116
|
:daemonize => {
|
116
117
|
:default => (Puppet.features.microsoft_windows? ? false : true),
|
@@ -135,7 +136,8 @@ module Puppet
|
|
135
136
|
:desc => "The node facts terminus.",
|
136
137
|
:hook => proc do |value|
|
137
138
|
require 'puppet/node/facts'
|
138
|
-
if
|
139
|
+
# Cache to YAML if we're uploading facts away
|
140
|
+
if %w[rest inventory_service].include? value.to_s
|
139
141
|
Puppet::Node::Facts.indirection.cache_class = :yaml
|
140
142
|
end
|
141
143
|
end
|
@@ -617,7 +619,7 @@ EOT
|
|
617
619
|
it with the `--no-client` option."],
|
618
620
|
:listen => [false, "Whether puppet agent should listen for
|
619
621
|
connections. If this is true, then puppet agent will accept incoming
|
620
|
-
REST API requests, subject to the default ACLs and the ACLs set in
|
622
|
+
REST API requests, subject to the default ACLs and the ACLs set in
|
621
623
|
the `rest_authconfig` file. Puppet agent can respond usefully to
|
622
624
|
requests on the `run`, `facts`, `certificate`, and `resource` endpoints."],
|
623
625
|
:ca_server => ["$server", "The server to use for certificate
|
@@ -11,7 +11,7 @@ Puppet::Face.define(:file, '0.0.1') do
|
|
11
11
|
EOT
|
12
12
|
|
13
13
|
when_invoked do |path, options|
|
14
|
-
file = Puppet::FileBucket::File.new(
|
14
|
+
file = Puppet::FileBucket::File.new(Puppet::Util.binread(path))
|
15
15
|
|
16
16
|
Puppet::FileBucket::File.indirection.terminus_class = :file
|
17
17
|
Puppet::FileBucket::File.indirection.save file
|
data/lib/puppet/feature/base.rb
CHANGED
@@ -22,9 +22,10 @@ Puppet.features.add(:microsoft_windows) do
|
|
22
22
|
require 'win32/service'
|
23
23
|
require 'win32ole'
|
24
24
|
require 'win32/api'
|
25
|
+
require 'win32/taskscheduler'
|
25
26
|
true
|
26
27
|
rescue LoadError => err
|
27
|
-
warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir
|
28
|
+
warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir, win32-service and win32-taskscheduler gems: #{err}" unless Puppet.features.posix?
|
28
29
|
end
|
29
30
|
end
|
30
31
|
|
@@ -31,7 +31,7 @@ class Puppet::FileBucket::Dipper
|
|
31
31
|
# Back up a file to our bucket
|
32
32
|
def backup(file)
|
33
33
|
raise(ArgumentError, "File #{file} does not exist") unless ::File.exist?(file)
|
34
|
-
contents = ::
|
34
|
+
contents = Puppet::Util.binread(file)
|
35
35
|
begin
|
36
36
|
file_bucket_file = Puppet::FileBucket::File.new(contents, :bucket_path => @local_path)
|
37
37
|
files_original_path = absolutize_path(file)
|
@@ -64,7 +64,7 @@ class Puppet::FileBucket::Dipper
|
|
64
64
|
def restore(file,sum)
|
65
65
|
restore = true
|
66
66
|
if FileTest.exists?(file)
|
67
|
-
cursum = Digest::MD5.hexdigest(::
|
67
|
+
cursum = Digest::MD5.hexdigest(Puppet::Util.binread(file))
|
68
68
|
|
69
69
|
# if the checksum has changed...
|
70
70
|
# this might be extra effort
|
@@ -83,6 +83,7 @@ class Puppet::FileBucket::Dipper
|
|
83
83
|
::File.chmod(changed | 0200, file)
|
84
84
|
end
|
85
85
|
::File.open(file, ::File::WRONLY|::File::TRUNC|::File::CREAT) { |of|
|
86
|
+
of.binmode
|
86
87
|
of.print(newcontents)
|
87
88
|
}
|
88
89
|
::File.chmod(changed, file) if changed
|
@@ -59,9 +59,12 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
|
|
59
59
|
@path = path
|
60
60
|
end
|
61
61
|
|
62
|
-
|
62
|
+
{ :owner => 'S-1-5-32-544',
|
63
|
+
:group => 'S-1-0-0',
|
64
|
+
:mode => 0644
|
65
|
+
}.each do |method, default_value|
|
63
66
|
define_method method do
|
64
|
-
Puppet::Util::Windows::Security.send("get_#{method}", @path)
|
67
|
+
Puppet::Util::Windows::Security.send("get_#{method}", @path) || default_value
|
65
68
|
end
|
66
69
|
end
|
67
70
|
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'puppet/node/facts'
|
2
|
+
require 'puppet/indirector/rest'
|
3
|
+
|
4
|
+
class Puppet::Node::Facts::InventoryService < Puppet::Indirector::REST
|
5
|
+
desc "Find and save facts about nodes using a remote inventory service."
|
6
|
+
use_server_setting(:inventory_server)
|
7
|
+
use_port_setting(:inventory_port)
|
8
|
+
|
9
|
+
# We don't want failing to upload to the inventory service to cause any
|
10
|
+
# failures, so we just suppress them and warn.
|
11
|
+
def save(request)
|
12
|
+
begin
|
13
|
+
super
|
14
|
+
true
|
15
|
+
rescue => e
|
16
|
+
Puppet.warning "Could not upload facts for #{request.key} to inventory service: #{e.to_s}"
|
17
|
+
false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -27,7 +27,7 @@ module Puppet::FileBucketFile
|
|
27
27
|
raise "could not find diff_with #{request.options[:diff_with]}" unless ::File.exists?(file2_path)
|
28
28
|
return `diff #{file_path.inspect} #{file2_path.inspect}`
|
29
29
|
else
|
30
|
-
contents = ::
|
30
|
+
contents = Puppet::Util.binread(file_path)
|
31
31
|
Puppet.info "FileBucket read #{checksum}"
|
32
32
|
model.new(contents)
|
33
33
|
end
|
@@ -83,6 +83,7 @@ module Puppet::FileBucketFile
|
|
83
83
|
# Write the file to disk.
|
84
84
|
Puppet::Util.withumask(0007) do
|
85
85
|
::File.open(filename, ::File::WRONLY|::File::CREAT, 0440) do |of|
|
86
|
+
of.binmode
|
86
87
|
of.print bucket_file.contents
|
87
88
|
end
|
88
89
|
::File.open(paths_path, ::File::WRONLY|::File::CREAT, 0640) do |of|
|
@@ -121,7 +122,7 @@ module Puppet::FileBucketFile
|
|
121
122
|
# If conflict_check is enabled, verify that the passed text is
|
122
123
|
# the same as the text in our file.
|
123
124
|
def verify_identical_file!(bucket_file)
|
124
|
-
disk_contents = ::
|
125
|
+
disk_contents = Puppet::Util.binread(path_for(bucket_file.bucket_path, bucket_file.checksum_data, 'contents'))
|
125
126
|
|
126
127
|
# If the contents don't match, then we've found a conflict.
|
127
128
|
# Unlikely, but quite bad.
|
@@ -26,7 +26,7 @@ class Puppet::Transaction::Report::Processor < Puppet::Indirector::Code
|
|
26
26
|
# LAK:NOTE This isn't necessarily the best design, but it's backward
|
27
27
|
# compatible and that's good enough for now.
|
28
28
|
def process(report)
|
29
|
-
Puppet.debug "
|
29
|
+
Puppet.debug "Received report to process from #{report.host}"
|
30
30
|
processors do |mod|
|
31
31
|
Puppet.debug "Processing report from #{report.host} with processor #{mod}"
|
32
32
|
# We have to use a dup because we're including a module in the
|
@@ -28,6 +28,8 @@ class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
|
|
28
28
|
# testing purposes.
|
29
29
|
def params(request)
|
30
30
|
params = Mongrel::HttpRequest.query_parse(request.params["QUERY_STRING"])
|
31
|
+
params.merge!(Mongrel::HttpRequest.query_parse(body(request))) if http_method(request).upcase == 'POST'
|
32
|
+
|
31
33
|
params = decode_params(params)
|
32
34
|
params.merge(client_info(request))
|
33
35
|
end
|
@@ -41,7 +43,12 @@ class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
|
|
41
43
|
|
42
44
|
# return the request body
|
43
45
|
def body(request)
|
44
|
-
request.body.read
|
46
|
+
body = request.body.read
|
47
|
+
# We rewind the body, since read on a StringIO is destructive, and
|
48
|
+
# subsequent reads will return an empty string.
|
49
|
+
request.body.rewind
|
50
|
+
|
51
|
+
body
|
45
52
|
end
|
46
53
|
|
47
54
|
def set_content_type(response, format)
|
@@ -0,0 +1,129 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# File: 06-11-14-mongrel_xmlrpc.rb
|
3
|
+
# Author: Manuel Holtgrewe <purestorm at ggnore.net>
|
4
|
+
#
|
5
|
+
# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
|
6
|
+
#
|
7
|
+
# This file is based heavily on a file retrieved from
|
8
|
+
# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
|
9
|
+
|
10
|
+
require 'rubygems'
|
11
|
+
require 'mongrel'
|
12
|
+
require 'xmlrpc/server'
|
13
|
+
require 'puppet/network/xmlrpc/server'
|
14
|
+
require 'puppet/network/http_server'
|
15
|
+
require 'puppet/network/client_request'
|
16
|
+
require 'puppet/network/handler'
|
17
|
+
|
18
|
+
require 'resolv'
|
19
|
+
|
20
|
+
# This handler can be hooked into Mongrel to accept HTTP requests. After
|
21
|
+
# checking whether the request itself is sane, the handler forwards it
|
22
|
+
# to an internal instance of XMLRPC::BasicServer to process it.
|
23
|
+
#
|
24
|
+
# You can access the server by calling the Handler's "xmlrpc_server"
|
25
|
+
# attribute accessor method and add XMLRPC handlers there. For example:
|
26
|
+
#
|
27
|
+
# <pre>
|
28
|
+
# handler = XmlRpcHandler.new
|
29
|
+
# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
|
30
|
+
# </pre>
|
31
|
+
module Puppet::Network
|
32
|
+
class HTTPServer::Mongrel < ::Mongrel::HttpHandler
|
33
|
+
attr_reader :xmlrpc_server
|
34
|
+
|
35
|
+
def initialize(handlers)
|
36
|
+
if Puppet[:debug]
|
37
|
+
$mongrel_debug_client = true
|
38
|
+
Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
|
39
|
+
end
|
40
|
+
# Create a new instance of BasicServer. We are supposed to subclass it
|
41
|
+
# but that does not make sense since we would not introduce any new
|
42
|
+
# behaviour and we have to subclass Mongrel::HttpHandler so our handler
|
43
|
+
# works for Mongrel.
|
44
|
+
@xmlrpc_server = Puppet::Network::XMLRPCServer.new
|
45
|
+
handlers.each do |name|
|
46
|
+
unless handler = Puppet::Network::Handler.handler(name)
|
47
|
+
raise ArgumentError, "Invalid handler #{name}"
|
48
|
+
end
|
49
|
+
@xmlrpc_server.add_handler(handler.interface, handler.new({}))
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
# This method produces the same results as XMLRPC::CGIServer.serve
|
54
|
+
# from Ruby's stdlib XMLRPC implementation.
|
55
|
+
def process(request, response)
|
56
|
+
# Make sure this has been a POST as required for XMLRPC.
|
57
|
+
request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
|
58
|
+
if request_method != "POST"
|
59
|
+
response.start(405) { |head, out| out.write("Method Not Allowed") }
|
60
|
+
return
|
61
|
+
end
|
62
|
+
|
63
|
+
# Make sure the user has sent text/xml data.
|
64
|
+
request_mime = request.params["CONTENT_TYPE"] || "text/plain"
|
65
|
+
if parse_content_type(request_mime).first != "text/xml"
|
66
|
+
response.start(400) { |head, out| out.write("Bad Request") }
|
67
|
+
return
|
68
|
+
end
|
69
|
+
|
70
|
+
# Make sure there is data in the body at all.
|
71
|
+
length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
|
72
|
+
if length <= 0
|
73
|
+
response.start(411) { |head, out| out.write("Length Required") }
|
74
|
+
return
|
75
|
+
end
|
76
|
+
|
77
|
+
# Check the body to be valid.
|
78
|
+
if request.body.nil? or request.body.size != length
|
79
|
+
response.start(400) { |head, out| out.write("Bad Request") }
|
80
|
+
return
|
81
|
+
end
|
82
|
+
|
83
|
+
info = client_info(request)
|
84
|
+
|
85
|
+
# All checks above passed through
|
86
|
+
response.start(200) do |head, out|
|
87
|
+
head["Content-Type"] = "text/xml; charset=utf-8"
|
88
|
+
begin
|
89
|
+
out.write(@xmlrpc_server.process(request.body, info))
|
90
|
+
rescue => detail
|
91
|
+
puts detail.backtrace
|
92
|
+
raise
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
|
99
|
+
def client_info(request)
|
100
|
+
params = request.params
|
101
|
+
ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
|
102
|
+
# JJM #906 The following dn.match regular expression is forgiving
|
103
|
+
# enough to match the two Distinguished Name string contents
|
104
|
+
# coming from Apache, Pound or other reverse SSL proxies.
|
105
|
+
if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
|
106
|
+
client = dn_matchdata[1].to_str
|
107
|
+
valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
|
108
|
+
else
|
109
|
+
begin
|
110
|
+
client = Resolv.getname(ip)
|
111
|
+
rescue => detail
|
112
|
+
Puppet.err "Could not resolve #{ip}: #{detail}"
|
113
|
+
client = "unknown"
|
114
|
+
end
|
115
|
+
valid = false
|
116
|
+
end
|
117
|
+
|
118
|
+
info = Puppet::Network::ClientRequest.new(client, ip, valid)
|
119
|
+
|
120
|
+
info
|
121
|
+
end
|
122
|
+
|
123
|
+
# Taken from XMLRPC::ParseContentType
|
124
|
+
def parse_content_type(str)
|
125
|
+
a, *b = str.split(";")
|
126
|
+
return a.strip, *b
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
@@ -14,9 +14,11 @@ module Puppet
|
|
14
14
|
{ :acl => "/file" },
|
15
15
|
{ :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true },
|
16
16
|
{ :acl => "/report", :method => :save, :authenticated => true },
|
17
|
-
|
18
|
-
|
19
|
-
{ :acl => "/
|
17
|
+
# These allow `auth any`, because if you can do them anonymously you
|
18
|
+
# should probably also be able to do them when trusted.
|
19
|
+
{ :acl => "/certificate/ca", :method => :find, :authenticated => :any },
|
20
|
+
{ :acl => "/certificate/", :method => :find, :authenticated => :any },
|
21
|
+
{ :acl => "/certificate_request", :method => [:find, :save], :authenticated => :any },
|
20
22
|
{ :acl => "/status", :method => [:find], :authenticated => true },
|
21
23
|
]
|
22
24
|
|
@@ -65,9 +67,15 @@ module Puppet
|
|
65
67
|
|
66
68
|
# force regular ACLs to be present
|
67
69
|
def insert_default_acl
|
70
|
+
if exists? then
|
71
|
+
reason = "none were found in '#{@file}'"
|
72
|
+
else
|
73
|
+
reason = "#{Puppet[:rest_authconfig]} doesn't exist"
|
74
|
+
end
|
75
|
+
|
68
76
|
DEFAULT_ACL.each do |acl|
|
69
77
|
unless rights[acl[:acl]]
|
70
|
-
Puppet.info "Inserting default '#{acl[:acl]}'(#{acl[:authenticated]
|
78
|
+
Puppet.info "Inserting default '#{acl[:acl]}' (auth #{acl[:authenticated]}) ACL because #{reason}"
|
71
79
|
mk_acl(acl)
|
72
80
|
end
|
73
81
|
end
|