puppet 6.14.0-universal-darwin → 6.15.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +15 -15
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +1 -1
- data/lib/puppet/agent.rb +2 -10
- data/lib/puppet/application/agent.rb +2 -1
- data/lib/puppet/application/filebucket.rb +5 -14
- data/lib/puppet/application/ssl.rb +2 -2
- data/lib/puppet/configurer.rb +7 -3
- data/lib/puppet/configurer/plugin_handler.rb +1 -1
- data/lib/puppet/defaults.rb +22 -2
- data/lib/puppet/environments.rb +4 -5
- data/lib/puppet/face/plugin.rb +1 -1
- data/lib/puppet/file_system/file_impl.rb +13 -9
- data/lib/puppet/forge/repository.rb +1 -1
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +2 -0
- data/lib/puppet/http/client.rb +191 -52
- data/lib/puppet/http/external_client.rb +96 -0
- data/lib/puppet/http/redirector.rb +34 -0
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +75 -15
- data/lib/puppet/http/resolver/settings.rb +22 -2
- data/lib/puppet/http/resolver/srv.rb +28 -2
- data/lib/puppet/http/response.rb +63 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +67 -1
- data/lib/puppet/http/service/ca.rb +71 -9
- data/lib/puppet/http/service/compiler.rb +213 -11
- data/lib/puppet/http/service/file_server.rb +105 -4
- data/lib/puppet/http/service/report.rb +36 -3
- data/lib/puppet/http/session.rb +59 -8
- data/lib/puppet/indirector/catalog/rest.rb +2 -1
- data/lib/puppet/indirector/facts/rest.rb +2 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +4 -2
- data/lib/puppet/indirector/node/rest.rb +2 -1
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/status/rest.rb +2 -1
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/base_pool.rb +6 -1
- data/lib/puppet/network/http/pool.rb +2 -4
- data/lib/puppet/network/http_pool.rb +1 -0
- data/lib/puppet/node/environment.rb +11 -1
- data/lib/puppet/pal/pal_impl.rb +1 -29
- data/lib/puppet/parser/compiler.rb +14 -7
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/apt.rb +61 -1
- data/lib/puppet/provider/package/dnfmodule.rb +39 -12
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +105 -33
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +92 -19
- data/lib/puppet/provider/service/systemd.rb +2 -1
- data/lib/puppet/reports/http.rb +13 -11
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/state_machine.rb +50 -33
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/type.rb +6 -1
- data/lib/puppet/type/file/source.rb +4 -2
- data/lib/puppet/type/package.rb +25 -2
- data/lib/puppet/type/user.rb +0 -19
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +3 -0
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +50 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +13 -7
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +207 -201
- data/man/man5/puppet.conf.5 +11 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list-enabled.txt} +2 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/integration/application/agent_spec.rb +329 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +50 -0
- data/spec/integration/http/client_spec.rb +34 -40
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +2 -15
- data/spec/integration/network/http_pool_spec.rb +11 -19
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/util/windows/adsi_spec.rb +1 -1
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +10 -7
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +33 -25
- data/spec/unit/application/agent_spec.rb +5 -1
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/configurer_spec.rb +1 -1
- data/spec/unit/defaults_spec.rb +24 -1
- data/spec/unit/environments_spec.rb +8 -0
- data/spec/unit/file_system_spec.rb +10 -0
- data/spec/unit/http/client_spec.rb +105 -46
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +20 -0
- data/spec/unit/http/service/ca_spec.rb +25 -2
- data/spec/unit/http/service/compiler_spec.rb +184 -6
- data/spec/unit/http/service/file_server_spec.rb +35 -3
- data/spec/unit/http/service/report_spec.rb +3 -1
- data/spec/unit/http/service_spec.rb +3 -3
- data/spec/unit/http/session_spec.rb +56 -7
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/network/http/pool_spec.rb +3 -3
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/apt_spec.rb +30 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +33 -14
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +26 -3
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +235 -1
- data/spec/unit/provider/service/systemd_spec.rb +10 -1
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -29
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/state_machine_spec.rb +38 -6
- data/spec/unit/transaction/report_spec.rb +4 -0
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +154 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +83 -47
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/tasks/generate_cert_fixtures.rake +15 -1
- metadata +51 -6
- data/spec/integration/faces/plugin_spec.rb +0 -63
@@ -30,7 +30,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
30
30
|
def self.instances
|
31
31
|
i = []
|
32
32
|
output = systemctl('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager')
|
33
|
-
output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect)\s*$/i).each do |m|
|
33
|
+
output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad)\s*$/i).each do |m|
|
34
|
+
Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
|
34
35
|
i << new(:name => m[0])
|
35
36
|
end
|
36
37
|
return i
|
data/lib/puppet/reports/http.rb
CHANGED
@@ -20,19 +20,21 @@ Puppet::Reports.register_report(:http) do
|
|
20
20
|
# (Puppet::Network::HTTP) but is used by Puppet Server's http client
|
21
21
|
# (Puppet::Server::HttpClient) to track metrics on the request made to the
|
22
22
|
# `reporturl` to store a report.
|
23
|
-
options = {
|
23
|
+
options = {
|
24
|
+
:metric_id => [:puppet, :report, :http],
|
25
|
+
:include_system_store => Puppet[:report_include_system_store],
|
26
|
+
}
|
27
|
+
|
24
28
|
if url.user && url.password
|
25
|
-
options[:
|
26
|
-
|
27
|
-
:password => url.password
|
28
|
-
}
|
29
|
+
options[:user] = url.user
|
30
|
+
options[:password] = url.password
|
29
31
|
end
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
32
|
+
|
33
|
+
client = Puppet.runtime['http']
|
34
|
+
client.post(url, self.to_yaml, headers: headers, options: options) do |response|
|
35
|
+
unless response.success?
|
36
|
+
Puppet.err _("Unable to submit report to %{url} [%{code}] %{message}") % { url: Puppet[:reporturl].to_s, code: response.code, message: response.reason }
|
37
|
+
end
|
36
38
|
end
|
37
39
|
end
|
38
40
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'puppet/parser/type_loader'
|
2
2
|
require 'puppet/util/file_watcher'
|
3
3
|
require 'puppet/util/warnings'
|
4
|
+
require 'puppet/concurrent/lock'
|
4
5
|
|
5
6
|
# @api private
|
6
7
|
class Puppet::Resource::TypeCollection
|
@@ -28,6 +29,7 @@ class Puppet::Resource::TypeCollection
|
|
28
29
|
@nodes = {}
|
29
30
|
@notfound = {}
|
30
31
|
@sites = []
|
32
|
+
@lock = Puppet::Concurrent::Lock.new
|
31
33
|
|
32
34
|
# So we can keep a list and match the first-defined regex
|
33
35
|
@node_list = []
|
@@ -225,25 +227,27 @@ class Puppet::Resource::TypeCollection
|
|
225
227
|
# Resolve namespaces and find the given object. Autoload it if
|
226
228
|
# necessary.
|
227
229
|
def find_or_load(name, type)
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
230
|
+
@lock.synchronize do
|
231
|
+
# Name is always absolute, but may start with :: which must be removed
|
232
|
+
fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
|
233
|
+
|
234
|
+
result = send(type, fqname)
|
235
|
+
unless result
|
236
|
+
if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
|
237
|
+
# do not try to autoload if we already tried and it wasn't conclusive
|
238
|
+
# as this is a time consuming operation. Warn the user.
|
239
|
+
# Check first if debugging is on since the call to debug_once is expensive
|
240
|
+
if Puppet[:debug]
|
241
|
+
debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
|
242
|
+
end
|
243
|
+
else
|
244
|
+
fqname = munge_name(fqname)
|
245
|
+
result = loader.try_load_fqname(type, fqname)
|
246
|
+
@notfound[ fqname ] = result.nil?
|
239
247
|
end
|
240
|
-
else
|
241
|
-
fqname = munge_name(fqname)
|
242
|
-
result = loader.try_load_fqname(type, fqname)
|
243
|
-
@notfound[ fqname ] = result.nil?
|
244
248
|
end
|
249
|
+
result
|
245
250
|
end
|
246
|
-
result
|
247
251
|
end
|
248
252
|
|
249
253
|
def munge_name(name)
|
data/lib/puppet/ssl.rb
CHANGED
data/lib/puppet/ssl/host.rb
CHANGED
@@ -22,9 +22,9 @@ class Puppet::SSL::Host
|
|
22
22
|
|
23
23
|
attr_writer :key, :certificate, :certificate_request, :crl_usage
|
24
24
|
|
25
|
-
def self.localhost
|
25
|
+
def self.localhost(suppress_warning = false)
|
26
26
|
return @localhost if @localhost
|
27
|
-
@localhost = new
|
27
|
+
@localhost = new(nil, false, suppress_warning)
|
28
28
|
@localhost.generate unless @localhost.certificate
|
29
29
|
@localhost.key
|
30
30
|
@localhost
|
@@ -225,14 +225,14 @@ ERROR_STRING
|
|
225
225
|
end
|
226
226
|
private :validate_csr_with_key
|
227
227
|
|
228
|
-
def initialize(name = nil, device = false)
|
228
|
+
def initialize(name = nil, device = false, suppress_warning = false)
|
229
229
|
@name = (name || Puppet[:certname]).downcase
|
230
230
|
@device = device
|
231
231
|
Puppet::SSL::Base.validate_certname(@name)
|
232
232
|
@key = @certificate = @certificate_request = nil
|
233
233
|
@crl_usage = Puppet.settings[:certificate_revocation]
|
234
234
|
@crl_path = Puppet.settings[:hostcrl]
|
235
|
-
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."))
|
235
|
+
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
|
236
236
|
end
|
237
237
|
|
238
238
|
# Extract the public key from the private key.
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -61,6 +61,7 @@ module Puppet::SSL::Oids
|
|
61
61
|
["1.3.6.1.4.1.34380.1.1.23", 'pp_cloudplatform', 'Puppet Node Cloud Platform Name'],
|
62
62
|
["1.3.6.1.4.1.34380.1.1.24", 'pp_apptier', 'Puppet Node Application Tier'],
|
63
63
|
["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
|
64
|
+
["1.3.6.1.4.1.34380.1.1.26", 'pp_owner', 'Puppet Node Owner'],
|
64
65
|
|
65
66
|
["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],
|
66
67
|
|
@@ -45,7 +45,7 @@ class Puppet::SSL::StateMachine
|
|
45
45
|
next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
|
46
46
|
else
|
47
47
|
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
48
|
-
pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
48
|
+
_, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
49
49
|
if @machine.ca_fingerprint
|
50
50
|
actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
|
51
51
|
expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
|
@@ -146,7 +146,7 @@ class Puppet::SSL::StateMachine
|
|
146
146
|
|
147
147
|
def download_crl(ssl_ctx, last_update)
|
148
148
|
route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
|
149
|
-
pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
149
|
+
_, pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
150
150
|
crls = @cert_provider.load_crls_from_pem(pem)
|
151
151
|
# verify crls before saving
|
152
152
|
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
|
@@ -234,7 +234,7 @@ class Puppet::SSL::StateMachine
|
|
234
234
|
|
235
235
|
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
236
236
|
cert = OpenSSL::X509::Certificate.new(
|
237
|
-
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
|
237
|
+
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
|
238
238
|
)
|
239
239
|
Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
|
240
240
|
# verify client cert before saving
|
@@ -280,18 +280,37 @@ class Puppet::SSL::StateMachine
|
|
280
280
|
|
281
281
|
# close persistent connections and session state before sleeping
|
282
282
|
Puppet.runtime['http'].close
|
283
|
-
@machine.session =
|
283
|
+
@machine.session = Puppet.runtime['http'].create_session
|
284
284
|
|
285
|
+
@machine.unlock
|
285
286
|
Kernel.sleep(time)
|
287
|
+
NeedLock.new(@machine)
|
288
|
+
end
|
289
|
+
end
|
290
|
+
end
|
286
291
|
|
292
|
+
# Acquire the ssl lock or return LockFailure causing us to exit.
|
293
|
+
#
|
294
|
+
class NeedLock < SSLState
|
295
|
+
def initialize(machine)
|
296
|
+
super(machine, nil)
|
297
|
+
end
|
298
|
+
|
299
|
+
def next_state
|
300
|
+
if @machine.lock
|
287
301
|
# our ssl directory may have been cleaned while we were
|
288
302
|
# sleeping, start over from the top
|
289
|
-
@machine.session = Puppet.runtime['http'].create_session
|
290
303
|
NeedCACerts.new(@machine)
|
304
|
+
else
|
305
|
+
LockFailure.new(@machine, nil)
|
291
306
|
end
|
292
307
|
end
|
293
308
|
end
|
294
309
|
|
310
|
+
# We failed to acquire the lock, so exit
|
311
|
+
#
|
312
|
+
class LockFailure < SSLState; end
|
313
|
+
|
295
314
|
# We cannot make progress due to an error.
|
296
315
|
#
|
297
316
|
class Error < SSLState
|
@@ -362,7 +381,7 @@ class Puppet::SSL::StateMachine
|
|
362
381
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
363
382
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
364
383
|
def ensure_ca_certificates
|
365
|
-
final_state = run_machine(
|
384
|
+
final_state = run_machine(NeedLock.new(self), NeedKey)
|
366
385
|
final_state.ssl_context
|
367
386
|
end
|
368
387
|
|
@@ -371,7 +390,7 @@ class Puppet::SSL::StateMachine
|
|
371
390
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
372
391
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
373
392
|
def ensure_client_certificate
|
374
|
-
final_state = run_machine(
|
393
|
+
final_state = run_machine(NeedLock.new(self), Done)
|
375
394
|
ssl_context = final_state.ssl_context
|
376
395
|
|
377
396
|
if Puppet::Util::Log.sendlevel?(:debug)
|
@@ -390,40 +409,38 @@ class Puppet::SSL::StateMachine
|
|
390
409
|
ssl_context
|
391
410
|
end
|
392
411
|
|
412
|
+
def lock
|
413
|
+
@lockfile.lock
|
414
|
+
end
|
415
|
+
|
416
|
+
def unlock
|
417
|
+
@lockfile.unlock
|
418
|
+
end
|
419
|
+
|
393
420
|
private
|
394
421
|
|
395
422
|
def run_machine(state, stop)
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
else
|
409
|
-
# fall through
|
423
|
+
loop do
|
424
|
+
state = run_step(state)
|
425
|
+
|
426
|
+
case state
|
427
|
+
when stop
|
428
|
+
break
|
429
|
+
when LockFailure
|
430
|
+
raise Puppet::Error, _('Another puppet instance is already running; exiting')
|
431
|
+
when Error
|
432
|
+
if @onetime
|
433
|
+
Puppet.log_exception(state.error)
|
434
|
+
raise state.error
|
410
435
|
end
|
436
|
+
else
|
437
|
+
# fall through
|
411
438
|
end
|
412
439
|
end
|
413
440
|
|
414
441
|
state
|
415
|
-
|
416
|
-
|
417
|
-
def with_lock
|
418
|
-
if @lockfile.lock
|
419
|
-
begin
|
420
|
-
yield
|
421
|
-
ensure
|
422
|
-
@lockfile.unlock
|
423
|
-
end
|
424
|
-
else
|
425
|
-
raise Puppet::Error, _('Another puppet instance is already running; exiting')
|
426
|
-
end
|
442
|
+
ensure
|
443
|
+
@lockfile.unlock if @lockfile.locked?
|
427
444
|
end
|
428
445
|
|
429
446
|
def run_step(state)
|
@@ -217,13 +217,13 @@ class Puppet::Transaction::Report
|
|
217
217
|
end
|
218
218
|
|
219
219
|
# @api private
|
220
|
-
def initialize(configuration_version=nil, environment=nil, transaction_uuid=nil, job_id=nil)
|
220
|
+
def initialize(configuration_version=nil, environment=nil, transaction_uuid=nil, job_id=nil, start_time=Time.now)
|
221
221
|
@metrics = {}
|
222
222
|
@logs = []
|
223
223
|
@resource_statuses = {}
|
224
224
|
@external_times ||= {}
|
225
225
|
@host = Puppet[:node_name_value]
|
226
|
-
@time =
|
226
|
+
@time = start_time
|
227
227
|
@report_format = 10
|
228
228
|
@puppet_version = Puppet.version
|
229
229
|
@configuration_version = configuration_version
|
data/lib/puppet/type.rb
CHANGED
@@ -10,6 +10,7 @@ require 'puppet/metatype/manager'
|
|
10
10
|
require 'puppet/util/errors'
|
11
11
|
require 'puppet/util/logging'
|
12
12
|
require 'puppet/util/tagging'
|
13
|
+
require 'puppet/concurrent/lock'
|
13
14
|
|
14
15
|
# see the bottom of the file for the rest of the inclusions
|
15
16
|
|
@@ -84,6 +85,11 @@ class Type
|
|
84
85
|
# Comparing type instances.
|
85
86
|
include Comparable
|
86
87
|
|
88
|
+
# These variables are used in Metatype::Manager for managing types
|
89
|
+
@types = {}
|
90
|
+
@manager_lock = Puppet::Concurrent::Lock.new
|
91
|
+
extend Puppet::MetaType::Manager
|
92
|
+
|
87
93
|
# Compares this type against the given _other_ (type) and returns -1, 0, or +1 depending on the order.
|
88
94
|
# @param other [Object] the object to compare against (produces nil, if not kind of Type}
|
89
95
|
# @return [-1, 0, +1, nil] produces -1 if this type is before the given _other_ type, 0 if equals, and 1 if after.
|
@@ -2284,7 +2290,6 @@ end
|
|
2284
2290
|
#
|
2285
2291
|
attr_accessor :self_refresh
|
2286
2292
|
include Enumerable, Puppet::Util::ClassGen
|
2287
|
-
include Puppet::MetaType::Manager
|
2288
2293
|
|
2289
2294
|
include Puppet::Util
|
2290
2295
|
include Puppet::Util::Logging
|
@@ -47,6 +47,8 @@ module Puppet
|
|
47
47
|
The `http` source uses the server `Content-MD5` header as a checksum to
|
48
48
|
determine if the remote file has changed. If the server response does not
|
49
49
|
include that header, Puppet defaults to using the `Last-Modified` header.
|
50
|
+
Puppet will update the local file if the header is newer than the modified
|
51
|
+
time (mtime) of the local file.
|
50
52
|
|
51
53
|
Multiple `source` values can be specified as an array, and Puppet will
|
52
54
|
use the first source that exists. This can be used to serve different
|
@@ -255,7 +257,7 @@ module Puppet
|
|
255
257
|
|
256
258
|
def each_chunk_from(&block)
|
257
259
|
if Puppet[:default_file_terminus] == :file_server && scheme == 'puppet' && (uri.host.nil? || uri.host.empty?)
|
258
|
-
chunk_file_from_disk(metadata.
|
260
|
+
chunk_file_from_disk(metadata.full_path, &block)
|
259
261
|
elsif local?
|
260
262
|
chunk_file_from_disk(full_path, &block)
|
261
263
|
else
|
@@ -296,7 +298,7 @@ module Puppet
|
|
296
298
|
|
297
299
|
def get_from_http_source(url, &block)
|
298
300
|
client = Puppet.runtime['http']
|
299
|
-
client.get(url) do |response|
|
301
|
+
client.get(url, options: {include_system_store: true}) do |response|
|
300
302
|
raise Puppet::HTTP::ResponseError.new(response) unless response.success?
|
301
303
|
|
302
304
|
response.read_body(&block)
|
data/lib/puppet/type/package.rb
CHANGED
@@ -51,6 +51,7 @@ module Puppet
|
|
51
51
|
package database for installed version(s), and can select
|
52
52
|
which out of a set of available versions of a package to
|
53
53
|
install if asked."
|
54
|
+
feature :version_ranges, "The provider can ensure version ranges."
|
54
55
|
feature :holdable, "The provider is capable of placing packages on hold
|
55
56
|
such that they are not automatically upgraded as a result of
|
56
57
|
other package dependencies unless explicit action is taken by
|
@@ -80,10 +81,12 @@ module Puppet
|
|
80
81
|
specifying `purged` as the ensure value. This defaults to `installed`.
|
81
82
|
|
82
83
|
Version numbers must match the full version to install, including
|
83
|
-
release if the provider uses a release moniker.
|
84
|
-
patterns are not accepted except for the `gem` package provider. For
|
84
|
+
release if the provider uses a release moniker. For
|
85
85
|
example, to install the bash package from the rpm
|
86
86
|
`bash-4.1.2-29.el6.x86_64.rpm`, use the string `'4.1.2-29.el6'`.
|
87
|
+
|
88
|
+
On supported providers, version ranges can also be ensured. For example,
|
89
|
+
inequalities: `<2.0.0`, or intersections: `>1.0.0 <2.0.0`.
|
87
90
|
EOT
|
88
91
|
|
89
92
|
attr_accessor :latest
|
@@ -489,6 +492,26 @@ module Puppet
|
|
489
492
|
newvalues(:true, :false)
|
490
493
|
end
|
491
494
|
|
495
|
+
newparam(:enable_only, :boolean => false, :parent => Puppet::Parameter::Boolean) do
|
496
|
+
desc <<-EOT
|
497
|
+
Tells `dnf module` to only enable a specific module, instead
|
498
|
+
of installing its default profile.
|
499
|
+
|
500
|
+
Modules with no default profile will be enabled automatically
|
501
|
+
without the use of this parameter.
|
502
|
+
|
503
|
+
Conflicts with the `flavor` property, which selects a profile
|
504
|
+
to install.
|
505
|
+
EOT
|
506
|
+
defaultto false
|
507
|
+
|
508
|
+
validate do |value|
|
509
|
+
if [true, :true, "true"].include?(value) && @resource[:flavor]
|
510
|
+
raise ArgumentError, _('Cannot have both `enable_only => true` and `flavor`')
|
511
|
+
end
|
512
|
+
end
|
513
|
+
end
|
514
|
+
|
492
515
|
newparam(:install_only, :boolean => false, :parent => Puppet::Parameter::Boolean, :required_features => :install_only) do
|
493
516
|
desc <<-EOT
|
494
517
|
It should be set for packages that should only ever be installed,
|
data/lib/puppet/type/user.rb
CHANGED
@@ -493,25 +493,6 @@ module Puppet
|
|
493
493
|
provider.exists?
|
494
494
|
end
|
495
495
|
|
496
|
-
def retrieve
|
497
|
-
absent = false
|
498
|
-
properties.inject({}) { |prophash, property|
|
499
|
-
current_value = :absent
|
500
|
-
|
501
|
-
if absent
|
502
|
-
prophash[property] = :absent
|
503
|
-
else
|
504
|
-
current_value = property.retrieve
|
505
|
-
prophash[property] = current_value
|
506
|
-
end
|
507
|
-
|
508
|
-
if property.name == :ensure and current_value == :absent
|
509
|
-
absent = true
|
510
|
-
end
|
511
|
-
prophash
|
512
|
-
}
|
513
|
-
end
|
514
|
-
|
515
496
|
newproperty(:roles, :parent => Puppet::Property::List, :required_features => :manages_solaris_rbac) do
|
516
497
|
desc "The roles the user has. Multiple roles should be
|
517
498
|
specified as an array."
|
data/lib/puppet/util/at_fork.rb
CHANGED
@@ -13,7 +13,7 @@ require 'puppet'
|
|
13
13
|
# service.
|
14
14
|
module Puppet::Util::AtFork
|
15
15
|
@handler_class = loop do
|
16
|
-
if
|
16
|
+
if Puppet::Util::Platform.solaris?
|
17
17
|
begin
|
18
18
|
require 'puppet/util/at_fork/solaris'
|
19
19
|
# using break to return a value from the loop block
|