puppet 6.0.4-universal-darwin → 6.0.5-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +15 -15
- data/Rakefile +3 -1
- data/ext/solaris/smf/svc-puppetd +8 -1
- data/ext/solaris/smf/svc-puppetmasterd +8 -1
- data/lib/puppet/application/device.rb +48 -32
- data/lib/puppet/application/ssl.rb +31 -17
- data/lib/puppet/defaults.rb +2 -1
- data/lib/puppet/face/config.rb +1 -1
- data/lib/puppet/forge.rb +4 -1
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +3 -1
- data/lib/puppet/pops/model/pn_transformer.rb +5 -0
- data/lib/puppet/pops/types/p_timespan_type.rb +2 -2
- data/lib/puppet/pops/types/string_converter.rb +11 -2
- data/lib/puppet/provider/package/dnf.rb +2 -1
- data/lib/puppet/provider/package/windows/exe_package.rb +13 -0
- data/lib/puppet/provider/package/windows/msi_package.rb +8 -0
- data/lib/puppet/provider/package/windows/package.rb +9 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +25 -4
- data/lib/puppet/provider/service/smf.rb +54 -0
- data/lib/puppet/provider/service/systemd.rb +2 -0
- data/lib/puppet/provider/service/upstart.rb +1 -0
- data/lib/puppet/rest/route.rb +1 -1
- data/lib/puppet/ssl/host.rb +23 -11
- data/lib/puppet/transaction.rb +4 -1
- data/lib/puppet/transaction/event_manager.rb +13 -1
- data/lib/puppet/transaction/resource_harness.rb +3 -1
- data/lib/puppet/util/command_line.rb +2 -3
- data/lib/puppet/util/filetype.rb +36 -4
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/registry.rb +29 -5
- data/lib/puppet/util/windows/service.rb +106 -99
- data/lib/puppet/version.rb +1 -1
- data/locales/ja/puppet.po +232 -183
- data/locales/puppet.pot +145 -117
- data/man/man5/puppet.conf.5 +3 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +2 -2
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +23 -19
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +6 -3
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/smf/svcs_fmri.out +6 -0
- data/spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out +13 -0
- data/spec/integration/ssl/key_spec.rb +0 -4
- data/spec/integration/transaction_spec.rb +559 -0
- data/spec/integration/util/windows/registry_spec.rb +39 -0
- data/spec/unit/application/device_spec.rb +10 -7
- data/spec/unit/application/lookup_spec.rb +2 -1
- data/spec/unit/application/ssl_spec.rb +21 -2
- data/spec/unit/forge/forge_spec.rb +4 -2
- data/spec/unit/functions/logging_spec.rb +10 -3
- data/spec/unit/indirector/yaml_spec.rb +1 -1
- data/spec/unit/pops/loaders/loader_spec.rb +6 -7
- data/spec/unit/pops/model/pn_transformer_spec.rb +4 -0
- data/spec/unit/pops/types/p_timespan_type_spec.rb +22 -0
- data/spec/unit/pops/types/p_timestamp_type_spec.rb +19 -0
- data/spec/unit/pops/types/string_converter_spec.rb +20 -0
- data/spec/unit/provider/group/ldap_spec.rb +22 -25
- data/spec/unit/provider/group/pw_spec.rb +7 -10
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +97 -103
- data/spec/unit/provider/package/aix_spec.rb +5 -8
- data/spec/unit/provider/package/apt_spec.rb +3 -6
- data/spec/unit/provider/package/dnf_spec.rb +36 -37
- data/spec/unit/provider/package/dpkg_spec.rb +18 -21
- data/spec/unit/provider/package/freebsd_spec.rb +4 -7
- data/spec/unit/provider/package/gem_spec.rb +41 -41
- data/spec/unit/provider/package/hpux_spec.rb +7 -10
- data/spec/unit/provider/package/macports_spec.rb +13 -15
- data/spec/unit/provider/package/nim_spec.rb +3 -10
- data/spec/unit/provider/package/openbsd_spec.rb +14 -17
- data/spec/unit/provider/package/pip3_spec.rb +3 -6
- data/spec/unit/provider/package/pip_spec.rb +45 -49
- data/spec/unit/provider/package/pkgin_spec.rb +13 -18
- data/spec/unit/provider/package/pkgng_spec.rb +21 -24
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -9
- data/spec/unit/provider/package/tdnf_spec.rb +9 -12
- data/spec/unit/provider/package/yum_spec.rb +30 -16
- data/spec/unit/provider/package/zypper_spec.rb +17 -19
- data/spec/unit/provider/service/bsd_spec.rb +7 -9
- data/spec/unit/provider/service/daemontools_spec.rb +12 -16
- data/spec/unit/provider/service/debian_spec.rb +6 -10
- data/spec/unit/provider/service/freebsd_spec.rb +2 -2
- data/spec/unit/provider/service/openbsd_spec.rb +13 -17
- data/spec/unit/provider/service/rcng_spec.rb +2 -4
- data/spec/unit/provider/service/redhat_spec.rb +12 -11
- data/spec/unit/provider/service/runit_spec.rb +7 -14
- data/spec/unit/provider/service/smf_spec.rb +77 -13
- data/spec/unit/provider/service/src_spec.rb +11 -16
- data/spec/unit/provider/service/systemd_spec.rb +18 -0
- data/spec/unit/provider/user/hpux_spec.rb +3 -5
- data/spec/unit/provider/user/ldap_spec.rb +29 -32
- data/spec/unit/provider/user/pw_spec.rb +10 -13
- data/spec/unit/rest/route_spec.rb +1 -1
- data/spec/unit/ssl/host_spec.rb +21 -0
- data/spec/unit/ssl/key_spec.rb +2 -4
- data/spec/unit/transaction/event_manager_spec.rb +12 -1
- data/spec/unit/transaction/resource_harness_spec.rb +18 -0
- data/spec/unit/transaction_spec.rb +25 -0
- data/spec/unit/util/filetype_spec.rb +13 -5
- data/spec/unit/util/logging_spec.rb +0 -41
- data/spec/unit/util/monkey_patches_spec.rb +18 -5
- data/spec/unit/util/selinux_spec.rb +4 -0
- metadata +8 -2
@@ -51,7 +51,9 @@ class Puppet::Pops::Evaluator::Collectors::AbstractCollector
|
|
51
51
|
|
52
52
|
objects.each do |res|
|
53
53
|
unless @collected.include?(res.ref)
|
54
|
-
|
54
|
+
t = res.type
|
55
|
+
t = Puppet::Pops::Evaluator::Runtime3ResourceSupport.find_resource_type(scope, t)
|
56
|
+
newres = Puppet::Parser::Resource.new(t, res.title, @overrides)
|
55
57
|
scope.compiler.add_override(newres)
|
56
58
|
end
|
57
59
|
end
|
@@ -200,6 +200,11 @@ class PNTransformer
|
|
200
200
|
PN::Call.new('nop')
|
201
201
|
end
|
202
202
|
|
203
|
+
# Some elements may have a nil element instead of a Nop Expression
|
204
|
+
def transform_NilClass(e)
|
205
|
+
PN::Call.new('nop')
|
206
|
+
end
|
207
|
+
|
203
208
|
def transform_NotExpression(e)
|
204
209
|
PN::Call.new('!', transform(e.expr))
|
205
210
|
end
|
@@ -65,9 +65,9 @@ module Types
|
|
65
65
|
when String
|
66
66
|
impl_class.parse(arg)
|
67
67
|
when Integer
|
68
|
-
|
68
|
+
impl_class.new(arg * Time::NSECS_PER_SEC)
|
69
69
|
when Float
|
70
|
-
|
70
|
+
impl_class.new(arg * Time::NSECS_PER_SEC)
|
71
71
|
else
|
72
72
|
raise ArgumentError, "Unable to create a #{impl_class.name} from a #{arg.class.name}" unless arg.nil? || arg == :default
|
73
73
|
nil
|
@@ -484,8 +484,17 @@ class StringConverter
|
|
484
484
|
|
485
485
|
value_type = TypeCalculator.infer_set(value)
|
486
486
|
if string_formats.is_a?(String)
|
487
|
-
#
|
488
|
-
|
487
|
+
# For Array and Hash, the format is given as a Hash where 'format' key is the format for the collection itself
|
488
|
+
if Puppet::Pops::Types::PArrayType::DEFAULT.assignable?(value_type)
|
489
|
+
# add the format given for the exact type
|
490
|
+
string_formats = { Puppet::Pops::Types::PArrayType::DEFAULT => {'format' => string_formats }}
|
491
|
+
elsif Puppet::Pops::Types::PHashType::DEFAULT.assignable?(value_type)
|
492
|
+
# add the format given for the exact type
|
493
|
+
string_formats = { Puppet::Pops::Types::PHashType::DEFAULT => {'format' => string_formats }}
|
494
|
+
else
|
495
|
+
# add the format given for the exact type
|
496
|
+
string_formats = { value_type => string_formats }
|
497
|
+
end
|
489
498
|
end
|
490
499
|
|
491
500
|
case string_formats
|
@@ -30,7 +30,8 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
|
|
30
30
|
|
31
31
|
defaultfor :operatingsystem => :fedora
|
32
32
|
notdefaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => (19..21).to_a
|
33
|
-
defaultfor :osfamily => :redhat
|
33
|
+
defaultfor :osfamily => :redhat
|
34
|
+
notdefaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
34
35
|
|
35
36
|
def self.update_command
|
36
37
|
# In DNF, update is deprecated for upgrade
|
@@ -4,6 +4,19 @@ class Puppet::Provider::Package::Windows
|
|
4
4
|
class ExePackage < Puppet::Provider::Package::Windows::Package
|
5
5
|
attr_reader :uninstall_string
|
6
6
|
|
7
|
+
# registry values to load under each product entry in
|
8
|
+
# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
9
|
+
# for this provider
|
10
|
+
REG_VALUE_NAMES = [
|
11
|
+
'DisplayVersion',
|
12
|
+
'UninstallString',
|
13
|
+
'ParentKeyName',
|
14
|
+
'Security Update',
|
15
|
+
'Update Rollup',
|
16
|
+
'Hotfix',
|
17
|
+
'WindowsInstaller',
|
18
|
+
]
|
19
|
+
|
7
20
|
# Return an instance of the package from the registry, or nil
|
8
21
|
def self.from_registry(name, values)
|
9
22
|
if valid?(name, values)
|
@@ -8,6 +8,14 @@ class Puppet::Provider::Package::Windows
|
|
8
8
|
INSTALLSTATE_DEFAULT = 5 # product is installed for the current user
|
9
9
|
INSTALLUILEVEL_NONE = 2 # completely silent installation
|
10
10
|
|
11
|
+
# registry values to load under each product entry in
|
12
|
+
# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
13
|
+
# for this provider
|
14
|
+
REG_VALUE_NAMES = [
|
15
|
+
'DisplayVersion',
|
16
|
+
'WindowsInstaller'
|
17
|
+
]
|
18
|
+
|
11
19
|
# Get the COM installer object, it's in a separate method for testing
|
12
20
|
def self.installer
|
13
21
|
# REMIND: when does the COM release happen?
|
@@ -11,6 +11,14 @@ class Puppet::Provider::Package::Windows
|
|
11
11
|
|
12
12
|
attr_reader :name, :version
|
13
13
|
|
14
|
+
REG_DISPLAY_VALUE_NAMES = [ 'DisplayName', 'QuietDisplayName' ]
|
15
|
+
|
16
|
+
def self.reg_value_names_to_load
|
17
|
+
REG_DISPLAY_VALUE_NAMES |
|
18
|
+
MsiPackage::REG_VALUE_NAMES |
|
19
|
+
ExePackage::REG_VALUE_NAMES
|
20
|
+
end
|
21
|
+
|
14
22
|
# Enumerate each package. The appropriate package subclass
|
15
23
|
# will be yielded.
|
16
24
|
def self.each(&block)
|
@@ -37,7 +45,7 @@ class Puppet::Provider::Package::Windows
|
|
37
45
|
open(hive, 'Software\Microsoft\Windows\CurrentVersion\Uninstall', mode) do |uninstall|
|
38
46
|
each_key(uninstall) do |name, wtime|
|
39
47
|
open(hive, "#{uninstall.keyname}\\#{name}", mode) do |key|
|
40
|
-
yield key,
|
48
|
+
yield key, values_by_name(key, reg_value_names_to_load)
|
41
49
|
end
|
42
50
|
end
|
43
51
|
end
|
@@ -23,7 +23,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
|
26
|
+
defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
27
27
|
|
28
28
|
def self.prefetch(packages)
|
29
29
|
raise Puppet::Error, _("The yum provider can only be used as root") if Process.euid != 0
|
@@ -10,11 +10,17 @@ require 'puppet/util/fileparsing'
|
|
10
10
|
#
|
11
11
|
# Once the provider prefetches the data, it's the resource's job to copy
|
12
12
|
# that data over to the @is variables.
|
13
|
+
#
|
14
|
+
# NOTE: The prefetch method swallows FileReadErrors by treating the
|
15
|
+
# corresponding target as an empty file. If you would like to turn this
|
16
|
+
# behavior off, then set the raise_prefetch_errors class variable to
|
17
|
+
# true. Doing so will error all resources associated with the failed
|
18
|
+
# target.
|
13
19
|
class Puppet::Provider::ParsedFile < Puppet::Provider
|
14
20
|
extend Puppet::Util::FileParsing
|
15
21
|
|
16
22
|
class << self
|
17
|
-
attr_accessor :default_target, :target
|
23
|
+
attr_accessor :default_target, :target, :raise_prefetch_errors
|
18
24
|
end
|
19
25
|
|
20
26
|
attr_accessor :property_hash
|
@@ -89,6 +95,10 @@ class Puppet::Provider::ParsedFile < Puppet::Provider
|
|
89
95
|
|
90
96
|
# Flush all of the records relating to a specific target.
|
91
97
|
def self.flush_target(target)
|
98
|
+
if @raise_prefetch_errors && @failed_prefetch_targets.key?(target)
|
99
|
+
raise Puppet::Error, _("Failed to read %{target}'s records when prefetching them. Reason: %{detail}") % { target: target, detail: @failed_prefetch_targets[target] }
|
100
|
+
end
|
101
|
+
|
92
102
|
backup_target(target)
|
93
103
|
|
94
104
|
records = target_records(target).reject { |r|
|
@@ -142,6 +152,10 @@ class Puppet::Provider::ParsedFile < Puppet::Provider
|
|
142
152
|
@records = []
|
143
153
|
@target_objects = {}
|
144
154
|
|
155
|
+
# Hash of <target> => <failure reason>.
|
156
|
+
@failed_prefetch_targets = {}
|
157
|
+
@raise_prefetch_errors = false
|
158
|
+
|
145
159
|
@target = nil
|
146
160
|
|
147
161
|
# Default to flat files
|
@@ -260,12 +274,19 @@ class Puppet::Provider::ParsedFile < Puppet::Provider
|
|
260
274
|
|
261
275
|
# Prefetch an individual target.
|
262
276
|
def self.prefetch_target(target)
|
263
|
-
|
264
277
|
begin
|
265
278
|
target_records = retrieve(target)
|
266
279
|
rescue Puppet::Util::FileType::FileReadError => detail
|
267
|
-
|
268
|
-
|
280
|
+
if @raise_prefetch_errors
|
281
|
+
# We will raise an error later in flush_target. This way,
|
282
|
+
# only the resources linked to our target will fail
|
283
|
+
# evaluation.
|
284
|
+
@failed_prefetch_targets[target] = detail.to_s
|
285
|
+
else
|
286
|
+
puts detail.backtrace if Puppet[:trace]
|
287
|
+
Puppet.err _("Could not prefetch %{resource} provider '%{name}' target '%{target}': %{detail}. Treating as empty") % { resource: self.resource_type.name, name: self.name, target: target, detail: detail }
|
288
|
+
end
|
289
|
+
|
269
290
|
target_records = []
|
270
291
|
end
|
271
292
|
|
@@ -49,6 +49,52 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
|
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
+
# Returns the service's FMRI. We fail if multiple FMRIs correspond to
|
53
|
+
# @resource[:name].
|
54
|
+
#
|
55
|
+
# If the service does not exist or we fail to get any FMRIs from svcs,
|
56
|
+
# this method will raise a Puppet::Error
|
57
|
+
def service_fmri
|
58
|
+
return @fmri if @fmri
|
59
|
+
|
60
|
+
# `svcs -l` is better to use because we can detect service instances
|
61
|
+
# that have not yet been activated or enabled (i.e. it lets us detect
|
62
|
+
# services that svcadm has not yet touched). `svcs -H -o fmri` is a bit
|
63
|
+
# more limited.
|
64
|
+
lines = svcs("-l", @resource[:name]).chomp.lines.to_a
|
65
|
+
lines.select! { |line| line =~ /^fmri/ }
|
66
|
+
fmris = lines.map! { |line| line.split(' ')[-1].chomp }
|
67
|
+
unless fmris.length == 1
|
68
|
+
raise Puppet::Error, _("Failed to get the FMRI of the %{service} service: The pattern '%{service}' matches multiple FMRIs! These are the FMRIs it matches: %{all_fmris}") % { service: @resource[:name], all_fmris: fmris.join(', ') }
|
69
|
+
end
|
70
|
+
|
71
|
+
@fmri = fmris.first
|
72
|
+
end
|
73
|
+
|
74
|
+
# Returns true if the provider supports incomplete services.
|
75
|
+
def supports_incomplete_services?
|
76
|
+
Puppet::Util::Package.versioncmp(Facter.value(:operatingsystemrelease), '11.1') >= 0
|
77
|
+
end
|
78
|
+
|
79
|
+
# Returns true if the service is complete. A complete service is a service that
|
80
|
+
# has the general/complete property defined.
|
81
|
+
def complete_service?
|
82
|
+
unless supports_incomplete_services?
|
83
|
+
raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Facter.value(:operatingsystemrelease) }
|
84
|
+
end
|
85
|
+
|
86
|
+
return @complete_service if @complete_service
|
87
|
+
|
88
|
+
# We need to use the service's FMRI when querying its config. because
|
89
|
+
# general/complete is an instance-specific property.
|
90
|
+
fmri = service_fmri
|
91
|
+
|
92
|
+
# Check if the general/complete property is defined. If it is undefined,
|
93
|
+
# then svccfg will not print anything to the console.
|
94
|
+
property_defn = svccfg("-s", fmri, "listprop", "general/complete").chomp
|
95
|
+
@complete_service = ! property_defn.empty?
|
96
|
+
end
|
97
|
+
|
52
98
|
def enable
|
53
99
|
self.start
|
54
100
|
end
|
@@ -131,6 +177,14 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
|
|
131
177
|
end
|
132
178
|
|
133
179
|
begin
|
180
|
+
if supports_incomplete_services?
|
181
|
+
unless complete_service?
|
182
|
+
debug _("The %{service} service is incomplete so its status will be reported as :stopped. See `svcs -xv %{fmri}` for more details.") % { service: @resource[:name], fmri: service_fmri }
|
183
|
+
|
184
|
+
return :stopped
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
134
188
|
# get the current state and the next state, and if the next
|
135
189
|
# state is set (i.e. not "-") use it for state comparison
|
136
190
|
states = service_states
|
@@ -26,6 +26,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
26
26
|
defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
|
27
27
|
defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
|
28
28
|
|
29
|
+
defaultfor :operatingsystem => :LinuxMint
|
30
|
+
notdefaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"] # These are using upstart
|
29
31
|
defaultfor :operatingsystem => :ubuntu
|
30
32
|
notdefaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"] # These are using upstart
|
31
33
|
defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ["3"]
|
@@ -17,6 +17,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
|
|
17
17
|
]
|
18
18
|
|
19
19
|
defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"]
|
20
|
+
defaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"]
|
20
21
|
|
21
22
|
commands :start => "/sbin/start",
|
22
23
|
:stop => "/sbin/stop",
|
data/lib/puppet/rest/route.rb
CHANGED
@@ -50,7 +50,7 @@ module Puppet::Rest
|
|
50
50
|
end
|
51
51
|
|
52
52
|
if Puppet[:use_srv_records]
|
53
|
-
dns_resolver.each_srv_record(@srv_service) do |srv_server, srv_port|
|
53
|
+
dns_resolver.each_srv_record(Puppet[:srv_domain], @srv_service) do |srv_server, srv_port|
|
54
54
|
# Try each of the servers for this service in weighted order
|
55
55
|
# until a working one is found.
|
56
56
|
begin
|
data/lib/puppet/ssl/host.rb
CHANGED
@@ -23,7 +23,7 @@ class Puppet::SSL::Host
|
|
23
23
|
Certificate = Puppet::SSL::Certificate
|
24
24
|
CertificateRequest = Puppet::SSL::CertificateRequest
|
25
25
|
|
26
|
-
attr_reader :name, :crl_path
|
26
|
+
attr_reader :name, :device, :crl_path
|
27
27
|
|
28
28
|
attr_writer :key, :certificate, :certificate_request, :crl_usage
|
29
29
|
|
@@ -146,6 +146,17 @@ class Puppet::SSL::Host
|
|
146
146
|
@certificate
|
147
147
|
end
|
148
148
|
|
149
|
+
# The puppet parameters for commands output by the validate_ methods depend
|
150
|
+
# upon whether this is an agent or a device.
|
151
|
+
|
152
|
+
def clean_params
|
153
|
+
@device ? "--target #{Puppet[:certname]}" : ''
|
154
|
+
end
|
155
|
+
|
156
|
+
def puppet_params
|
157
|
+
@device ? "device -v --target #{Puppet[:certname]}" : 'agent -t'
|
158
|
+
end
|
159
|
+
|
149
160
|
# Validate that our private key matches the specified certificate.
|
150
161
|
#
|
151
162
|
# @param [Puppet::SSL::Certificate] cert the certificate to check
|
@@ -154,15 +165,15 @@ class Puppet::SSL::Host
|
|
154
165
|
raise Puppet::Error, _("No certificate to validate.") unless cert
|
155
166
|
raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
|
156
167
|
unless cert.content.check_private_key(key.content)
|
157
|
-
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname] }
|
168
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
|
158
169
|
The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
|
159
170
|
Certificate fingerprint: %{fingerprint}
|
160
171
|
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
|
161
172
|
On the master:
|
162
173
|
puppetserver ca clean --certname %{cert_name}
|
163
174
|
On the agent:
|
164
|
-
1. puppet ssl clean
|
165
|
-
2. puppet
|
175
|
+
1. puppet ssl clean %{clean_params}
|
176
|
+
2. puppet %{puppet_params}
|
166
177
|
ERROR_STRING
|
167
178
|
end
|
168
179
|
end
|
@@ -236,15 +247,15 @@ ERROR_STRING
|
|
236
247
|
|
237
248
|
def validate_local_csr_with_key(csr, key)
|
238
249
|
if key.content.public_key.to_s != csr.content.public_key.to_s
|
239
|
-
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text }
|
250
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, clean_params: clean_params, puppet_params: puppet_params }
|
240
251
|
The local CSR does not match the agent's public key.
|
241
252
|
CSR fingerprint: %{fingerprint}
|
242
253
|
CSR public key: %{csr_public_key}
|
243
254
|
Agent public key: %{agent_public_key}
|
244
255
|
To fix this, remove the CSR from the agent and then start a puppet run, which will automatically regenerate a CSR.
|
245
256
|
On the agent:
|
246
|
-
1. puppet ssl clean
|
247
|
-
2. puppet
|
257
|
+
1. puppet ssl clean %{clean_params}
|
258
|
+
2. puppet %{puppet_params}
|
248
259
|
ERROR_STRING
|
249
260
|
end
|
250
261
|
end
|
@@ -252,7 +263,7 @@ ERROR_STRING
|
|
252
263
|
|
253
264
|
def validate_csr_with_key(csr, key)
|
254
265
|
if key.content.public_key.to_s != csr.content.public_key.to_s
|
255
|
-
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname] }
|
266
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
|
256
267
|
The CSR retrieved from the master does not match the agent's public key.
|
257
268
|
CSR fingerprint: %{fingerprint}
|
258
269
|
CSR public key: %{csr_public_key}
|
@@ -261,15 +272,16 @@ To fix this, remove the CSR from both the master and the agent and then start a
|
|
261
272
|
On the master:
|
262
273
|
puppetserver ca clean --certname %{cert_name}
|
263
274
|
On the agent:
|
264
|
-
1. puppet ssl clean
|
265
|
-
2. puppet
|
275
|
+
1. puppet ssl clean %{clean_params}
|
276
|
+
2. puppet %{puppet_params}
|
266
277
|
ERROR_STRING
|
267
278
|
end
|
268
279
|
end
|
269
280
|
private :validate_csr_with_key
|
270
281
|
|
271
|
-
def initialize(name = nil)
|
282
|
+
def initialize(name = nil, device = false)
|
272
283
|
@name = (name || Puppet[:certname]).downcase
|
284
|
+
@device = device
|
273
285
|
Puppet::SSL::Base.validate_certname(@name)
|
274
286
|
@key = @certificate = @certificate_request = nil
|
275
287
|
@crl_usage = Puppet.settings[:certificate_revocation]
|
data/lib/puppet/transaction.rb
CHANGED
@@ -56,6 +56,8 @@ class Puppet::Transaction
|
|
56
56
|
@prefetched_providers = Hash.new { |h,k| h[k] = {} }
|
57
57
|
|
58
58
|
@prefetch_failed_providers = Hash.new { |h,k| h[k] = {} }
|
59
|
+
|
60
|
+
@failed_dependencies_already_notified = Set.new()
|
59
61
|
end
|
60
62
|
|
61
63
|
# Invoke the pre_run_check hook in every resource in the catalog.
|
@@ -291,8 +293,9 @@ class Puppet::Transaction
|
|
291
293
|
if s && s.dependency_failed?
|
292
294
|
# See above. --daniel 2011-06-06
|
293
295
|
unless suppress_report then
|
294
|
-
s.failed_dependencies.each do |dep|
|
296
|
+
s.failed_dependencies.find_all { |d| !(@failed_dependencies_already_notified.include?(d.ref)) }.each do |dep|
|
295
297
|
resource.notice _("Dependency %{dep} has failures: %{status}") % { dep: dep, status: resource_status(dep).failed }
|
298
|
+
@failed_dependencies_already_notified.add(dep.ref)
|
296
299
|
end
|
297
300
|
end
|
298
301
|
end
|
@@ -147,12 +147,18 @@ class Puppet::Transaction::EventManager
|
|
147
147
|
resource.send(callback)
|
148
148
|
|
149
149
|
if not resource.is_a?(Puppet::Type.type(:whit))
|
150
|
-
|
150
|
+
message = n_("Triggered '%{callback}' from %{count} event", "Triggered '%{callback}' from %{count} events", events.length) % { count: events.length, callback: callback }
|
151
|
+
resource.notice message
|
152
|
+
add_callback_status_event(resource, callback, message, "success")
|
151
153
|
end
|
154
|
+
|
152
155
|
return true
|
153
156
|
rescue => detail
|
154
157
|
resource_error_message = _("Failed to call %{callback}: %{detail}") % { callback: callback, detail: detail }
|
155
158
|
resource.err resource_error_message
|
159
|
+
if not resource.is_a?(Puppet::Type.type(:whit))
|
160
|
+
add_callback_status_event(resource, callback, resource_error_message, "failure")
|
161
|
+
end
|
156
162
|
|
157
163
|
transaction.resource_status(resource).failed_to_restart = true
|
158
164
|
transaction.resource_status(resource).fail_with_event(resource_error_message)
|
@@ -160,6 +166,12 @@ class Puppet::Transaction::EventManager
|
|
160
166
|
return false
|
161
167
|
end
|
162
168
|
|
169
|
+
def add_callback_status_event(resource, callback, message, status)
|
170
|
+
options = { message: message, status: status, name: callback.to_s }
|
171
|
+
event = resource.event options
|
172
|
+
transaction.resource_status(resource) << event if event
|
173
|
+
end
|
174
|
+
|
163
175
|
def process_noop_events(resource, callback, events)
|
164
176
|
resource.notice n_("Would have triggered '%{callback}' from %{count} event", "Would have triggered '%{callback}' from %{count} events", events.length) % { count: events.length, callback: callback }
|
165
177
|
|
@@ -158,7 +158,9 @@ class Puppet::Transaction::ResourceHarness
|
|
158
158
|
raise
|
159
159
|
ensure
|
160
160
|
if event
|
161
|
-
|
161
|
+
name = param.name.to_s
|
162
|
+
event.message ||= _("could not create change error message for %{name}") % { name: name }
|
163
|
+
event.calculate_corrective_change(@persistence.get_system_value(context.resource.ref, name))
|
162
164
|
context.record(event)
|
163
165
|
event.send_log
|
164
166
|
context.synced_params << param.name
|