puppet 6.4.3 → 6.4.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (104) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +9 -9
  3. data/Gemfile +2 -2
  4. data/Gemfile.lock +23 -23
  5. data/ext/project_data.yaml +2 -2
  6. data/install.rb +3 -21
  7. data/lib/puppet/application/agent.rb +12 -0
  8. data/lib/puppet/application/device.rb +14 -4
  9. data/lib/puppet/application/resource.rb +4 -4
  10. data/lib/puppet/defaults.rb +12 -0
  11. data/lib/puppet/face/config.rb +10 -48
  12. data/lib/puppet/face/facts.rb +1 -1
  13. data/lib/puppet/face/help.rb +1 -1
  14. data/lib/puppet/face/plugin.rb +9 -2
  15. data/lib/puppet/indirector/catalog/compiler.rb +11 -5
  16. data/lib/puppet/module_tool/tar/mini.rb +11 -1
  17. data/lib/puppet/network/http/factory.rb +1 -11
  18. data/lib/puppet/provider/file/posix.rb +5 -0
  19. data/lib/puppet/provider/nameservice.rb +10 -3
  20. data/lib/puppet/provider/package/dnf.rb +1 -1
  21. data/lib/puppet/provider/package/pip.rb +2 -2
  22. data/lib/puppet/provider/package/rpm.rb +51 -13
  23. data/lib/puppet/provider/package/yum.rb +8 -4
  24. data/lib/puppet/provider/service/launchd.rb +20 -5
  25. data/lib/puppet/provider/service/systemd.rb +5 -10
  26. data/lib/puppet/provider/service/windows.rb +8 -0
  27. data/lib/puppet/provider/user/pw.rb +12 -3
  28. data/lib/puppet/provider/user/user_role_add.rb +4 -0
  29. data/lib/puppet/provider/user/useradd.rb +23 -7
  30. data/lib/puppet/resource.rb +17 -0
  31. data/lib/puppet/settings.rb +40 -0
  32. data/lib/puppet/type/exec.rb +14 -6
  33. data/lib/puppet/type/package.rb +10 -0
  34. data/lib/puppet/type/service.rb +7 -2
  35. data/lib/puppet/util/execution.rb +4 -3
  36. data/lib/puppet/util/http_proxy.rb +19 -5
  37. data/lib/puppet/util/selinux.rb +5 -1
  38. data/lib/puppet/util/windows/security.rb +2 -0
  39. data/lib/puppet/util/windows/service.rb +149 -4
  40. data/lib/puppet/util/windows/sid.rb +1 -0
  41. data/lib/puppet/version.rb +1 -1
  42. data/locales/puppet.pot +168 -152
  43. data/man/man5/puppet.conf.5 +18 -2
  44. data/man/man8/puppet-agent.8 +1 -1
  45. data/man/man8/puppet-apply.8 +1 -1
  46. data/man/man8/puppet-catalog.8 +1 -1
  47. data/man/man8/puppet-config.8 +1 -1
  48. data/man/man8/puppet-describe.8 +1 -1
  49. data/man/man8/puppet-device.8 +1 -1
  50. data/man/man8/puppet-doc.8 +1 -1
  51. data/man/man8/puppet-epp.8 +1 -1
  52. data/man/man8/puppet-facts.8 +1 -1
  53. data/man/man8/puppet-filebucket.8 +1 -1
  54. data/man/man8/puppet-generate.8 +1 -1
  55. data/man/man8/puppet-help.8 +1 -1
  56. data/man/man8/puppet-key.8 +1 -1
  57. data/man/man8/puppet-lookup.8 +1 -1
  58. data/man/man8/puppet-man.8 +1 -1
  59. data/man/man8/puppet-module.8 +1 -1
  60. data/man/man8/puppet-node.8 +1 -1
  61. data/man/man8/puppet-parser.8 +1 -1
  62. data/man/man8/puppet-plugin.8 +1 -1
  63. data/man/man8/puppet-report.8 +1 -1
  64. data/man/man8/puppet-resource.8 +1 -1
  65. data/man/man8/puppet-script.8 +1 -1
  66. data/man/man8/puppet-ssl.8 +1 -1
  67. data/man/man8/puppet-status.8 +1 -1
  68. data/man/man8/puppet.8 +3 -3
  69. data/spec/integration/provider/service/systemd_spec.rb +8 -5
  70. data/spec/integration/type/file_spec.rb +28 -0
  71. data/spec/integration/util/execution_spec.rb +27 -0
  72. data/spec/unit/application/agent_spec.rb +20 -8
  73. data/spec/unit/application/device_spec.rb +27 -1
  74. data/spec/unit/face/facts_spec.rb +9 -0
  75. data/spec/unit/face/plugin_spec.rb +8 -0
  76. data/spec/unit/indirector/catalog/compiler_spec.rb +62 -5
  77. data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
  78. data/spec/unit/network/http/api/indirected_routes_spec.rb +25 -10
  79. data/spec/unit/network/http/factory_spec.rb +27 -5
  80. data/spec/unit/pops/validator/validator_spec.rb +7 -0
  81. data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
  82. data/spec/unit/provider/package/dnf_spec.rb +7 -0
  83. data/spec/unit/provider/package/dpkg_spec.rb +2 -2
  84. data/spec/unit/provider/package/pip_spec.rb +8 -0
  85. data/spec/unit/provider/package/rpm_spec.rb +150 -16
  86. data/spec/unit/provider/package/yum_spec.rb +7 -0
  87. data/spec/unit/provider/service/launchd_spec.rb +28 -0
  88. data/spec/unit/provider/service/systemd_spec.rb +14 -0
  89. data/spec/unit/provider/service/windows_spec.rb +20 -0
  90. data/spec/unit/provider/user/pw_spec.rb +37 -0
  91. data/spec/unit/provider/user/useradd_spec.rb +42 -0
  92. data/spec/unit/resource_spec.rb +26 -1
  93. data/spec/unit/transaction_spec.rb +18 -0
  94. data/spec/unit/type/exec_spec.rb +9 -0
  95. data/spec/unit/type/file/source_spec.rb +4 -4
  96. data/spec/unit/type/schedule_spec.rb +3 -1
  97. data/spec/unit/type/service_spec.rb +16 -0
  98. data/spec/unit/util/http_proxy_spec.rb +40 -1
  99. data/spec/unit/util/log_spec.rb +27 -1
  100. data/spec/unit/util/windows/service_spec.rb +9 -0
  101. metadata +3 -7
  102. data/ext/windows/eventlog/Rakefile +0 -32
  103. data/ext/windows/eventlog/puppetres.dll +0 -0
  104. data/ext/windows/eventlog/puppetres.mc +0 -18
@@ -41,8 +41,15 @@ Puppet::Face.define(:plugin, '0.0.1') do
41
41
  when_invoked do |options|
42
42
  remote_environment_for_plugins = Puppet::Node::Environment.remote(Puppet[:environment])
43
43
 
44
- handler = Puppet::Configurer::PluginHandler.new()
45
- handler.download_plugins(remote_environment_for_plugins)
44
+ pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
45
+ Puppet.override(:http_pool => pool) do
46
+ begin
47
+ handler = Puppet::Configurer::PluginHandler.new()
48
+ handler.download_plugins(remote_environment_for_plugins)
49
+ ensure
50
+ pool.close
51
+ end
52
+ end
46
53
  end
47
54
 
48
55
  when_rendering :console do |value|
@@ -395,22 +395,28 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
395
395
 
396
396
  # And then add the server name and IP
397
397
  {"servername" => "fqdn",
398
- "serverip" => "ipaddress"
398
+ "serverip" => "ipaddress",
399
+ "serverip6" => "ipaddress6"
399
400
  }.each do |var, fact|
400
- if value = Facter.value(fact)
401
+ value = Facter.value(fact)
402
+ if !value.nil?
401
403
  @server_facts[var] = value
402
- else
403
- Puppet.warning _("Could not retrieve fact %{fact}") % { fact: fact }
404
404
  end
405
405
  end
406
406
 
407
407
  if @server_facts["servername"].nil?
408
408
  host = Facter.value(:hostname)
409
- if domain = Facter.value(:domain)
409
+ if host.nil?
410
+ Puppet.warning _("Could not retrieve fact servername")
411
+ elsif domain = Facter.value(:domain)
410
412
  @server_facts["servername"] = [host, domain].join(".")
411
413
  else
412
414
  @server_facts["servername"] = host
413
415
  end
414
416
  end
417
+
418
+ if @server_facts["serverip"].nil? && @server_facts["serverip6"].nil?
419
+ Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
420
+ end
415
421
  end
416
422
  end
@@ -1,7 +1,17 @@
1
1
  class Puppet::ModuleTool::Tar::Mini
2
2
  def unpack(sourcefile, destdir, _)
3
3
  Zlib::GzipReader.open(sourcefile) do |reader|
4
- Archive::Tar::Minitar.unpack(reader, destdir, find_valid_files(reader)) do |action, name, stats|
4
+ # puppet doesn't have a hard dependency on minitar, so we
5
+ # can't be certain which version is installed. If it's 0.9
6
+ # or above then we can prevent minitar from fsync'ing each
7
+ # extracted file and directory, otherwise fallback to the
8
+ # old behavior
9
+ args = [reader, destdir, find_valid_files(reader)]
10
+ spec = Gem::Specification.find_by_name('minitar')
11
+ if spec && spec.version >= Gem::Version.new('0.9')
12
+ args << {:fsync => false}
13
+ end
14
+ Archive::Tar::Minitar.unpack(*args) do |action, name, stats|
5
15
  case action
6
16
  when :dir
7
17
  validate_entry(destdir, name)
@@ -25,17 +25,7 @@ class Puppet::Network::HTTP::Factory
25
25
  def create_connection(site)
26
26
  Puppet.debug("Creating new connection for #{site}")
27
27
 
28
- args = [site.host, site.port]
29
-
30
- unless Puppet::Util::HttpProxy.no_proxy?(site)
31
- if Puppet[:http_proxy_host] == "none"
32
- args << nil << nil
33
- else
34
- args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port]
35
- end
36
- end
37
-
38
- http = Net::HTTP.new(*args)
28
+ http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
39
29
  http.use_ssl = site.use_ssl?
40
30
  http.read_timeout = Puppet[:http_read_timeout]
41
31
  http.open_timeout = Puppet[:http_connect_timeout]
@@ -8,6 +8,11 @@ Puppet::Type.type(:file).provide :posix do
8
8
  include Puppet::Util::Warnings
9
9
 
10
10
  require 'etc'
11
+ require 'puppet/util/selinux'
12
+
13
+ def self.post_resource_eval
14
+ Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
15
+ end
11
16
 
12
17
  def uid2name(id)
13
18
  return id.to_s if id.is_a?(Symbol) or id.is_a?(String)
@@ -172,9 +172,10 @@ class Puppet::Provider::NameService < Puppet::Provider
172
172
  end
173
173
 
174
174
  begin
175
- execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
175
+ sensitive = has_sensitive_data?
176
+ execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
176
177
  if feature?(:manages_password_age) && (cmd = passcmd)
177
- execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
178
+ execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
178
179
  end
179
180
  rescue Puppet::ExecutionFailure => detail
180
181
  raise Puppet::Error, _("Could not create %{resource} %{name}: %{detail}") % { resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
@@ -276,13 +277,19 @@ class Puppet::Provider::NameService < Puppet::Provider
276
277
  self.class.validate(param, value)
277
278
  cmd = modifycmd(param, munge(param, value))
278
279
  raise Puppet::DevError, _("Nameservice command must be an array") unless cmd.is_a?(Array)
280
+ sensitive = has_sensitive_data?(param)
279
281
  begin
280
- execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
282
+ execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
281
283
  rescue Puppet::ExecutionFailure => detail
282
284
  raise Puppet::Error, _("Could not set %{param} on %{resource}[%{name}]: %{detail}") % { param: param, resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
283
285
  end
284
286
  end
285
287
 
288
+ #Derived classes can override to declare sensitive data so a flag can be passed to execute
289
+ def has_sensitive_data?(property = nil)
290
+ false
291
+ end
292
+
286
293
  # From overriding Puppet::Property#insync? Ruby Etc::getpwnam < 2.1.0 always
287
294
  # returns a struct with binary encoded string values, and >= 2.1.0 will return
288
295
  # binary encoded strings for values incompatible with current locale charset,
@@ -9,7 +9,7 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
9
9
  These options should be specified as an array where each element is either
10
10
  a string or a hash."
11
11
 
12
- has_feature :install_options, :versionable, :virtual_packages
12
+ has_feature :install_options, :versionable, :virtual_packages, :install_only
13
13
 
14
14
  commands :cmd => "dnf", :rpm => "rpm"
15
15
 
@@ -86,9 +86,9 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
86
86
  end
87
87
 
88
88
  # Parse lines of output from `pip freeze`, which are structured as:
89
- # _package_==_version_
89
+ # _package_==_version_ or _package_===_version_
90
90
  def self.parse(line)
91
- if line.chomp =~ /^([^=]+)==([^=]+)$/
91
+ if line.chomp =~ /^([^=]+)===?([^=]+)$/
92
92
  {:ensure => $2, :name => $1, :provider => name}
93
93
  end
94
94
  end
@@ -13,6 +13,7 @@ These options should be specified as an array where each element is either a str
13
13
  has_feature :install_options
14
14
  has_feature :uninstall_options
15
15
  has_feature :virtual_packages
16
+ has_feature :install_only
16
17
 
17
18
  # Note: self:: is required here to keep these constants in the context of what will
18
19
  # eventually become this Puppet::Type::Package::ProviderRpm class.
@@ -20,6 +21,7 @@ These options should be specified as an array where each element is either a str
20
21
  self::NEVRA_FORMAT = %Q{%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\\n}
21
22
  self::NEVRA_REGEX = %r{^'?(\S+) (\S+) (\S+) (\S+) (\S+)$}
22
23
  self::NEVRA_FIELDS = [:name, :epoch, :version, :release, :arch]
24
+ self::MULTIVERSION_SEPARATOR = "; "
23
25
 
24
26
  ARCH_LIST = [
25
27
  'noarch',
@@ -79,12 +81,9 @@ These options should be specified as an array where each element is either a str
79
81
 
80
82
  # list out all of the packages
81
83
  begin
82
- execpipe("#{command(:rpm)} -qa #{nosignature} #{nodigest} --qf '#{self::NEVRA_FORMAT}'") { |process|
84
+ execpipe("#{command(:rpm)} -qa #{nosignature} #{nodigest} --qf '#{self::NEVRA_FORMAT}' | sort") { |process|
83
85
  # now turn each returned line into a package object
84
- process.each_line { |line|
85
- hash = nevra_to_hash(line)
86
- packages << new(hash) unless hash.empty?
87
- }
86
+ nevra_to_multiversion_hash(process).each { |hash| packages << new(hash) }
88
87
  }
89
88
  rescue Puppet::ExecutionFailure
90
89
  raise Puppet::Error, _("Failed to list packages"), $!.backtrace
@@ -100,7 +99,7 @@ These options should be specified as an array where each element is either a str
100
99
  #NOTE: Prior to a fix for issue 1243, this method potentially returned a cached value
101
100
  #IF YOU CALL THIS METHOD, IT WILL CALL RPM
102
101
  #Use get(:property) to check if cached values are available
103
- cmd = ["-q", @resource[:name], "#{self.class.nosignature}", "#{self.class.nodigest}", "--qf", "'#{self.class::NEVRA_FORMAT}'"]
102
+ cmd = ["-q", @resource[:name], "#{self.class.nosignature}", "#{self.class.nodigest}", "--qf", "#{self.class::NEVRA_FORMAT}"]
104
103
 
105
104
  begin
106
105
  output = rpm(*cmd)
@@ -117,9 +116,7 @@ These options should be specified as an array where each element is either a str
117
116
  return nil
118
117
  end
119
118
  end
120
- # FIXME: We could actually be getting back multiple packages
121
- # for multilib and this will only return the first such package
122
- @property_hash.update(self.class.nevra_to_hash(output))
119
+ @property_hash.update(self.class.nevra_to_multiversion_hash(output))
123
120
 
124
121
  @property_hash.dup
125
122
  end
@@ -130,8 +127,8 @@ These options should be specified as an array where each element is either a str
130
127
  @resource.fail _("RPMs must specify a package source")
131
128
  end
132
129
 
133
- cmd = [command(:rpm), "-q", "--qf", "'#{self.class::NEVRA_FORMAT}'", "-p", source]
134
- h = self.class.nevra_to_hash(execute(cmd))
130
+ cmd = [command(:rpm), "-q", "--qf", "#{self.class::NEVRA_FORMAT}", "-p", source]
131
+ h = self.class.nevra_to_multiversion_hash(execute(cmd))
135
132
  h[:ensure]
136
133
  rescue Puppet::ExecutionFailure => e
137
134
  raise Puppet::Error, e.message, e.backtrace
@@ -168,7 +165,11 @@ These options should be specified as an array where each element is either a str
168
165
  if @resource[:name].start_with? nav
169
166
  identifier = nav
170
167
  else
171
- identifier = name
168
+ if @resource[:install_only]
169
+ identifier = get(:ensure).split(self.class::MULTIVERSION_SEPARATOR).map { |ver| "#{name}-#{ver}" }
170
+ else
171
+ identifier = name
172
+ end
172
173
  end
173
174
  end
174
175
  # If an arch is specified in the resource, uninstall that arch,
@@ -308,8 +309,12 @@ These options should be specified as an array where each element is either a str
308
309
 
309
310
  def insync?(is)
310
311
  return false if [:purged, :absent].include?(is)
312
+ return false if is.include?(self.class::MULTIVERSION_SEPARATOR) && !@resource[:install_only]
313
+
311
314
  should = resource[:ensure]
312
- 0 == rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(is))
315
+ is.split(self.class::MULTIVERSION_SEPARATOR).any? do |version|
316
+ 0 == self.rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(version))
317
+ end
313
318
  end
314
319
 
315
320
  # parse a rpm "version" specification
@@ -412,4 +417,37 @@ These options should be specified as an array where each element is either a str
412
417
 
413
418
  return hash
414
419
  end
420
+
421
+ # @param line [String] multiple lines of rpm package query information
422
+ # @return list of [Hash] of NEVRA_FIELDS strings parsed from package info
423
+ # or an empty list if we failed to parse
424
+ # @api private
425
+ def self.nevra_to_multiversion_hash(multiline)
426
+ list = []
427
+ multiversion_hash = {}
428
+ multiline.each_line do |line|
429
+ hash = self.nevra_to_hash(line)
430
+ if !hash.empty?
431
+ if multiversion_hash.empty?
432
+ multiversion_hash = hash.dup
433
+ next
434
+ end
435
+
436
+ if multiversion_hash[:name] != hash[:name]
437
+ list << multiversion_hash
438
+ multiversion_hash = hash.dup
439
+ next
440
+ end
441
+
442
+ if !multiversion_hash[:ensure].include?(hash[:ensure])
443
+ multiversion_hash[:ensure].concat("#{self::MULTIVERSION_SEPARATOR}#{hash[:ensure]}")
444
+ end
445
+ end
446
+ end
447
+ list << multiversion_hash if multiversion_hash
448
+ if list.size == 1
449
+ return list[0]
450
+ end
451
+ return list
452
+ end
415
453
  end
@@ -8,7 +8,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
8
8
  This provider supports the `install_options` attribute, which allows command-line flags to be passed to yum.
9
9
  These options should be specified as an array where each element is either a string or a hash."
10
10
 
11
- has_feature :install_options, :versionable, :virtual_packages
11
+ has_feature :install_options, :versionable, :virtual_packages, :install_only
12
12
 
13
13
  commands :cmd => "yum", :rpm => "rpm"
14
14
 
@@ -203,7 +203,10 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
203
203
  end
204
204
  current_package = self.query
205
205
  if current_package
206
- if rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(current_package[:ensure])) < 0
206
+ if @resource[:install_only]
207
+ self.debug "Updating package #{@resource[:name]} from version #{current_package[:ensure]} to #{should} as install_only packages are never downgraded"
208
+ operation = update_command
209
+ elsif rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(current_package[:ensure])) < 0
207
210
  self.debug "Downgrading package #{@resource[:name]} from version #{current_package[:ensure]} to #{should}"
208
211
  operation = :downgrade
209
212
  elsif rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(current_package[:ensure])) > 0
@@ -228,10 +231,11 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
228
231
  is = self.query
229
232
  raise Puppet::Error, _("Could not find package %{name}") % { name: self.name } unless is
230
233
 
234
+ version = is[:ensure]
231
235
  # FIXME: Should we raise an exception even if should == :latest
232
236
  # and yum updated us to a version other than @param_hash[:ensure] ?
233
- vercmp_result = rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(is[:ensure]))
234
- raise Puppet::Error, _("Failed to update to version %{should}, got version %{version} instead") % { should: should, version: is[:ensure] } if vercmp_result != 0
237
+ raise Puppet::Error, _("Failed to update to version %{should}, got version %{version} instead") % { should: should, version: version } unless
238
+ insync?(version)
235
239
  end
236
240
  end
237
241
 
@@ -240,12 +240,20 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
240
240
  def status
241
241
  if @resource && ((@resource[:hasstatus] == :false) || (@resource[:status]))
242
242
  return super
243
- else
244
- if @property_hash[:status].nil?
245
- :absent
243
+ elsif @property_hash[:status].nil?
244
+ # property_hash was flushed so the service changed status
245
+ service_name = @resource[:name]
246
+ # Updating services with new statuses
247
+ job_list = self.class.job_list
248
+ # if job is present in job_list, return its status
249
+ if job_list.key?(service_name)
250
+ job_list[service_name]
251
+ # if job is no longer present in job_list, it was stopped
246
252
  else
247
- @property_hash[:status]
253
+ :stopped
248
254
  end
255
+ else
256
+ @property_hash[:status]
249
257
  end
250
258
  end
251
259
 
@@ -313,7 +321,14 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
313
321
  job_plist_disabled = nil
314
322
  overrides_disabled = nil
315
323
 
316
- _, job_plist = plist_from_label(resource[:name])
324
+ begin
325
+ _, job_plist = plist_from_label(resource[:name])
326
+ rescue Puppet::Error => err
327
+ # if job does not exist, log the error and return false as on other platforms
328
+ Puppet.log_exception(err)
329
+ return :false
330
+ end
331
+
317
332
  job_plist_disabled = job_plist["Disabled"] if job_plist.has_key?("Disabled")
318
333
 
319
334
  if FileTest.file?(self.class.launchd_overrides) and overrides = self.class.read_overrides
@@ -1,5 +1,7 @@
1
1
  # Manage systemd services using systemctl
2
2
 
3
+ require 'puppet/file_system'
4
+
3
5
  Puppet::Type.type(:service).provide :systemd, :parent => :base do
4
6
  desc "Manages `systemd` services using `systemctl`.
5
7
 
@@ -9,14 +11,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
9
11
 
10
12
  commands :systemctl => "systemctl"
11
13
 
12
- if Facter.value(:osfamily).downcase == 'debian'
13
- # With multiple init systems on Debian, it is possible to have
14
- # pieces of systemd around (e.g. systemctl) but not really be
15
- # using systemd. We do not do this on other platforms as it can
16
- # cause issues when running in a chroot without /run mounted
17
- # (PUP-5577)
18
- confine :exists => "/run/systemd/system"
19
- end
14
+ confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
20
15
 
21
16
  defaultfor :osfamily => [:archlinux]
22
17
  defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
@@ -24,8 +19,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
24
19
  defaultfor :osfamily => :suse
25
20
  defaultfor :osfamily => :coreos
26
21
  defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
27
- defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
28
-
22
+ defaultfor :operatingsystem => :debian
23
+ notdefaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["5", "6", "7"] # These are using the "debian" method
29
24
  defaultfor :operatingsystem => :LinuxMint
30
25
  notdefaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"] # These are using upstart
31
26
  defaultfor :operatingsystem => :ubuntu
@@ -35,6 +35,12 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
35
35
  raise Puppet::Error.new(_("Cannot enable %{resource_name} for manual start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
36
36
  end
37
37
 
38
+ def delayed_start
39
+ Puppet::Util::Windows::Service.set_startup_mode( @resource[:name], :SERVICE_AUTO_START, true )
40
+ rescue => detail
41
+ raise Puppet::Error.new(_("Cannot enable %{resource_name} for delayed start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
42
+ end
43
+
38
44
  def enabled?
39
45
  return :false unless Puppet::Util::Windows::Service.exists?(@resource[:name])
40
46
 
@@ -47,6 +53,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
47
53
  :true
48
54
  when :SERVICE_DEMAND_START
49
55
  :manual
56
+ when :SERVICE_DELAYED_AUTO_START
57
+ :delayed
50
58
  when :SERVICE_DISABLED
51
59
  :false
52
60
  else
@@ -66,11 +66,11 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
66
66
 
67
67
  # use pw to update password hash
68
68
  def password=(cryptopw)
69
- Puppet.debug "change password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
69
+ Puppet.debug "change password for user '#{@resource[:name]}' method called with hash [redacted]"
70
70
  stdin, _, _ = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
71
71
  stdin.puts(cryptopw)
72
72
  stdin.close
73
- Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
73
+ Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash [redacted]"
74
74
  end
75
75
 
76
76
  # get password from /etc/master.passwd
@@ -78,10 +78,19 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
78
78
  Puppet.debug "checking password for user '#{@resource[:name]}' method called"
79
79
  current_passline = `getent passwd #{@resource[:name]}`
80
80
  current_password = current_passline.chomp.split(':')[1] if current_passline
81
- Puppet.debug "finished password for user '#{@resource[:name]}' method called : '#{current_password}'"
81
+ Puppet.debug "finished password for user '#{@resource[:name]}' method called : [redacted]"
82
82
  current_password
83
83
  end
84
84
 
85
+ def has_sensitive_data?(property = nil)
86
+ #Check for sensitive values?
87
+ properties = property ? [property] : Puppet::Type.type(:user).validproperties
88
+ properties.any? do |prop|
89
+ p = @resource.parameter(prop)
90
+ p && p.respond_to?(:is_sensitive) && p.is_sensitive
91
+ end
92
+ end
93
+
85
94
  # Get expiry from system and convert to Puppet-style date
86
95
  def expiry
87
96
  expiry = self.get(:expiry)