puppet 5.5.3-universal-darwin → 5.5.6-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CONTRIBUTING.md +1 -4
- data/Gemfile +5 -1
- data/Gemfile.lock +167 -0
- data/Rakefile +4 -34
- data/ext/build_defaults.yaml +0 -2
- data/lib/puppet/application/cert.rb +3 -1
- data/lib/puppet/defaults.rb +55 -26
- data/lib/puppet/face/certificate.rb +2 -0
- data/lib/puppet/indirector/ldap.rb +6 -0
- data/lib/puppet/node/environment.rb +4 -2
- data/lib/puppet/parser/functions/tagged.rb +1 -4
- data/lib/puppet/pops/issues.rb +4 -0
- data/lib/puppet/pops/validation/checker4_0.rb +100 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +4 -3
- data/lib/puppet/provider/augeas/augeas.rb +198 -4
- data/lib/puppet/provider/service/smf.rb +2 -3
- data/lib/puppet/provider/service/upstart.rb +10 -2
- data/lib/puppet/test/test_helper.rb +0 -3
- data/lib/puppet/type/file/source.rb +10 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +132 -118
- data/man/man5/puppet.conf.5 +23 -23
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +3 -3
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +2 -2
- data/man/man8/puppet-certificate.8 +3 -3
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +3 -3
- data/spec/integration/type/file_spec.rb +18 -3
- data/spec/integration/util/settings_spec.rb +1 -0
- data/spec/integration/util/windows/security_spec.rb +78 -1
- data/spec/unit/application/master_spec.rb +2 -0
- data/spec/unit/configurer/downloader_spec.rb +5 -0
- data/spec/unit/defaults_spec.rb +13 -0
- data/spec/unit/face/help_spec.rb +2 -1
- data/spec/unit/indirector/ldap_spec.rb +22 -1
- data/spec/unit/node/environment_spec.rb +14 -0
- data/spec/unit/parser/functions/tagged_spec.rb +16 -0
- data/spec/unit/pops/validator/validator_spec.rb +139 -4
- data/spec/unit/provider/augeas/augeas_spec.rb +66 -1
- data/spec/unit/provider/service/smf_spec.rb +2 -6
- data/spec/unit/provider/service/upstart_spec.rb +37 -0
- data/spec/unit/settings/autosign_setting_spec.rb +2 -2
- data/spec/unit/settings/file_setting_spec.rb +6 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 35dab550cf5bc25b9c3df32cf6f404deb5cbf4f999351784af4cb034b8b98302
|
4
|
+
data.tar.gz: 75c6cfa1941b96787d07696d04f75dc2404634abbcb0d9adfd4c382b46d224c7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5e9d1b72fa5eee1c9651f58454ed02110ceaf59b5cc7b8ec6f224926d8f09640b46e1044f672bf74e0694514d83988de49211cde48b50034f49cb82ebde05358
|
7
|
+
data.tar.gz: aa0bd26341831fa71811e030b8a8cdf688682f52907d93058c18c74bd17b78b9abf79fe341517208230cbd31bdcc30191f0730e05300ee4e98f1fa95698b604c
|
data/CONTRIBUTING.md
CHANGED
@@ -65,10 +65,7 @@ the [puppet-dev mailing list](https://groups.google.com/forum/#!forum/puppet-dev
|
|
65
65
|
why this is a problem, and how the patch fixes the problem when applied.
|
66
66
|
```
|
67
67
|
* Make sure you have added the necessary tests for your changes.
|
68
|
-
*
|
69
|
-
install all the test dependencies with `bundle install --path .bundle`. Then
|
70
|
-
either run all the tests serially with `bundle exec rspec spec` or in parallel
|
71
|
-
with `bundle exec rake parallel:spec[process_count]`
|
68
|
+
* For details on how to run tests, please see [the quickstart guide](https://github.com/puppetlabs/puppet/blob/master/docs/quickstart.md)
|
72
69
|
|
73
70
|
## Writing Translatable Code
|
74
71
|
|
data/Gemfile
CHANGED
@@ -12,6 +12,10 @@ def location_for(place, fake_version = nil)
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
+
group(:packaging) do
|
16
|
+
gem 'packaging', *location_for(ENV['PACKAGING_LOCATION'] || '~> 0.99')
|
17
|
+
end
|
18
|
+
|
15
19
|
# C Ruby (MRI) or Rubinius, but NOT Windows
|
16
20
|
platforms :ruby do
|
17
21
|
gem 'pry', :group => :development
|
@@ -35,7 +39,7 @@ group(:development, :test) do
|
|
35
39
|
# be removed here *yet* due to TravisCI / AppVeyor which call:
|
36
40
|
# bundle install --without development
|
37
41
|
# PUP-7433 describes work necessary to restructure this
|
38
|
-
gem "rake",
|
42
|
+
gem "rake", '~> 12.2.1', :require => false
|
39
43
|
gem "rspec", "~> 3.1", :require => false
|
40
44
|
gem "rspec-its", "~> 1.1", :require => false
|
41
45
|
gem "rspec-collection_matchers", "~> 1.1", :require => false
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,167 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
puppet (5.5.6)
|
5
|
+
CFPropertyList (~> 2.2)
|
6
|
+
facter (>= 2.0.1, < 4)
|
7
|
+
fast_gettext (~> 1.1.2)
|
8
|
+
hiera (>= 3.2.1, < 4)
|
9
|
+
hocon (~> 1.0)
|
10
|
+
locale (~> 2.1)
|
11
|
+
multi_json (~> 1.13)
|
12
|
+
net-ssh (>= 3.0, < 5)
|
13
|
+
|
14
|
+
GEM
|
15
|
+
remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
|
16
|
+
specs:
|
17
|
+
CFPropertyList (2.3.6)
|
18
|
+
addressable (2.4.0)
|
19
|
+
artifactory (2.8.2)
|
20
|
+
ast (2.4.0)
|
21
|
+
builder (3.2.3)
|
22
|
+
coderay (1.1.2)
|
23
|
+
crack (0.4.3)
|
24
|
+
safe_yaml (~> 1.0.0)
|
25
|
+
diff-lcs (1.3)
|
26
|
+
facter (2.5.1)
|
27
|
+
fast_gettext (1.1.2)
|
28
|
+
gettext (3.2.9)
|
29
|
+
locale (>= 2.0.5)
|
30
|
+
text (>= 1.3.0)
|
31
|
+
gettext-setup (0.30)
|
32
|
+
fast_gettext (~> 1.1.0)
|
33
|
+
gettext (>= 3.0.2)
|
34
|
+
locale
|
35
|
+
hashdiff (0.3.7)
|
36
|
+
hiera (3.4.3)
|
37
|
+
hiera-eyaml (2.1.0)
|
38
|
+
highline (~> 1.6.19)
|
39
|
+
trollop (~> 2.0)
|
40
|
+
highline (1.6.21)
|
41
|
+
hocon (1.2.5)
|
42
|
+
hpricot (0.8.6)
|
43
|
+
json-schema (2.8.0)
|
44
|
+
addressable (>= 2.4)
|
45
|
+
locale (2.1.2)
|
46
|
+
memory_profiler (0.9.11)
|
47
|
+
metaclass (0.0.4)
|
48
|
+
method_source (0.9.0)
|
49
|
+
mocha (0.10.5)
|
50
|
+
metaclass (~> 0.0.1)
|
51
|
+
msgpack (1.2.4)
|
52
|
+
multi_json (1.13.1)
|
53
|
+
mustache (1.0.5)
|
54
|
+
net-ssh (4.2.0)
|
55
|
+
packaging (0.99.8)
|
56
|
+
artifactory
|
57
|
+
rake (~> 12.2.1)
|
58
|
+
parallel (1.12.1)
|
59
|
+
parser (2.5.1.2)
|
60
|
+
ast (~> 2.4.0)
|
61
|
+
powerpack (0.1.2)
|
62
|
+
pry (0.11.3)
|
63
|
+
coderay (~> 1.1.0)
|
64
|
+
method_source (~> 0.9.0)
|
65
|
+
puppet-lint (2.3.6)
|
66
|
+
puppet-syntax (2.4.1)
|
67
|
+
rake
|
68
|
+
puppetlabs_spec_helper (1.1.1)
|
69
|
+
mocha
|
70
|
+
puppet-lint
|
71
|
+
puppet-syntax
|
72
|
+
rake
|
73
|
+
rspec-puppet
|
74
|
+
racc (1.4.9)
|
75
|
+
rack (1.6.10)
|
76
|
+
rainbow (2.1.0)
|
77
|
+
rake (12.2.1)
|
78
|
+
rdiscount (2.2.0.1)
|
79
|
+
rdoc (4.3.0)
|
80
|
+
redcarpet (2.3.0)
|
81
|
+
ronn (0.7.3)
|
82
|
+
hpricot (>= 0.8.2)
|
83
|
+
mustache (>= 0.7.0)
|
84
|
+
rdiscount (>= 1.5.8)
|
85
|
+
rspec (3.8.0)
|
86
|
+
rspec-core (~> 3.8.0)
|
87
|
+
rspec-expectations (~> 3.8.0)
|
88
|
+
rspec-mocks (~> 3.8.0)
|
89
|
+
rspec-collection_matchers (1.1.3)
|
90
|
+
rspec-expectations (>= 2.99.0.beta1)
|
91
|
+
rspec-core (3.8.0)
|
92
|
+
rspec-support (~> 3.8.0)
|
93
|
+
rspec-expectations (3.8.1)
|
94
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
95
|
+
rspec-support (~> 3.8.0)
|
96
|
+
rspec-its (1.2.0)
|
97
|
+
rspec-core (>= 3.0.0)
|
98
|
+
rspec-expectations (>= 3.0.0)
|
99
|
+
rspec-legacy_formatters (1.0.1)
|
100
|
+
rspec (~> 3.0)
|
101
|
+
rspec-mocks (3.8.0)
|
102
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
103
|
+
rspec-support (~> 3.8.0)
|
104
|
+
rspec-puppet (2.6.15)
|
105
|
+
rspec
|
106
|
+
rspec-support (3.8.0)
|
107
|
+
rubocop (0.49.1)
|
108
|
+
parallel (~> 1.10)
|
109
|
+
parser (>= 2.3.3.1, < 3.0)
|
110
|
+
powerpack (~> 0.1)
|
111
|
+
rainbow (>= 1.99.1, < 3.0)
|
112
|
+
ruby-progressbar (~> 1.7)
|
113
|
+
unicode-display_width (~> 1.0, >= 1.0.1)
|
114
|
+
rubocop-i18n (1.2.0)
|
115
|
+
rubocop (~> 0.49.0)
|
116
|
+
ruby-prof (0.17.0)
|
117
|
+
ruby-progressbar (1.10.0)
|
118
|
+
safe_yaml (1.0.4)
|
119
|
+
text (1.3.1)
|
120
|
+
trollop (2.1.3)
|
121
|
+
unicode-display_width (1.4.0)
|
122
|
+
vcr (2.9.3)
|
123
|
+
webmock (1.24.6)
|
124
|
+
addressable (>= 2.3.6)
|
125
|
+
crack (>= 0.3.2)
|
126
|
+
hashdiff
|
127
|
+
yard (0.9.16)
|
128
|
+
yarjuf (2.0.0)
|
129
|
+
builder
|
130
|
+
rspec (~> 3)
|
131
|
+
|
132
|
+
PLATFORMS
|
133
|
+
ruby
|
134
|
+
|
135
|
+
DEPENDENCIES
|
136
|
+
addressable (< 2.5.0)
|
137
|
+
gettext-setup (~> 0.28)
|
138
|
+
hiera-eyaml
|
139
|
+
json-schema (~> 2.0)
|
140
|
+
memory_profiler
|
141
|
+
mocha (~> 0.10.5)
|
142
|
+
msgpack
|
143
|
+
packaging (~> 0.99)
|
144
|
+
pry
|
145
|
+
puppet!
|
146
|
+
puppetlabs_spec_helper
|
147
|
+
racc (= 1.4.9)
|
148
|
+
rack (~> 1.4)
|
149
|
+
rainbow (< 2.2.1)
|
150
|
+
rake (~> 12.2.1)
|
151
|
+
rdoc (~> 4.1)
|
152
|
+
redcarpet (~> 2.0)
|
153
|
+
ronn (~> 0.7.3)
|
154
|
+
rspec (~> 3.1)
|
155
|
+
rspec-collection_matchers (~> 1.1)
|
156
|
+
rspec-its (~> 1.1)
|
157
|
+
rspec-legacy_formatters (~> 1.0)
|
158
|
+
rubocop (~> 0.49.1)
|
159
|
+
rubocop-i18n (~> 1.2.0)
|
160
|
+
ruby-prof (>= 0.16.0)
|
161
|
+
vcr (~> 2.9)
|
162
|
+
webmock (~> 1.24)
|
163
|
+
yard
|
164
|
+
yarjuf (~> 2.0)
|
165
|
+
|
166
|
+
BUNDLED WITH
|
167
|
+
1.16.2
|
data/Rakefile
CHANGED
@@ -24,40 +24,10 @@ require 'open3'
|
|
24
24
|
Dir['tasks/**/*.rake'].each { |t| load t }
|
25
25
|
|
26
26
|
begin
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
build_defs_file = 'ext/build_defaults.yaml'
|
32
|
-
if File.exist?(build_defs_file)
|
33
|
-
begin
|
34
|
-
require 'yaml'
|
35
|
-
@build_defaults ||= YAML.load_file(build_defs_file)
|
36
|
-
rescue Exception => e
|
37
|
-
STDERR.puts "Unable to load yaml from #{build_defs_file}:"
|
38
|
-
STDERR.puts e
|
39
|
-
end
|
40
|
-
@packaging_url = @build_defaults['packaging_url']
|
41
|
-
@packaging_repo = @build_defaults['packaging_repo']
|
42
|
-
raise "Could not find packaging url in #{build_defs_file}" if @packaging_url.nil?
|
43
|
-
raise "Could not find packaging repo in #{build_defs_file}" if @packaging_repo.nil?
|
44
|
-
|
45
|
-
namespace :package do
|
46
|
-
desc "Bootstrap packaging automation, e.g. clone into packaging repo"
|
47
|
-
task :bootstrap do
|
48
|
-
if File.exist?("ext/#{@packaging_repo}")
|
49
|
-
puts "It looks like you already have ext/#{@packaging_repo}. If you don't like it, blow it away with package:implode."
|
50
|
-
else
|
51
|
-
cd 'ext' do
|
52
|
-
%x{git clone #{@packaging_url}}
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
desc "Remove all cloned packaging automation"
|
57
|
-
task :implode do
|
58
|
-
rm_rf "ext/#{@packaging_repo}"
|
59
|
-
end
|
60
|
-
end
|
27
|
+
require 'packaging'
|
28
|
+
Pkg::Util::RakeUtils.load_packaging_tasks
|
29
|
+
rescue LoadError => e
|
30
|
+
puts "Error loading packaging rake tasks: #{e}"
|
61
31
|
end
|
62
32
|
|
63
33
|
task :default do
|
data/ext/build_defaults.yaml
CHANGED
@@ -100,7 +100,7 @@ class Puppet::Application::Cert < Puppet::Application
|
|
100
100
|
end
|
101
101
|
|
102
102
|
def summary
|
103
|
-
_("Manage certificates and requests")
|
103
|
+
_("Manage certificates and requests (Deprecated)")
|
104
104
|
end
|
105
105
|
|
106
106
|
def help
|
@@ -282,6 +282,8 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
282
282
|
end
|
283
283
|
|
284
284
|
def setup
|
285
|
+
deprecate
|
286
|
+
|
285
287
|
require 'puppet/ssl/certificate_authority'
|
286
288
|
exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
|
287
289
|
|
data/lib/puppet/defaults.rb
CHANGED
@@ -257,8 +257,9 @@ module Puppet
|
|
257
257
|
on the CLI.",
|
258
258
|
},
|
259
259
|
:configprint => {
|
260
|
-
:default
|
261
|
-
:
|
260
|
+
:default => "",
|
261
|
+
:deprecated => :completely,
|
262
|
+
:desc => "Prints the value of a specific configuration setting. If the name of a
|
262
263
|
setting is provided for this, then the value is printed and puppet
|
263
264
|
exits. Comma-separate multiple values. For a list of all values,
|
264
265
|
specify 'all'. This setting is deprecated, the 'puppet config' command replaces this functionality.",
|
@@ -276,7 +277,7 @@ module Puppet
|
|
276
277
|
:desc => "Whether to create the necessary user and group that puppet agent will run as.",
|
277
278
|
},
|
278
279
|
:manage_internal_file_permissions => {
|
279
|
-
:default =>
|
280
|
+
:default => ! Puppet::Util::Platform.windows?,
|
280
281
|
:type => :boolean,
|
281
282
|
:desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally",
|
282
283
|
},
|
@@ -752,11 +753,14 @@ change this setting; you also need to:
|
|
752
753
|
|
753
754
|
* On the server: Stop Puppet Server.
|
754
755
|
* On the CA server: Revoke and clean the server's old certificate. (`puppet cert clean <NAME>`)
|
756
|
+
(Note `puppet cert clean` is deprecated and will be replaced with `puppetserver ca clean`
|
757
|
+
in Puppet 6.)
|
755
758
|
* On the server: Delete the old certificate (and any old certificate signing requests)
|
756
759
|
from the [ssldir](https://puppet.com/docs/puppet/latest/dirs_ssldir.html).
|
757
760
|
* On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to request a new certificate
|
758
761
|
* On the CA server: Sign the certificate request, explicitly allowing alternate names
|
759
|
-
(`puppet cert sign --allow-dns-alt-names <NAME>`).
|
762
|
+
(`puppet cert sign --allow-dns-alt-names <NAME>`). (Note `puppet cert sign` is deprecated
|
763
|
+
and will be replaced with `puppetserver ca sign` in Puppet 6.)
|
760
764
|
* On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to retrieve the cert.
|
761
765
|
* On the server: Start Puppet Server again.
|
762
766
|
|
@@ -977,7 +981,8 @@ EOT
|
|
977
981
|
:ca,
|
978
982
|
:ca_name => {
|
979
983
|
:default => "Puppet CA: $certname",
|
980
|
-
:desc => "The name to use the Certificate Authority certificate.",
|
984
|
+
:desc => "The name to use the Certificate Authority certificate. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
985
|
+
:deprecated => :completely,
|
981
986
|
},
|
982
987
|
:cadir => {
|
983
988
|
:default => "$ssldir/ca",
|
@@ -985,7 +990,8 @@ EOT
|
|
985
990
|
:owner => "service",
|
986
991
|
:group => "service",
|
987
992
|
:mode => "0755",
|
988
|
-
:desc => "The root directory for the certificate authority."
|
993
|
+
:desc => "The root directory for the certificate authority. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
994
|
+
:deprecated => :completely,
|
989
995
|
},
|
990
996
|
:cacert => {
|
991
997
|
:default => "$cadir/ca_crt.pem",
|
@@ -993,7 +999,8 @@ EOT
|
|
993
999
|
:owner => "service",
|
994
1000
|
:group => "service",
|
995
1001
|
:mode => "0644",
|
996
|
-
:desc => "The CA certificate."
|
1002
|
+
:desc => "The CA certificate. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1003
|
+
:deprecated => :completely,
|
997
1004
|
},
|
998
1005
|
:cakey => {
|
999
1006
|
:default => "$cadir/ca_key.pem",
|
@@ -1001,7 +1008,8 @@ EOT
|
|
1001
1008
|
:owner => "service",
|
1002
1009
|
:group => "service",
|
1003
1010
|
:mode => "0640",
|
1004
|
-
:desc => "The CA private key."
|
1011
|
+
:desc => "The CA private key. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1012
|
+
:deprecated => :completely,
|
1005
1013
|
},
|
1006
1014
|
:capub => {
|
1007
1015
|
:default => "$cadir/ca_pub.pem",
|
@@ -1009,7 +1017,8 @@ EOT
|
|
1009
1017
|
:owner => "service",
|
1010
1018
|
:group => "service",
|
1011
1019
|
:mode => "0644",
|
1012
|
-
:desc => "The CA public key."
|
1020
|
+
:desc => "The CA public key. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1021
|
+
:deprecated => :completely,
|
1013
1022
|
},
|
1014
1023
|
:cacrl => {
|
1015
1024
|
:default => "$cadir/ca_crl.pem",
|
@@ -1017,7 +1026,8 @@ EOT
|
|
1017
1026
|
:owner => "service",
|
1018
1027
|
:group => "service",
|
1019
1028
|
:mode => "0644",
|
1020
|
-
:desc => "The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.",
|
1029
|
+
:desc => "The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1030
|
+
:deprecated => :completely,
|
1021
1031
|
},
|
1022
1032
|
:caprivatedir => {
|
1023
1033
|
:default => "$cadir/private",
|
@@ -1025,7 +1035,8 @@ EOT
|
|
1025
1035
|
:owner => "service",
|
1026
1036
|
:group => "service",
|
1027
1037
|
:mode => "0750",
|
1028
|
-
:desc => "Where the CA stores private certificate information."
|
1038
|
+
:desc => "Where the CA stores private certificate information. This setting is deprecated and will be removed in Puppet 6.",
|
1039
|
+
:deprecated => :completely,
|
1029
1040
|
},
|
1030
1041
|
:csrdir => {
|
1031
1042
|
:default => "$cadir/requests",
|
@@ -1033,7 +1044,8 @@ EOT
|
|
1033
1044
|
:owner => "service",
|
1034
1045
|
:group => "service",
|
1035
1046
|
:mode => "0755",
|
1036
|
-
:desc => "Where the CA stores certificate requests"
|
1047
|
+
:desc => "Where the CA stores certificate requests. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1048
|
+
:deprecated => :completely,
|
1037
1049
|
},
|
1038
1050
|
:signeddir => {
|
1039
1051
|
:default => "$cadir/signed",
|
@@ -1041,7 +1053,8 @@ EOT
|
|
1041
1053
|
:owner => "service",
|
1042
1054
|
:group => "service",
|
1043
1055
|
:mode => "0755",
|
1044
|
-
:desc => "Where the CA stores signed certificates."
|
1056
|
+
:desc => "Where the CA stores signed certificates. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1057
|
+
:deprecated => :completely,
|
1045
1058
|
},
|
1046
1059
|
:capass => {
|
1047
1060
|
:default => "$caprivatedir/ca.pass",
|
@@ -1049,7 +1062,8 @@ EOT
|
|
1049
1062
|
:owner => "service",
|
1050
1063
|
:group => "service",
|
1051
1064
|
:mode => "0640",
|
1052
|
-
:desc => "Where the CA stores the password for the private key."
|
1065
|
+
:desc => "Where the CA stores the password for the private key. This setting is deprecated and will be removed in Puppet 6.",
|
1066
|
+
:deprecated => :completely,
|
1053
1067
|
},
|
1054
1068
|
:serial => {
|
1055
1069
|
:default => "$cadir/serial",
|
@@ -1057,13 +1071,17 @@ EOT
|
|
1057
1071
|
:owner => "service",
|
1058
1072
|
:group => "service",
|
1059
1073
|
:mode => "0644",
|
1060
|
-
:desc => "Where the serial number for certificates is stored."
|
1074
|
+
:desc => "Where the serial number for certificates is stored. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1075
|
+
:deprecated => :completely,
|
1061
1076
|
},
|
1062
1077
|
:autosign => {
|
1063
1078
|
:default => "$confdir/autosign.conf",
|
1064
1079
|
:type => :autosign,
|
1080
|
+
:deprecated => :completely,
|
1065
1081
|
:desc => "Whether (and how) to autosign certificate requests. This setting
|
1066
1082
|
is only relevant on a puppet master acting as a certificate authority (CA).
|
1083
|
+
This setting is also deprecated and will be replaced by one in Puppet Server's
|
1084
|
+
configs in Puppet 6.
|
1067
1085
|
|
1068
1086
|
Valid values are true (autosigns all certificate requests; not recommended),
|
1069
1087
|
false (disables autosigning certificates), or the absolute path to a file.
|
@@ -1090,14 +1108,15 @@ EOT
|
|
1090
1108
|
:allow_duplicate_certs => {
|
1091
1109
|
:default => false,
|
1092
1110
|
:type => :boolean,
|
1093
|
-
:desc => "Whether to allow a new certificate
|
1094
|
-
|
1111
|
+
:desc => "Whether to allow a new certificate request to overwrite an existing certificate. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1112
|
+
:deprecated => :completely,
|
1095
1113
|
},
|
1096
1114
|
:ca_ttl => {
|
1097
1115
|
:default => "5y",
|
1098
1116
|
:type => :duration,
|
1099
1117
|
:desc => "The default TTL for new certificates.
|
1100
|
-
#{AS_DURATION}"
|
1118
|
+
#{AS_DURATION} This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1119
|
+
:deprecated => :completely,
|
1101
1120
|
},
|
1102
1121
|
:keylength => {
|
1103
1122
|
:default => 4096,
|
@@ -1110,7 +1129,8 @@ EOT
|
|
1110
1129
|
:owner => "service",
|
1111
1130
|
:group => "service",
|
1112
1131
|
:desc => "The inventory file. This is a text file to which the CA writes a
|
1113
|
-
complete listing of all certificates."
|
1132
|
+
complete listing of all certificates. This setting is deprecated and will be replaced by one in Puppet Server's configs in Puppet 6.",
|
1133
|
+
:deprecated => :completely,
|
1114
1134
|
}
|
1115
1135
|
)
|
1116
1136
|
|
@@ -1142,6 +1162,7 @@ EOT
|
|
1142
1162
|
:bindaddress => {
|
1143
1163
|
:default => "*",
|
1144
1164
|
:desc => "The address a listening server should bind to.",
|
1165
|
+
:deprecated => :completely,
|
1145
1166
|
}
|
1146
1167
|
)
|
1147
1168
|
|
@@ -1191,11 +1212,15 @@ EOT
|
|
1191
1212
|
define_settings(:master,
|
1192
1213
|
:user => {
|
1193
1214
|
:default => "puppet",
|
1194
|
-
:desc => "The user
|
1215
|
+
:desc => "The user Puppet Server will run as. Used to ensure
|
1216
|
+
the agent side processes (agent, apply, etc) create files and
|
1217
|
+
directories readable by Puppet Server when necessary.",
|
1195
1218
|
},
|
1196
1219
|
:group => {
|
1197
1220
|
:default => "puppet",
|
1198
|
-
:desc => "The group
|
1221
|
+
:desc => "The group Puppet Server will run as. Used to ensure
|
1222
|
+
the agent side processes (agent, apply, etc) create files and
|
1223
|
+
directories readable by Puppet Server when necessary.",
|
1199
1224
|
},
|
1200
1225
|
:default_manifest => {
|
1201
1226
|
:default => "./manifests",
|
@@ -1241,6 +1266,7 @@ EOT
|
|
1241
1266
|
:group => "service",
|
1242
1267
|
:mode => "0660",
|
1243
1268
|
:create => true,
|
1269
|
+
:deprecated => :completely,
|
1244
1270
|
:desc => "Where the puppet master web server saves its access log. This is
|
1245
1271
|
only used when running a WEBrick puppet master. When puppet master is
|
1246
1272
|
running under a Rack server like Passenger, that web server will have
|
@@ -1248,9 +1274,9 @@ EOT
|
|
1248
1274
|
},
|
1249
1275
|
:masterport => {
|
1250
1276
|
:default => 8140,
|
1251
|
-
:desc => "The port
|
1252
|
-
|
1253
|
-
|
1277
|
+
:desc => "The default port puppet subcommands use to communicate
|
1278
|
+
with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
|
1279
|
+
overridden by more specific settings (see `ca_port`, `report_port`).",
|
1254
1280
|
},
|
1255
1281
|
:node_name => {
|
1256
1282
|
:default => "cert",
|
@@ -1272,13 +1298,16 @@ EOT
|
|
1272
1298
|
:rest_authconfig => {
|
1273
1299
|
:default => "$confdir/auth.conf",
|
1274
1300
|
:type => :file,
|
1301
|
+
:deprecated => :completely,
|
1275
1302
|
:desc => "The configuration file that defines the rights to the different
|
1276
|
-
rest indirections. This can be used as a fine-grained
|
1277
|
-
|
1303
|
+
rest indirections. This can be used as a fine-grained authorization system for
|
1304
|
+
`puppet master`. The `puppet master` command is deprecated and Puppet Server
|
1305
|
+
uses its own auth.conf that must be placed within its configuration directory.",
|
1278
1306
|
},
|
1279
1307
|
:ca => {
|
1280
1308
|
:default => true,
|
1281
1309
|
:type => :boolean,
|
1310
|
+
:deprecated => :completely,
|
1282
1311
|
:desc => "Whether the master should function as a certificate authority.",
|
1283
1312
|
},
|
1284
1313
|
:trusted_oid_mapping_file => {
|