puppet 6.4.2-universal-darwin → 6.4.3-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (79) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +17 -17
  3. data/ext/solaris/smf/puppet.xml +2 -0
  4. data/lib/hiera/scope.rb +7 -0
  5. data/lib/puppet.rb +1 -1
  6. data/lib/puppet/application/agent.rb +16 -5
  7. data/lib/puppet/application/device.rb +12 -3
  8. data/lib/puppet/application/ssl.rb +2 -0
  9. data/lib/puppet/configurer.rb +1 -1
  10. data/lib/puppet/network/http/factory.rb +5 -0
  11. data/lib/puppet/pops/types/types.rb +5 -3
  12. data/lib/puppet/provider.rb +1 -2
  13. data/lib/puppet/provider/package.rb +2 -0
  14. data/lib/puppet/provider/package/dpkg.rb +15 -2
  15. data/lib/puppet/provider/package/gem.rb +65 -29
  16. data/lib/puppet/provider/package/pip.rb +135 -111
  17. data/lib/puppet/provider/package/pip3.rb +1 -1
  18. data/lib/puppet/provider/package/puppet_gem.rb +1 -1
  19. data/lib/puppet/provider/package/rpm.rb +27 -16
  20. data/lib/puppet/provider/package/yum.rb +1 -1
  21. data/lib/puppet/provider/package_targetable.rb +68 -0
  22. data/lib/puppet/provider/service/upstart.rb +5 -3
  23. data/lib/puppet/provider/user/useradd.rb +16 -13
  24. data/lib/puppet/settings/server_list_setting.rb +9 -0
  25. data/lib/puppet/ssl/host.rb +1 -1
  26. data/lib/puppet/ssl/state_machine.rb +99 -28
  27. data/lib/puppet/type/package.rb +46 -9
  28. data/lib/puppet/util/pidlock.rb +3 -2
  29. data/lib/puppet/util/windows/process.rb +8 -8
  30. data/lib/puppet/util/windows/registry.rb +7 -1
  31. data/lib/puppet/util/windows/user.rb +14 -4
  32. data/lib/puppet/version.rb +1 -1
  33. data/locales/puppet.pot +115 -103
  34. data/man/man5/puppet.conf.5 +2 -2
  35. data/man/man8/puppet-agent.8 +1 -1
  36. data/man/man8/puppet-apply.8 +1 -1
  37. data/man/man8/puppet-catalog.8 +1 -1
  38. data/man/man8/puppet-config.8 +1 -1
  39. data/man/man8/puppet-describe.8 +1 -1
  40. data/man/man8/puppet-device.8 +1 -1
  41. data/man/man8/puppet-doc.8 +1 -1
  42. data/man/man8/puppet-epp.8 +1 -1
  43. data/man/man8/puppet-facts.8 +1 -1
  44. data/man/man8/puppet-filebucket.8 +1 -1
  45. data/man/man8/puppet-generate.8 +1 -1
  46. data/man/man8/puppet-help.8 +1 -1
  47. data/man/man8/puppet-key.8 +1 -1
  48. data/man/man8/puppet-lookup.8 +1 -1
  49. data/man/man8/puppet-man.8 +1 -1
  50. data/man/man8/puppet-module.8 +1 -1
  51. data/man/man8/puppet-node.8 +1 -1
  52. data/man/man8/puppet-parser.8 +1 -1
  53. data/man/man8/puppet-plugin.8 +1 -1
  54. data/man/man8/puppet-report.8 +1 -1
  55. data/man/man8/puppet-resource.8 +1 -1
  56. data/man/man8/puppet-script.8 +1 -1
  57. data/man/man8/puppet-ssl.8 +1 -1
  58. data/man/man8/puppet-status.8 +1 -1
  59. data/man/man8/puppet.8 +2 -2
  60. data/spec/integration/type/package_spec.rb +1 -1
  61. data/spec/integration/util/windows/registry_spec.rb +52 -0
  62. data/spec/integration/util/windows/user_spec.rb +19 -0
  63. data/spec/unit/application/agent_spec.rb +53 -32
  64. data/spec/unit/application/ssl_spec.rb +13 -0
  65. data/spec/unit/configurer_spec.rb +1 -1
  66. data/spec/unit/functions/new_spec.rb +15 -0
  67. data/spec/unit/hiera/scope_spec.rb +7 -0
  68. data/spec/unit/network/http/factory_spec.rb +6 -0
  69. data/spec/unit/provider/package/dpkg_spec.rb +18 -1
  70. data/spec/unit/provider/package/gem_spec.rb +101 -48
  71. data/spec/unit/provider/package/pip3_spec.rb +17 -0
  72. data/spec/unit/provider/package/pip_spec.rb +57 -67
  73. data/spec/unit/provider/package/puppet_gem_spec.rb +22 -6
  74. data/spec/unit/provider/package/rpm_spec.rb +116 -27
  75. data/spec/unit/provider/service/upstart_spec.rb +3 -22
  76. data/spec/unit/settings/server_list_setting_spec.rb +21 -0
  77. data/spec/unit/ssl/state_machine_spec.rb +206 -83
  78. data/spec/unit/util/pidlock_spec.rb +26 -0
  79. metadata +5 -2
@@ -28,14 +28,16 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
28
28
  # We only want to use upstart as our provider if the upstart daemon is running.
29
29
  # This can be checked by running `initctl version --quiet` on a machine that has
30
30
  # upstart installed.
31
- confine :true => lambda {
31
+ confine :true => lambda { has_initctl? }
32
+
33
+ def self.has_initctl?
32
34
  # Puppet::Util::Execution.execute does not currently work on jRuby.
33
35
  # Unfortunately, since this confine is invoked whenever we check for
34
36
  # provider suitability and since provider suitability is still checked
35
37
  # on the master, this confine will still be invoked on the master. Thus
36
38
  # to avoid raising an exception, we do an early return if we're running
37
39
  # on jRuby.
38
- next false if Puppet::Util::Platform.jruby?
40
+ return false if Puppet::Util::Platform.jruby?
39
41
 
40
42
  begin
41
43
  initctl('version', '--quiet')
@@ -43,7 +45,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
43
45
  rescue
44
46
  false
45
47
  end
46
- }
48
+ end
47
49
 
48
50
  # upstart developer haven't implemented initctl enable/disable yet:
49
51
  # http://www.linuxplanet.com/linuxplanet/tutorials/7033/2/
@@ -105,11 +105,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
105
105
  # because by default duplicates are allowed. This check is
106
106
  # to ensure consistent behaviour of the useradd provider when
107
107
  # using both useradd and luseradd
108
- if not @resource.allowdupe? and @resource.forcelocal?
109
- if @resource.should(:uid) and finduser('uid', @resource.should(:uid).to_s)
108
+ if (!@resource.allowdupe?) && @resource.forcelocal?
109
+ if @resource.should(:uid) && finduser('uid', @resource.should(:uid).to_s)
110
110
  raise(Puppet::Error, "UID #{@resource.should(:uid).to_s} already exists, use allowdupe to force user creation")
111
111
  end
112
- elsif @resource.allowdupe? and not @resource.forcelocal?
112
+ elsif @resource.allowdupe? && (!@resource.forcelocal?)
113
113
  return ["-o"]
114
114
  end
115
115
  []
@@ -126,16 +126,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
126
126
 
127
127
  def check_manage_home
128
128
  cmd = []
129
- if @resource.managehome? and not @resource.forcelocal?
129
+ if @resource.managehome? && (!@resource.forcelocal?)
130
130
  cmd << "-m"
131
- elsif not @resource.managehome? and Facter.value(:osfamily) == 'RedHat'
131
+ elsif (!@resource.managehome?) && Facter.value(:osfamily) == 'RedHat'
132
132
  cmd << "-M"
133
133
  end
134
134
  cmd
135
135
  end
136
136
 
137
137
  def check_system_users
138
- if self.class.system_users? and resource.system?
138
+ if self.class.system_users? && resource.system?
139
139
  ["-r"]
140
140
  else
141
141
  []
@@ -149,11 +149,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
149
149
  Puppet::Type.type(:user).validproperties.sort.each do |property|
150
150
  next if property == :ensure
151
151
  next if property_manages_password_age?(property)
152
- next if property == :groups and @resource.forcelocal?
153
- next if property == :expiry and @resource.forcelocal?
152
+ next if (property == :groups) && @resource.forcelocal?
153
+ next if (property == :expiry) && @resource.forcelocal?
154
154
  # the value needs to be quoted, mostly because -c might
155
155
  # have spaces in it
156
- if value = @resource.should(property) and value != ""
156
+ if (value = @resource.should(property)) && (value != "")
157
157
  cmd << flag(property) << munge(property, value)
158
158
  end
159
159
  end
@@ -167,7 +167,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
167
167
  else
168
168
  cmd = [command(:add)]
169
169
  end
170
- if not @resource.should(:gid) and Puppet::Util.gid(@resource[:name])
170
+ if (!@resource.should(:gid)) && Puppet::Util.gid(@resource[:name])
171
171
  cmd += ["-g", @resource[:name]]
172
172
  end
173
173
  cmd += add_properties
@@ -203,7 +203,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
203
203
  else
204
204
  cmd = [command(:delete)]
205
205
  end
206
- cmd += @resource.managehome? ? ['-r'] : []
206
+ # Solaris `userdel -r` will fail if the homedir does not exist.
207
+ if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
208
+ cmd << '-r'
209
+ end
207
210
  cmd << @resource[:name]
208
211
  end
209
212
 
@@ -239,10 +242,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
239
242
  check_valid_shell
240
243
  end
241
244
  super
242
- if @resource.forcelocal? and self.groups?
245
+ if @resource.forcelocal? && self.groups?
243
246
  set(:groups, @resource[:groups])
244
247
  end
245
- if @resource.forcelocal? and @resource[:expiry]
248
+ if @resource.forcelocal? && @resource[:expiry]
246
249
  set(:expiry, @resource[:expiry])
247
250
  end
248
251
  end
@@ -4,6 +4,15 @@ class Puppet::Settings::ServerListSetting < Puppet::Settings::ArraySetting
4
4
  :server_list
5
5
  end
6
6
 
7
+ def print(value)
8
+ if value.is_a?(Array)
9
+ #turn into a string
10
+ value.map {|item| item.join(":") }.join(",")
11
+ else
12
+ value
13
+ end
14
+ end
15
+
7
16
  def munge(value)
8
17
  servers = super
9
18
  servers.map! { |server|
@@ -121,7 +121,7 @@ class Puppet::SSL::Host
121
121
  generate_key unless key
122
122
 
123
123
  # get CA and optional CRL
124
- sm = Puppet::SSL::StateMachine.new
124
+ sm = Puppet::SSL::StateMachine.new(onetime: true)
125
125
  sm.ensure_ca_certificates
126
126
 
127
127
  cert = get_host_certificate
@@ -17,8 +17,14 @@ class Puppet::SSL::StateMachine
17
17
  def initialize(machine, ssl_context)
18
18
  @machine = machine
19
19
  @ssl_context = ssl_context
20
- @cert_provider = Puppet::X509::CertProvider.new
21
- @ssl_provider = Puppet::SSL::SSLProvider.new
20
+ @cert_provider = machine.cert_provider
21
+ @ssl_provider = machine.ssl_provider
22
+ end
23
+
24
+ def to_error(message, cause)
25
+ detail = Puppet::Error.new(message)
26
+ detail.set_backtrace(cause.backtrace)
27
+ Error.new(@machine, message, detail)
22
28
  end
23
29
  end
24
30
 
@@ -45,11 +51,13 @@ class Puppet::SSL::StateMachine
45
51
  end
46
52
 
47
53
  NeedCRLs.new(@machine, next_ctx)
54
+ rescue OpenSSL::X509::CertificateError => e
55
+ Error.new(@machine, e.message, e)
48
56
  rescue Puppet::Rest::ResponseError => e
49
57
  if e.response.code.to_i == 404
50
- raise Puppet::Error.new(_('CA certificate is missing from the server'))
58
+ to_error(_('CA certificate is missing from the server'), e)
51
59
  else
52
- raise Puppet::Error.new(_('Could not download CA certificate: %{message}') % { message: e.message }, e)
60
+ to_error(_('Could not download CA certificate: %{message}') % { message: e.message }, e)
53
61
  end
54
62
  end
55
63
  end
@@ -82,11 +90,13 @@ class Puppet::SSL::StateMachine
82
90
  end
83
91
 
84
92
  NeedKey.new(@machine, next_ctx)
93
+ rescue OpenSSL::X509::CRLError => e
94
+ Error.new(@machine, e.message, e)
85
95
  rescue Puppet::Rest::ResponseError => e
86
96
  if e.response.code.to_i == 404
87
- raise Puppet::Error.new(_('CRL is missing from the server'))
97
+ to_error(_('CRL is missing from the server'), e)
88
98
  else
89
- raise Puppet::Error.new(_('Could not download CRLs: %{message}') % { message: e.message }, e)
99
+ to_error(_('Could not download CRLs: %{message}') % { message: e.message }, e)
90
100
  end
91
101
  end
92
102
  end
@@ -145,11 +155,11 @@ class Puppet::SSL::StateMachine
145
155
  @cert_provider.save_request(Puppet[:certname], csr)
146
156
  NeedCert.new(@machine, @ssl_context, @private_key)
147
157
  rescue Puppet::Rest::ResponseError => e
148
- if e.response.code.to_i != 400
149
- raise Puppet::SSL::SSLError.new(_("Failed to submit the CSR, HTTP response was %{code}") % { code: e.response.code }, e)
158
+ if e.response.code.to_i == 400
159
+ NeedCert.new(@machine, @ssl_context, @private_key)
160
+ else
161
+ to_error(_("Failed to submit the CSR, HTTP response was %{code}") % { code: e.response.code }, e)
150
162
  end
151
-
152
- NeedCert.new(@machine, @ssl_context, @private_key)
153
163
  end
154
164
  end
155
165
 
@@ -170,34 +180,37 @@ class Puppet::SSL::StateMachine
170
180
  @cert_provider.delete_request(Puppet[:certname])
171
181
  Done.new(@machine, next_ctx)
172
182
  rescue Puppet::SSL::SSLError => e
173
- Puppet.log_exception(e)
174
- Wait.new(@machine, @ssl_context)
183
+ Error.new(@machine, e.message, e)
175
184
  rescue OpenSSL::X509::CertificateError => e
176
- Puppet.log_exception(e, _("Failed to parse certificate: %{message}") % {message: e.message})
177
- Wait.new(@machine, @ssl_context)
185
+ Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
178
186
  rescue Puppet::Rest::ResponseError => e
179
187
  if e.response.code.to_i == 404
180
188
  Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
189
+ $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
190
+ Wait.new(@machine)
181
191
  else
182
- Puppet.log_exception(e, _("Failed to retrieve certificate for %{certname}: %{message}") %
183
- {certname: Puppet[:certname], message: e.response.message})
192
+ to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
193
+ {certname: Puppet[:certname], message: e.response.message}, e)
184
194
  end
185
- Wait.new(@machine, @ssl_context)
186
195
  end
187
196
  end
188
197
 
189
- # We cannot make progress, so wait if allowed to do so, or error.
198
+ # We cannot make progress, so wait if allowed to do so, or exit.
190
199
  #
191
200
  class Wait < SSLState
201
+ def initialize(machine)
202
+ super(machine, nil)
203
+ end
204
+
192
205
  def next_state
193
206
  time = @machine.waitforcert
194
207
  if time < 1
195
- puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Exiting now because the waitforcert setting is set to 0.") % { name: Puppet[:certname] }
208
+ puts _("Exiting now because the waitforcert setting is set to 0.")
196
209
  exit(1)
197
210
  else
198
- Puppet.info(_("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Will try again in %{time} seconds.") % {name: Puppet[:certname], time: time})
211
+ Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
199
212
 
200
- sleep(time)
213
+ Kernel.sleep(time)
201
214
 
202
215
  # our ssl directory may have been cleaned while we were
203
216
  # sleeping, start over from the top
@@ -206,28 +219,68 @@ class Puppet::SSL::StateMachine
206
219
  end
207
220
  end
208
221
 
222
+ # We cannot make progress due to an error.
223
+ #
224
+ class Error < SSLState
225
+ attr_reader :message, :error
226
+
227
+ def initialize(machine, message, error)
228
+ super(machine, nil)
229
+ @message = message
230
+ @error = error
231
+ end
232
+
233
+ def next_state
234
+ Puppet.log_exception(@error, @message)
235
+ Wait.new(@machine)
236
+ end
237
+ end
238
+
209
239
  # We have a CA bundle, optional CRL bundle, a private key and matching cert
210
240
  # that chains to one of the root certs in our bundle.
211
241
  #
212
242
  class Done < SSLState; end
213
243
 
214
- attr_reader :waitforcert
244
+ attr_reader :waitforcert, :cert_provider, :ssl_provider
215
245
 
216
- def initialize(waitforcert: Puppet[:waitforcert])
246
+ # Construct a state machine to manage the SSL initialization process. By
247
+ # default, if the state machine encounters an exception, it will log the
248
+ # exception and wait for `waitforcert` seconds and retry, restarting from the
249
+ # beginning of the state machine.
250
+ #
251
+ # However, if `onetime` is true, then the state machine will raise the first
252
+ # error it encounters, instead of waiting. Otherwise, if `waitforcert` is 0,
253
+ # then then state machine will exit instead of wait.
254
+ #
255
+ # @param waitforcert [Integer] how many seconds to wait between attempts
256
+ # @param onetime [Boolean] whether to run onetime
257
+ # @param cert_provider [Puppet::X509::CertProvider] cert provider to use
258
+ # to load and save X509 objects.
259
+ # @param ssl_provider [Puppet::SSL::SSLProvider] ssl provider to use
260
+ # to construct ssl contexts.
261
+ def initialize(waitforcert: Puppet[:waitforcert],
262
+ onetime: Puppet[:onetime],
263
+ cert_provider: Puppet::X509::CertProvider.new,
264
+ ssl_provider: Puppet::SSL::SSLProvider.new)
217
265
  @waitforcert = waitforcert
266
+ @onetime = onetime
267
+ @cert_provider = cert_provider
268
+ @ssl_provider = ssl_provider
218
269
  end
219
270
 
220
- # Run the state machine for CA certs and CRLs
271
+ # Run the state machine for CA certs and CRLs.
221
272
  #
222
273
  # @return [Puppet::SSL::SSLContext] initialized SSLContext
274
+ # @raise [Puppet::Error] If we fail to generate an SSLContext
223
275
  def ensure_ca_certificates
224
276
  final_state = run_machine(NeedCACerts.new(self), NeedKey)
225
277
  final_state.ssl_context
226
278
  end
227
279
 
228
- # Run the state machine for CA certs and CRLs
280
+ # Run the state machine for CA certs and CRLs.
229
281
  #
230
282
  # @return [Puppet::SSL::SSLContext] initialized SSLContext
283
+ # @raise [Puppet::Error] If we fail to generate an SSLContext
231
284
  def ensure_client_certificate
232
285
  final_state = run_machine(NeedCACerts.new(self), Done)
233
286
  ssl_context = final_state.ssl_context
@@ -252,9 +305,27 @@ class Puppet::SSL::StateMachine
252
305
 
253
306
  def run_machine(state, stop)
254
307
  loop do
255
- state = state.next_state
256
-
257
- return state if state.is_a?(stop)
308
+ state = run_step(state)
309
+
310
+ case state
311
+ when stop
312
+ break
313
+ when Error
314
+ if @onetime
315
+ Puppet.log_exception(state.error)
316
+ raise state.error
317
+ end
318
+ else
319
+ # fall through
320
+ end
258
321
  end
322
+
323
+ state
324
+ end
325
+
326
+ def run_step(state)
327
+ state.next_state
328
+ rescue => e
329
+ state.to_error(e.message, e)
259
330
  end
260
331
  end
@@ -20,8 +20,8 @@ module Puppet
20
20
  requires in order to function, and you must meet those requirements
21
21
  to use a given provider.
22
22
 
23
- You can declare multiple package resources with the same `name`, as long
24
- as they specify different providers and have unique titles.
23
+ You can declare multiple package resources with the same `name` as long
24
+ as they have unique titles, and specify different providers and commands.
25
25
 
26
26
  Note that you must use the _title_ to make a reference to a package
27
27
  resource; `Package[<NAME>]` is not a synonym for `Package[<TITLE>]` like
@@ -66,6 +66,8 @@ module Puppet
66
66
  :methods => [:package_settings_insync?, :package_settings, :package_settings=]
67
67
  feature :virtual_packages, "The provider accepts virtual package names for install and uninstall."
68
68
 
69
+ feature :targetable, "The provider accepts a targeted package management command."
70
+
69
71
  ensurable do
70
72
  desc <<-EOT
71
73
  What state the package should be in. On packaging systems that can
@@ -275,20 +277,55 @@ module Puppet
275
277
  [:provider]
276
278
  end
277
279
 
278
- # We have more than one namevar, so we need title_patterns. However, we
279
- # cheat and set the patterns to map to name only and completely ignore
280
- # provider. So far, the logic that determines uniqueness appears to just
281
- # "Do The Right Thing™" when the provider is explicitly set by the user.
280
+ # Specify a targeted package management command.
281
+ newparam(:command, :required_features => :targetable) do
282
+ desc <<-EOT
283
+ The targeted command to use when managing a package:
284
+
285
+ package { 'mysql':
286
+ provider => gem,
287
+ }
288
+
289
+ package { 'mysql-opt':
290
+ name => 'mysql',
291
+ provider => gem,
292
+ command => '/opt/ruby/bin/gem',
293
+ }
294
+
295
+ Each provider defines a package management command; and uses the first
296
+ instance of the command found in the PATH.
297
+
298
+ Providers supporting the targetable feature allow you to specify the
299
+ absolute path of the package management command; useful when multiple
300
+ instances of the command are installed, or the command is not in the PATH.
301
+ EOT
302
+
303
+ isnamevar
304
+ defaultto :default
305
+ end
306
+
307
+ # We have more than one namevar, so we need title_patterns.
308
+ # However, we cheat and set the patterns to map to name only
309
+ # and completely ignore provider (and command, for targetable providers).
310
+ # So far, the logic that determines uniqueness appears to just
311
+ # "Do The Right Thing™" when provider (and command) are explicitly set.
282
312
  #
283
313
  # The following resources will be seen as unique by puppet:
284
314
  #
285
315
  # # Uniqueness Key: ['mysql', nil]
286
- # package{'mysql': }
316
+ # package {'mysql': }
317
+ #
318
+ # # Uniqueness Key: ['mysql', 'gem', nil]
319
+ # package {'gem-mysql':
320
+ # name => 'mysql,
321
+ # provider => gem,
322
+ # }
287
323
  #
288
- # # Uniqueness Key: ['mysql', 'gem']
289
- # package{'gem-mysql':
324
+ # # Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem']
325
+ # package {'gem-mysql-opt':
290
326
  # name => 'mysql,
291
327
  # provider => gem
328
+ # command => '/opt/ruby/bin/gem',
292
329
  # }
293
330
  #
294
331
  # This does not handle the case where providers like 'yum' and 'rpm' should
@@ -62,12 +62,13 @@ class Puppet::Util::Pidlock
62
62
  # POSIX and Windows platforms (PUP-9247).
63
63
  if Puppet.features.posix?
64
64
  procname = Puppet::Util::Execution.execute(["ps", "-p", lock_pid, "-o", "comm="]).strip
65
- @lockfile.unlock unless procname =~ /puppet(-.*)?$/
65
+ args = Puppet::Util::Execution.execute(["ps", "-p", lock_pid, "-o", "args="]).strip
66
+ @lockfile.unlock unless procname =~ /ruby/ && args =~ /puppet/ || procname =~ /puppet(-.*)?$/
66
67
  elsif Puppet.features.microsoft_windows?
67
68
  # On Windows, we're checking if the filesystem path name of the running
68
69
  # process is our vendored ruby:
69
70
  exe_path = Puppet::Util::Windows::Process::get_process_image_name_by_pid(lock_pid)
70
- @lockfile.unlock unless exe_path =~ /Puppet\\puppet\\bin\\ruby.exe/
71
+ @lockfile.unlock unless exe_path =~ /\\bin\\ruby.exe$/
71
72
  end
72
73
  end
73
74
  private :clear_if_stale