puppet 6.12.0-universal-darwin → 6.17.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/CONTRIBUTING.md +7 -13
- data/Gemfile +4 -2
- data/Gemfile.lock +39 -36
- data/README.md +18 -25
- data/ext/project_data.yaml +1 -1
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +52 -13
- data/lib/puppet/agent.rb +20 -14
- data/lib/puppet/application/agent.rb +26 -17
- data/lib/puppet/application/describe.rb +7 -5
- data/lib/puppet/application/device.rb +2 -2
- data/lib/puppet/application/filebucket.rb +19 -15
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/resource.rb +1 -1
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/configurer.rb +65 -69
- data/lib/puppet/configurer/plugin_handler.rb +10 -1
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +154 -58
- data/lib/puppet/environments.rb +27 -20
- data/lib/puppet/face/facts.rb +8 -5
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +14 -2
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +14 -10
- data/lib/puppet/file_system/memory_file.rb +6 -0
- data/lib/puppet/file_system/memory_impl.rb +13 -0
- data/lib/puppet/file_system/uniquefile.rb +12 -16
- data/lib/puppet/file_system/windows.rb +7 -10
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +4 -7
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +5 -0
- data/lib/puppet/http/client.rb +293 -73
- data/lib/puppet/http/errors.rb +2 -0
- data/lib/puppet/http/external_client.rb +90 -0
- data/lib/puppet/http/redirector.rb +43 -7
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +76 -16
- data/lib/puppet/http/resolver/settings.rb +23 -3
- data/lib/puppet/http/resolver/srv.rb +29 -3
- data/lib/puppet/http/response.rb +87 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +151 -7
- data/lib/puppet/http/service/ca.rb +76 -14
- data/lib/puppet/http/service/compiler.rb +319 -0
- data/lib/puppet/http/service/file_server.rb +206 -0
- data/lib/puppet/http/service/report.rb +49 -23
- data/lib/puppet/http/session.rb +103 -7
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +10 -0
- data/lib/puppet/indirector/catalog/rest.rb +34 -0
- data/lib/puppet/indirector/facts/rest.rb +42 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +30 -0
- data/lib/puppet/indirector/file_metadata/http.rb +27 -8
- data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +24 -0
- data/lib/puppet/indirector/report/rest.rb +19 -0
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/indirector/rest.rb +12 -0
- data/lib/puppet/indirector/status/rest.rb +18 -0
- data/lib/puppet/loaders.rb +6 -0
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/base_pool.rb +7 -2
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +6 -0
- data/lib/puppet/network/http/connection_adapter.rb +184 -0
- data/lib/puppet/network/http/nocache_pool.rb +2 -0
- data/lib/puppet/network/http/pool.rb +13 -6
- data/lib/puppet/network/http_pool.rb +2 -1
- data/lib/puppet/node/environment.rb +11 -1
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +4 -29
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +6 -15
- data/lib/puppet/parser/compiler.rb +43 -33
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +6 -6
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/pops/parser/evaluating_parser.rb +5 -7
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
- data/lib/puppet/pops/types/type_calculator.rb +24 -0
- data/lib/puppet/pops/validation/checker4_0.rb +11 -1
- data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/aix_object.rb +4 -2
- data/lib/puppet/provider/group/aix.rb +1 -0
- data/lib/puppet/provider/group/groupadd.rb +57 -24
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +78 -4
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dnfmodule.rb +69 -15
- data/lib/puppet/provider/package/dpkg.rb +14 -7
- data/lib/puppet/provider/package/fink.rb +20 -3
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/openbsd.rb +13 -1
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +143 -48
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkg.rb +18 -5
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +109 -25
- data/lib/puppet/provider/package/zypper.rb +59 -1
- data/lib/puppet/provider/service/systemd.rb +22 -4
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -0
- data/lib/puppet/provider/user/directoryservice.rb +30 -5
- data/lib/puppet/provider/user/useradd.rb +22 -12
- data/lib/puppet/reports/http.rb +15 -9
- data/lib/puppet/reports/store.rb +1 -1
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +8 -0
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/runtime.rb +31 -1
- data/lib/puppet/settings.rb +4 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/certificate.rb +2 -1
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/state_machine.rb +81 -35
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +15 -11
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/transaction/resource_harness.rb +1 -1
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +18 -6
- data/lib/puppet/type/file.rb +51 -13
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +51 -60
- data/lib/puppet/type/group.rb +2 -2
- data/lib/puppet/type/package.rb +102 -10
- data/lib/puppet/type/service.rb +55 -8
- data/lib/puppet/type/user.rb +3 -28
- data/lib/puppet/util.rb +39 -15
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +4 -18
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/log/destinations.rb +2 -11
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +36 -10
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/plist.rb +6 -0
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/storage.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/api_types.rb +45 -32
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/util/windows/user.rb +23 -8
- data/lib/puppet/util/yaml.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +707 -574
- data/man/man5/puppet.conf.5 +74 -14
- data/man/man8/puppet-agent.8 +7 -7
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +17 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +2 -2
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
- data/spec/integration/application/agent_spec.rb +483 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +73 -0
- data/spec/integration/configurer_spec.rb +26 -7
- data/spec/integration/defaults_spec.rb +1 -2
- data/spec/integration/http/client_spec.rb +47 -37
- data/spec/integration/indirector/facts/facter_spec.rb +4 -0
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +2 -15
- data/spec/integration/network/http_pool_spec.rb +93 -20
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +6 -1
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +40 -5
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +16 -7
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +80 -26
- data/spec/unit/application/agent_spec.rb +9 -5
- data/spec/unit/application/apply_spec.rb +2 -12
- data/spec/unit/application/describe_spec.rb +88 -50
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/application/resource_spec.rb +2 -2
- data/spec/unit/configurer/fact_handler_spec.rb +4 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
- data/spec/unit/configurer_spec.rb +17 -18
- data/spec/unit/context/trusted_information_spec.rb +25 -2
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/defaults_spec.rb +25 -2
- data/spec/unit/environments_spec.rb +65 -28
- data/spec/unit/face/facts_spec.rb +24 -20
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/plugin_spec.rb +12 -10
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +11 -0
- data/spec/unit/file_system_spec.rb +26 -2
- data/spec/unit/functions/lookup_spec.rb +13 -0
- data/spec/unit/http/client_spec.rb +327 -35
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +34 -2
- data/spec/unit/http/response_spec.rb +75 -0
- data/spec/unit/http/service/ca_spec.rb +53 -11
- data/spec/unit/http/service/compiler_spec.rb +627 -0
- data/spec/unit/http/service/file_server_spec.rb +308 -0
- data/spec/unit/http/service/report_spec.rb +27 -9
- data/spec/unit/http/service_spec.rb +98 -5
- data/spec/unit/http/session_spec.rb +190 -7
- data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
- data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
- data/spec/unit/indirector/facts/rest_spec.rb +79 -24
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
- data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
- data/spec/unit/indirector/node/rest_spec.rb +57 -2
- data/spec/unit/indirector/report/rest_spec.rb +58 -51
- data/spec/unit/indirector/request_spec.rb +1 -1
- data/spec/unit/indirector/resource/ral_spec.rb +7 -8
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/indirector/status/rest_spec.rb +43 -2
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/connection_spec.rb +559 -175
- data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
- data/spec/unit/network/http/pool_spec.rb +89 -11
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/node/facts_spec.rb +2 -1
- data/spec/unit/node_spec.rb +7 -4
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/pops/validator/validator_spec.rb +7 -2
- data/spec/unit/provider/aix_object_spec.rb +16 -2
- data/spec/unit/provider/group/groupadd_spec.rb +181 -56
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +43 -2
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
- data/spec/unit/provider/package/dpkg_spec.rb +28 -6
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/openbsd_spec.rb +17 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +68 -19
- data/spec/unit/provider/package/pkg_spec.rb +15 -1
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +292 -0
- data/spec/unit/provider/package/zypper_spec.rb +84 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +92 -12
- data/spec/unit/provider/service/windows_spec.rb +22 -14
- data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +43 -24
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -26
- data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
- data/spec/unit/puppet_spec.rb +47 -0
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/settings/autosign_setting_spec.rb +1 -1
- data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
- data/spec/unit/ssl/certificate_spec.rb +7 -0
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/ssl/state_machine_spec.rb +99 -13
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +1 -10
- data/spec/unit/transaction/report_spec.rb +5 -1
- data/spec/unit/transaction_spec.rb +0 -2
- data/spec/unit/type/file/ensure_spec.rb +1 -2
- data/spec/unit/type/file/source_spec.rb +89 -38
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/package_spec.rb +8 -0
- data/spec/unit/type/service_spec.rb +185 -8
- data/spec/unit/type/user_spec.rb +1 -2
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/at_fork_spec.rb +3 -2
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +175 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +112 -42
- data/spec/unit/util/plist_spec.rb +20 -0
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/storage_spec.rb +1 -8
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- data/tasks/generate_cert_fixtures.rake +15 -1
- data/tasks/manpages.rake +5 -35
- metadata +73 -12
- data/COMMITTERS.md +0 -244
- data/spec/integration/faces/plugin_spec.rb +0 -61
- data/spec/integration/test/test_helper_spec.rb +0 -31
@@ -29,8 +29,17 @@ class Puppet::Configurer::PluginHandler
|
|
29
29
|
result += plugin_fact_downloader.evaluate
|
30
30
|
result += plugin_downloader.evaluate
|
31
31
|
|
32
|
+
# until file metadata/content are using the rest client, we need to check
|
33
|
+
# both :server_agent_version and the session to see if the server supports
|
34
|
+
# the "locales" mount
|
32
35
|
server_agent_version = Puppet.lookup(:server_agent_version) { "0.0" }
|
33
|
-
|
36
|
+
locales = Gem::Version.new(server_agent_version) >= SUPPORTED_LOCALES_MOUNT_AGENT_VERSION
|
37
|
+
unless locales
|
38
|
+
session = Puppet.lookup(:http_session)
|
39
|
+
locales = session.supports?(:fileserver, 'locales') || session.supports?(:puppet, 'locales')
|
40
|
+
end
|
41
|
+
|
42
|
+
if locales
|
34
43
|
locales_downloader = Puppet::Configurer::Downloader.new(
|
35
44
|
"locales",
|
36
45
|
Puppet[:localedest],
|
data/lib/puppet/confine.rb
CHANGED
@@ -26,7 +26,7 @@ class Puppet::Confine
|
|
26
26
|
require "puppet/confine/#{name}"
|
27
27
|
rescue LoadError => detail
|
28
28
|
unless detail.to_s =~ /No such file|cannot load such file/i
|
29
|
-
|
29
|
+
Puppet.warning("Could not load confine test '#{name}': #{detail}")
|
30
30
|
end
|
31
31
|
# Could not find file
|
32
32
|
if !Puppet[:always_retry_plugins]
|
@@ -29,11 +29,6 @@ class Puppet::Context::TrustedInformation
|
|
29
29
|
# @return [String]
|
30
30
|
attr_reader :hostname
|
31
31
|
|
32
|
-
# Additional external facts loaded through `trusted_external_command`.
|
33
|
-
#
|
34
|
-
# @return [Hash]
|
35
|
-
attr_reader :external
|
36
|
-
|
37
32
|
def initialize(authenticated, certname, extensions, external = {})
|
38
33
|
@authenticated = authenticated.freeze
|
39
34
|
@certname = certname.freeze
|
@@ -46,11 +41,11 @@ class Puppet::Context::TrustedInformation
|
|
46
41
|
end
|
47
42
|
@hostname = hostname.freeze
|
48
43
|
@domain = domain.freeze
|
49
|
-
@external = external.freeze
|
44
|
+
@external = external.is_a?(Proc) ? external : external.freeze
|
50
45
|
end
|
51
46
|
|
52
47
|
def self.remote(authenticated, node_name, certificate)
|
53
|
-
external = retrieve_trusted_external(node_name)
|
48
|
+
external = proc { retrieve_trusted_external(node_name) }
|
54
49
|
|
55
50
|
if authenticated
|
56
51
|
extensions = {}
|
@@ -70,8 +65,19 @@ class Puppet::Context::TrustedInformation
|
|
70
65
|
def self.local(node)
|
71
66
|
# Always trust local data by picking up the available parameters.
|
72
67
|
client_cert = node ? node.parameters['clientcert'] : nil
|
68
|
+
external = proc { retrieve_trusted_external(client_cert) }
|
69
|
+
|
70
|
+
new('local', client_cert, {}, external)
|
71
|
+
end
|
73
72
|
|
74
|
-
|
73
|
+
# Additional external facts loaded through `trusted_external_command`.
|
74
|
+
#
|
75
|
+
# @return [Hash]
|
76
|
+
def external
|
77
|
+
if @external.is_a?(Proc)
|
78
|
+
@external = @external.call.freeze
|
79
|
+
end
|
80
|
+
@external
|
75
81
|
end
|
76
82
|
|
77
83
|
def self.retrieve_trusted_external(certname)
|
data/lib/puppet/daemon.rb
CHANGED
@@ -1,19 +1,15 @@
|
|
1
1
|
require 'puppet/application'
|
2
2
|
require 'puppet/scheduler'
|
3
3
|
|
4
|
-
# Run periodic actions
|
4
|
+
# Run periodic actions in a daemonized process.
|
5
5
|
#
|
6
|
-
# A Daemon has
|
6
|
+
# A Daemon has 2 parts:
|
7
7
|
# * config reparse
|
8
|
-
# *
|
9
|
-
# * (optional) a server that response to #stop, #start, and #wait_for_shutdown
|
8
|
+
# * an agent that responds to #run
|
10
9
|
#
|
11
|
-
# The config reparse will occur periodically based on Settings. The
|
12
|
-
#
|
13
|
-
#
|
14
|
-
# #wait_for_shutdown method. The agent is run periodically and a time interval
|
15
|
-
# based on Settings. The config reparse will update this time interval when
|
16
|
-
# needed.
|
10
|
+
# The config reparse will occur periodically based on Settings. The agent
|
11
|
+
# is run periodically and a time interval based on Settings. The config
|
12
|
+
# reparse will update this time interval when needed.
|
17
13
|
#
|
18
14
|
# The Daemon is also responsible for signal handling, starting, stopping,
|
19
15
|
# running the agent on demand, and reloading the entire process. It ensures
|
@@ -23,12 +19,14 @@ require 'puppet/scheduler'
|
|
23
19
|
class Puppet::Daemon
|
24
20
|
SIGNAL_CHECK_INTERVAL = 5
|
25
21
|
|
26
|
-
attr_accessor :
|
27
|
-
attr_reader :signals
|
22
|
+
attr_accessor :argv
|
23
|
+
attr_reader :signals, :agent
|
28
24
|
|
29
|
-
def initialize(pidfile, scheduler = Puppet::Scheduler::Scheduler.new())
|
25
|
+
def initialize(agent, pidfile, scheduler = Puppet::Scheduler::Scheduler.new())
|
26
|
+
raise Puppet::DevError, _("Daemons must have an agent") unless agent
|
30
27
|
@scheduler = scheduler
|
31
28
|
@pidfile = pidfile
|
29
|
+
@agent = agent
|
32
30
|
@signals = []
|
33
31
|
end
|
34
32
|
|
@@ -88,7 +86,6 @@ class Puppet::Daemon
|
|
88
86
|
end
|
89
87
|
|
90
88
|
def reload
|
91
|
-
return unless agent
|
92
89
|
agent.run({:splay => false})
|
93
90
|
rescue Puppet::LockError
|
94
91
|
Puppet.notice "Not triggering already-running agent"
|
@@ -96,7 +93,7 @@ class Puppet::Daemon
|
|
96
93
|
|
97
94
|
def restart
|
98
95
|
Puppet::Application.restart!
|
99
|
-
reexec
|
96
|
+
reexec
|
100
97
|
end
|
101
98
|
|
102
99
|
def reopen_logs
|
@@ -129,8 +126,6 @@ class Puppet::Daemon
|
|
129
126
|
def stop(args = {:exit => true})
|
130
127
|
Puppet::Application.stop!
|
131
128
|
|
132
|
-
server.stop if server
|
133
|
-
|
134
129
|
remove_pidfile
|
135
130
|
|
136
131
|
Puppet::Util::Log.close_all
|
@@ -140,16 +135,7 @@ class Puppet::Daemon
|
|
140
135
|
|
141
136
|
def start
|
142
137
|
create_pidfile
|
143
|
-
|
144
|
-
raise Puppet::DevError, _("Daemons must have an agent, server, or both") unless agent or server
|
145
|
-
|
146
|
-
# Start the listening server, if required.
|
147
|
-
server.start if server
|
148
|
-
|
149
|
-
# Finally, loop forever running events - or, at least, until we exit.
|
150
138
|
run_event_loop
|
151
|
-
|
152
|
-
server.wait_for_shutdown if server
|
153
139
|
end
|
154
140
|
|
155
141
|
private
|
@@ -165,6 +151,7 @@ class Puppet::Daemon
|
|
165
151
|
@pidfile.unlock
|
166
152
|
end
|
167
153
|
|
154
|
+
# Loop forever running events - or, at least, until we exit.
|
168
155
|
def run_event_loop
|
169
156
|
agent_run = Puppet::Scheduler.create_job(Puppet[:runinterval], Puppet[:splay], Puppet[:splaylimit]) do
|
170
157
|
# Splay for the daemon is handled in the scheduler
|
@@ -189,7 +176,6 @@ class Puppet::Daemon
|
|
189
176
|
end
|
190
177
|
|
191
178
|
reparse_run.disable if Puppet[:filetimeout] == 0
|
192
|
-
agent_run.disable unless agent
|
193
179
|
|
194
180
|
@scheduler.run_loop([reparse_run, agent_run, signal_loop])
|
195
181
|
end
|
data/lib/puppet/defaults.rb
CHANGED
@@ -65,26 +65,33 @@ module Puppet
|
|
65
65
|
|
66
66
|
AS_DURATION = %q{This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).}
|
67
67
|
|
68
|
-
|
69
|
-
|
68
|
+
# @api public
|
69
|
+
# @param args [Puppet::Settings] the settings object to define default settings for
|
70
|
+
# @return void
|
71
|
+
def self.initialize_default_settings!(settings)
|
72
|
+
settings.define_settings(:main,
|
73
|
+
:facterng => {
|
70
74
|
:default => false,
|
71
75
|
:type => :boolean,
|
72
76
|
:desc => 'Whether to enable a pre-Facter 4.0 release of Facter (distributed as
|
73
77
|
the "facter-ng" gem). This is not necessary if Facter 3.x or later is installed.
|
74
|
-
This setting is still experimental
|
78
|
+
This setting is still experimental.',
|
75
79
|
:hook => proc do |value|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
80
|
+
if value
|
81
|
+
begin
|
82
|
+
original_facter = Object.const_get(:Facter)
|
83
|
+
Object.send(:remove_const, :Facter)
|
84
|
+
|
85
|
+
require 'facter-ng'
|
86
|
+
# It is required to re-setup logger for facter-ng
|
87
|
+
Puppet::Util::Logging.setup_facter_logging!
|
88
|
+
rescue LoadError
|
89
|
+
Object.const_set(:Facter, original_facter)
|
90
|
+
raise ArgumentError, 'facter-ng could not be loaded'
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
},
|
88
95
|
:confdir => {
|
89
96
|
:default => nil,
|
90
97
|
:type => :directory,
|
@@ -121,7 +128,7 @@ module Puppet
|
|
121
128
|
}
|
122
129
|
)
|
123
130
|
|
124
|
-
define_settings(:main,
|
131
|
+
settings.define_settings(:main,
|
125
132
|
:logdir => {
|
126
133
|
:default => nil,
|
127
134
|
:type => :directory,
|
@@ -168,8 +175,8 @@ module Puppet
|
|
168
175
|
valid = %w[deprecations undefined_variables undefined_resources]
|
169
176
|
invalid = values - (values & valid)
|
170
177
|
if not invalid.empty?
|
171
|
-
raise ArgumentError, _("Cannot disable unrecognized warning types %{invalid}.") % { invalid: invalid.
|
172
|
-
' ' + _("Valid values are %{values}.") % { values: valid.
|
178
|
+
raise ArgumentError, _("Cannot disable unrecognized warning types '%{invalid}'.") % { invalid: invalid.join(',') } +
|
179
|
+
' ' + _("Valid values are '%{values}'.") % { values: valid.join(', ') }
|
173
180
|
end
|
174
181
|
end
|
175
182
|
},
|
@@ -225,7 +232,7 @@ module Puppet
|
|
225
232
|
}
|
226
233
|
)
|
227
234
|
|
228
|
-
define_settings(:main,
|
235
|
+
settings.define_settings(:main,
|
229
236
|
:priority => {
|
230
237
|
:default => nil,
|
231
238
|
:type => :priority,
|
@@ -263,6 +270,13 @@ module Puppet
|
|
263
270
|
major releases of Puppet. Should be used with caution, as in development
|
264
271
|
features are experimental and can have unexpected effects."
|
265
272
|
},
|
273
|
+
:versioned_environment_dirs => {
|
274
|
+
:default => false,
|
275
|
+
:type => :boolean,
|
276
|
+
:desc => "Whether or not to look for versioned environment directories,
|
277
|
+
symlinked from `$environmentpath/<environment>`. This is an experimental
|
278
|
+
feature and should be used with caution."
|
279
|
+
},
|
266
280
|
:static_catalogs => {
|
267
281
|
:default => true,
|
268
282
|
:type => :boolean,
|
@@ -333,8 +347,7 @@ module Puppet
|
|
333
347
|
:default => "ansi",
|
334
348
|
:type => :string,
|
335
349
|
:desc => "Whether to use colors when logging to the console. Valid values are
|
336
|
-
`ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
|
337
|
-
Defaults to false on Windows, as its console does not support ansi colors.",
|
350
|
+
`ansi` (equivalent to `true`), `html`, and `false`, which produces no color."
|
338
351
|
},
|
339
352
|
:mkusers => {
|
340
353
|
:default => false,
|
@@ -541,12 +554,12 @@ module Puppet
|
|
541
554
|
:hiera_config => {
|
542
555
|
:default => lambda do
|
543
556
|
config = nil
|
544
|
-
codedir =
|
557
|
+
codedir = settings[:codedir]
|
545
558
|
if codedir.is_a?(String)
|
546
559
|
config = File.expand_path(File.join(codedir, 'hiera.yaml'))
|
547
560
|
config = nil unless Puppet::FileSystem.exist?(config)
|
548
561
|
end
|
549
|
-
config = File.expand_path(File.join(
|
562
|
+
config = File.expand_path(File.join(settings[:confdir], 'hiera.yaml')) if config.nil?
|
550
563
|
config
|
551
564
|
end,
|
552
565
|
:desc => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it.",
|
@@ -576,13 +589,22 @@ module Puppet
|
|
576
589
|
},
|
577
590
|
:trusted_external_command => {
|
578
591
|
:default => nil,
|
579
|
-
:
|
592
|
+
:type => :file_or_directory,
|
593
|
+
:desc => "The external trusted facts script or directory to use.
|
580
594
|
This setting's value can be set to the path to an executable command that
|
581
|
-
can produce external trusted facts
|
595
|
+
can produce external trusted facts or to a directory containing those
|
596
|
+
executable commands. The command(s) must:
|
582
597
|
|
583
598
|
* Take the name of a node as a command-line argument.
|
584
599
|
* Return a JSON hash with the external trusted facts for this node.
|
585
|
-
* For unknown or invalid nodes, exit with a non-zero exit code.
|
600
|
+
* For unknown or invalid nodes, exit with a non-zero exit code.
|
601
|
+
|
602
|
+
If the setting points to an executable command, then the external trusted
|
603
|
+
facts will be stored in the 'external' key of the trusted facts hash. Otherwise
|
604
|
+
for each executable file in the directory, the external trusted facts will be
|
605
|
+
stored in the `<basename>` key of the `trusted['external']` hash. For example,
|
606
|
+
if the files foo.rb and bar.sh are in the directory, then `trusted['external']`
|
607
|
+
will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.",
|
586
608
|
},
|
587
609
|
:default_file_terminus => {
|
588
610
|
:type => :terminus,
|
@@ -610,7 +632,7 @@ module Puppet
|
|
610
632
|
:http_proxy_password =>{
|
611
633
|
:default => "none",
|
612
634
|
:hook => proc do |value|
|
613
|
-
if
|
635
|
+
if settings[:http_proxy_password] =~ /[@!# \/]/
|
614
636
|
raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}"
|
615
637
|
end
|
616
638
|
end,
|
@@ -754,7 +776,7 @@ API to expire the cache as needed
|
|
754
776
|
}
|
755
777
|
)
|
756
778
|
|
757
|
-
|
779
|
+
settings.define_settings(:module_tool,
|
758
780
|
:module_repository => {
|
759
781
|
:default => 'https://forgeapi.puppet.com',
|
760
782
|
:desc => "The module repository",
|
@@ -773,7 +795,7 @@ API to expire the cache as needed
|
|
773
795
|
}
|
774
796
|
)
|
775
797
|
|
776
|
-
|
798
|
+
settings.define_settings(
|
777
799
|
:main,
|
778
800
|
|
779
801
|
# We have to downcase the fqdn, because the current ssl stuff (as opposed to in master) doesn't have good facilities for
|
@@ -854,13 +876,17 @@ This is useful for embedding a pre-shared key for autosigning policy executables
|
|
854
876
|
("challenge password") OID.
|
855
877
|
|
856
878
|
Extension requests will be permanently embedded in the final certificate.
|
857
|
-
Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`)
|
858
|
-
"ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`)
|
879
|
+
Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`),
|
880
|
+
"ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`), or
|
881
|
+
"ppAuthCertExt" (`1.3.6.1.4.1.34380.1.3`) OID arcs. The ppRegCertExt arc is
|
859
882
|
reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`),
|
860
883
|
`pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`)
|
861
884
|
--- in the YAML file, these can be referred to by their short descriptive names
|
862
885
|
instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used
|
863
|
-
for site-specific extensions.
|
886
|
+
for site-specific extensions. The ppAuthCert arc is reserved for two pieces of
|
887
|
+
data to embed: `pp_authorization` (`.1`) and `pp_auth_role` (`.13`). As with
|
888
|
+
ppRegCertExt, in the YAML file, these can be referred to by their short
|
889
|
+
descriptive name instead of their full OID.
|
864
890
|
EOT
|
865
891
|
},
|
866
892
|
:certdir => {
|
@@ -974,6 +1000,15 @@ EOT
|
|
974
1000
|
and reject the CA certificate if the values do not match. This only applies
|
975
1001
|
during the first download of the CA certificate."
|
976
1002
|
},
|
1003
|
+
:ssl_trust_store => {
|
1004
|
+
:default => nil,
|
1005
|
+
:type => :file,
|
1006
|
+
:desc => "A file containing CA certificates in PEM format that puppet should trust
|
1007
|
+
when making HTTPS requests. This **only** applies to https requests to non-puppet
|
1008
|
+
infrastructure, such as retrieving file metadata and content from https file sources,
|
1009
|
+
puppet module tool and the 'http' report processor. This setting is ignored when
|
1010
|
+
making requests to puppet:// URLs such as catalog and report requests.",
|
1011
|
+
},
|
977
1012
|
:ssl_client_ca_auth => {
|
978
1013
|
:type => :file,
|
979
1014
|
:mode => "0644",
|
@@ -1080,7 +1115,7 @@ EOT
|
|
1080
1115
|
}
|
1081
1116
|
)
|
1082
1117
|
|
1083
|
-
define_settings(
|
1118
|
+
settings.define_settings(
|
1084
1119
|
:ca,
|
1085
1120
|
:ca_name => {
|
1086
1121
|
:default => "Puppet CA: $certname",
|
@@ -1152,7 +1187,7 @@ EOT
|
|
1152
1187
|
the request.
|
1153
1188
|
|
1154
1189
|
For info on autosign configuration files, see
|
1155
|
-
[the guide to Puppet's config files](https://puppet.com/docs/puppet/latest/
|
1190
|
+
[the guide to Puppet's config files](https://puppet.com/docs/puppet/latest/config_file_autosign.html).",
|
1156
1191
|
},
|
1157
1192
|
:allow_duplicate_certs => {
|
1158
1193
|
:default => false,
|
@@ -1198,7 +1233,7 @@ EOT
|
|
1198
1233
|
|
1199
1234
|
# Define the config default.
|
1200
1235
|
|
1201
|
-
define_settings(:application,
|
1236
|
+
settings.define_settings(:application,
|
1202
1237
|
:config_file_name => {
|
1203
1238
|
:type => :string,
|
1204
1239
|
:default => Puppet::Settings.default_config_file_name,
|
@@ -1223,7 +1258,7 @@ EOT
|
|
1223
1258
|
},
|
1224
1259
|
)
|
1225
1260
|
|
1226
|
-
define_settings(:environment,
|
1261
|
+
settings.define_settings(:environment,
|
1227
1262
|
:manifest => {
|
1228
1263
|
:default => nil,
|
1229
1264
|
:type => :file_or_directory,
|
@@ -1266,7 +1301,7 @@ EOT
|
|
1266
1301
|
}
|
1267
1302
|
)
|
1268
1303
|
|
1269
|
-
define_settings(:master,
|
1304
|
+
settings.define_settings(:master,
|
1270
1305
|
:user => {
|
1271
1306
|
:default => "puppet",
|
1272
1307
|
:desc => "The user Puppet Server will run as. Used to ensure
|
@@ -1323,13 +1358,23 @@ EOT
|
|
1323
1358
|
overridden by more specific settings (see `ca_port`, `report_port`).",
|
1324
1359
|
},
|
1325
1360
|
:node_name => {
|
1326
|
-
:default =>
|
1361
|
+
:default => 'cert',
|
1362
|
+
:type => :enum,
|
1363
|
+
:values => ['cert', 'facter'],
|
1364
|
+
:deprecated => :completely,
|
1365
|
+
:hook => proc { |val|
|
1366
|
+
if val != 'cert'
|
1367
|
+
Puppet.deprecation_warning("The node_name setting is deprecated and will be removed in a future release.")
|
1368
|
+
end
|
1369
|
+
},
|
1327
1370
|
:desc => "How the puppet master determines the client's identity
|
1328
1371
|
and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest,
|
1329
1372
|
in particular for determining which 'node' statement applies to the client.
|
1330
1373
|
Possible values are 'cert' (use the subject's CN in the client's
|
1331
1374
|
certificate) and 'facter' (use the hostname that the client
|
1332
|
-
reported in its facts)
|
1375
|
+
reported in its facts).
|
1376
|
+
|
1377
|
+
This setting is deprecated, please use explicit fact matching for classification.",
|
1333
1378
|
},
|
1334
1379
|
:bucketdir => {
|
1335
1380
|
:default => "$vardir/bucket",
|
@@ -1452,14 +1497,23 @@ EOT
|
|
1452
1497
|
:desc => "Where the fileserver configuration is stored.",
|
1453
1498
|
},
|
1454
1499
|
:strict_hostname_checking => {
|
1455
|
-
:default =>
|
1500
|
+
:default => true,
|
1501
|
+
:type => :boolean,
|
1456
1502
|
:desc => "Whether to only search for the complete
|
1457
|
-
|
1458
|
-
|
1503
|
+
hostname as it is in the certificate when searching for node information
|
1504
|
+
in the catalogs or to match dot delimited segments of the cert's certname
|
1505
|
+
and the hostname, fqdn, and/or domain facts.
|
1506
|
+
|
1507
|
+
This setting is deprecated and will be removed in a future release.",
|
1508
|
+
:hook => proc { |val|
|
1509
|
+
if val != true
|
1510
|
+
Puppet.deprecation_warning("Setting strict_hostname_checking to false is deprecated and will be removed in a future release. Please use regular expressions in your node declarations or explicit fact matching for classification (though be warned that fact based classification may be considered insecure).")
|
1511
|
+
end
|
1512
|
+
}
|
1459
1513
|
}
|
1460
1514
|
)
|
1461
1515
|
|
1462
|
-
define_settings(:device,
|
1516
|
+
settings.define_settings(:device,
|
1463
1517
|
:devicedir => {
|
1464
1518
|
:default => "$vardir/devices",
|
1465
1519
|
:type => :directory,
|
@@ -1474,7 +1528,7 @@ EOT
|
|
1474
1528
|
}
|
1475
1529
|
)
|
1476
1530
|
|
1477
|
-
define_settings(:agent,
|
1531
|
+
settings.define_settings(:agent,
|
1478
1532
|
:node_name_value => {
|
1479
1533
|
:default => "$certname",
|
1480
1534
|
:desc => "The explicit value used for the node name for all requests the agent
|
@@ -1499,7 +1553,7 @@ EOT
|
|
1499
1553
|
:statefile => {
|
1500
1554
|
:default => "$statedir/state.yaml",
|
1501
1555
|
:type => :file,
|
1502
|
-
:mode => "
|
1556
|
+
:mode => "0640",
|
1503
1557
|
:desc => "Where puppet agent and puppet master store state associated
|
1504
1558
|
with the running configuration. In the case of puppet master,
|
1505
1559
|
this file reflects the state discovered through interacting
|
@@ -1521,7 +1575,7 @@ EOT
|
|
1521
1575
|
:transactionstorefile => {
|
1522
1576
|
:default => "$statedir/transactionstore.yaml",
|
1523
1577
|
:type => :file,
|
1524
|
-
:mode => "
|
1578
|
+
:mode => "0640",
|
1525
1579
|
:desc => "Transactional storage file for persisting data between
|
1526
1580
|
transactions for the purposes of infering information (such as
|
1527
1581
|
corrective_change) on new data received."
|
@@ -1599,6 +1653,12 @@ EOT
|
|
1599
1653
|
:default => lambda { Puppet::Settings.domain_fact },
|
1600
1654
|
:desc => "The domain which will be queried to find the SRV records of servers to use.",
|
1601
1655
|
},
|
1656
|
+
:http_extra_headers => {
|
1657
|
+
:default => [],
|
1658
|
+
:type => :http_extra_headers,
|
1659
|
+
:desc => "The list of extra headers that will be sent with http requests to the master.
|
1660
|
+
The header definition consists of a name and a value separated by a colon."
|
1661
|
+
},
|
1602
1662
|
:ignoreschedules => {
|
1603
1663
|
:default => false,
|
1604
1664
|
:type => :boolean,
|
@@ -1755,10 +1815,27 @@ EOT
|
|
1755
1815
|
:type => :boolean,
|
1756
1816
|
:desc => "Whether to send reports after every transaction.",
|
1757
1817
|
},
|
1818
|
+
:report_include_system_store => {
|
1819
|
+
:default => false,
|
1820
|
+
:type => :boolean,
|
1821
|
+
:desc => "Whether the 'http' report processor should include the system
|
1822
|
+
certificate store when submitting reports to HTTPS URLs. If false, then
|
1823
|
+
the 'http' processor will only trust HTTPS report servers whose certificates
|
1824
|
+
are issued by the puppet CA or one of its intermediate CAs. If true, the
|
1825
|
+
processor will additionally trust CA certificates in the system's
|
1826
|
+
certificate store."
|
1827
|
+
},
|
1758
1828
|
:resubmit_facts => {
|
1759
1829
|
:default => false,
|
1760
1830
|
:type => :boolean,
|
1761
|
-
:desc => "Whether to send updated facts after every transaction.
|
1831
|
+
:desc => "Whether to send updated facts after every transaction. By default
|
1832
|
+
puppet only submits facts at the beginning of the transaction before applying a
|
1833
|
+
catalog. Since puppet can modify the state of the system, the value of the facts
|
1834
|
+
may change after puppet finishes. Therefore, any facts stored in puppetdb may not
|
1835
|
+
be consistent until the agent next runs, typically in 30 minutes. If this feature
|
1836
|
+
is enabled, puppet will resubmit facts after applying its catalog, ensuring facts
|
1837
|
+
for the node stored in puppetdb are current. However, this will double the fact
|
1838
|
+
submission load on puppetdb, so it is disabled by default.",
|
1762
1839
|
},
|
1763
1840
|
:lastrunfile => {
|
1764
1841
|
:default => "$statedir/last_run_summary.yaml",
|
@@ -1822,12 +1899,31 @@ EOT
|
|
1822
1899
|
certificate request to be signed. A value of `unlimited` will cause puppet agent
|
1823
1900
|
to ask for a signed certificate indefinitely.
|
1824
1901
|
#{AS_DURATION}",
|
1902
|
+
},
|
1903
|
+
:waitforlock => {
|
1904
|
+
:default => "0",
|
1905
|
+
:type => :duration,
|
1906
|
+
:desc => "How frequently puppet agent should try running when there is an
|
1907
|
+
already ongoing puppet agent instance.
|
1908
|
+
|
1909
|
+
This argument is by default disabled (value set to 0). In this case puppet agent will
|
1910
|
+
immediately exit if it cannot run at that moment. When a value other than 0 is set, this
|
1911
|
+
can also be used in combination with the `maxwaitforlock` argument.
|
1912
|
+
#{AS_DURATION}",
|
1913
|
+
},
|
1914
|
+
:maxwaitforlock => {
|
1915
|
+
:default => "1m",
|
1916
|
+
:type => :ttl,
|
1917
|
+
:desc => "The maximum amount of time the puppet agent should wait for an
|
1918
|
+
already running puppet agent to finish before starting a new one. This is set by default to 1 minute.
|
1919
|
+
A value of `unlimited` will cause puppet agent to wait indefinitely.
|
1920
|
+
#{AS_DURATION}",
|
1825
1921
|
}
|
1826
1922
|
)
|
1827
1923
|
|
1828
1924
|
# Plugin information.
|
1829
1925
|
|
1830
|
-
define_settings(
|
1926
|
+
settings.define_settings(
|
1831
1927
|
:main,
|
1832
1928
|
:plugindest => {
|
1833
1929
|
:type => :directory,
|
@@ -1870,7 +1966,7 @@ EOT
|
|
1870
1966
|
|
1871
1967
|
# Central fact information.
|
1872
1968
|
|
1873
|
-
define_settings(
|
1969
|
+
settings.define_settings(
|
1874
1970
|
:main,
|
1875
1971
|
:factpath => {
|
1876
1972
|
:type => :path,
|
@@ -1887,7 +1983,7 @@ EOT
|
|
1887
1983
|
}
|
1888
1984
|
)
|
1889
1985
|
|
1890
|
-
define_settings(
|
1986
|
+
settings.define_settings(
|
1891
1987
|
:transaction,
|
1892
1988
|
:tags => {
|
1893
1989
|
:default => "",
|
@@ -1915,7 +2011,7 @@ EOT
|
|
1915
2011
|
}
|
1916
2012
|
)
|
1917
2013
|
|
1918
|
-
define_settings(
|
2014
|
+
settings.define_settings(
|
1919
2015
|
:main,
|
1920
2016
|
:external_nodes => {
|
1921
2017
|
:default => "none",
|
@@ -1940,7 +2036,7 @@ EOT
|
|
1940
2036
|
}
|
1941
2037
|
)
|
1942
2038
|
|
1943
|
-
define_settings(
|
2039
|
+
settings.define_settings(
|
1944
2040
|
:ldap,
|
1945
2041
|
:ldapssl => {
|
1946
2042
|
:default => false,
|
@@ -2009,7 +2105,7 @@ EOT
|
|
2009
2105
|
}
|
2010
2106
|
)
|
2011
2107
|
|
2012
|
-
define_settings(:master,
|
2108
|
+
settings.define_settings(:master,
|
2013
2109
|
:storeconfigs => {
|
2014
2110
|
:default => false,
|
2015
2111
|
:type => :boolean,
|
@@ -2027,7 +2123,7 @@ EOT
|
|
2027
2123
|
require 'puppet/node/facts'
|
2028
2124
|
if value
|
2029
2125
|
Puppet::Resource::Catalog.indirection.set_global_setting(:cache_class, :store_configs)
|
2030
|
-
|
2126
|
+
settings.override_default(:catalog_cache_terminus, :store_configs)
|
2031
2127
|
Puppet::Node::Facts.indirection.set_global_setting(:cache_class, :store_configs)
|
2032
2128
|
Puppet::Resource.indirection.set_global_setting(:terminus_class, :store_configs)
|
2033
2129
|
end
|
@@ -2042,7 +2138,7 @@ EOT
|
|
2042
2138
|
}
|
2043
2139
|
)
|
2044
2140
|
|
2045
|
-
define_settings(:parser,
|
2141
|
+
settings.define_settings(:parser,
|
2046
2142
|
:max_errors => {
|
2047
2143
|
:default => 10,
|
2048
2144
|
:desc => <<-'EOT'
|
@@ -2094,7 +2190,7 @@ EOT
|
|
2094
2190
|
EOT
|
2095
2191
|
}
|
2096
2192
|
)
|
2097
|
-
define_settings(:puppetdoc,
|
2193
|
+
settings.define_settings(:puppetdoc,
|
2098
2194
|
:document_all => {
|
2099
2195
|
:default => false,
|
2100
2196
|
:type => :boolean,
|
@@ -2103,7 +2199,7 @@ EOT
|
|
2103
2199
|
}
|
2104
2200
|
)
|
2105
2201
|
|
2106
|
-
define_settings(
|
2202
|
+
settings.define_settings(
|
2107
2203
|
:main,
|
2108
2204
|
:rich_data => {
|
2109
2205
|
:default => true,
|
@@ -2120,5 +2216,5 @@ EOT
|
|
2120
2216
|
EOT
|
2121
2217
|
}
|
2122
2218
|
)
|
2123
|
-
|
2219
|
+
end
|
2124
2220
|
end
|