puppet 6.4.3 → 6.4.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +9 -9
- data/Gemfile +2 -2
- data/Gemfile.lock +23 -23
- data/ext/project_data.yaml +2 -2
- data/install.rb +3 -21
- data/lib/puppet/application/agent.rb +12 -0
- data/lib/puppet/application/device.rb +14 -4
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/defaults.rb +12 -0
- data/lib/puppet/face/config.rb +10 -48
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +9 -2
- data/lib/puppet/indirector/catalog/compiler.rb +11 -5
- data/lib/puppet/module_tool/tar/mini.rb +11 -1
- data/lib/puppet/network/http/factory.rb +1 -11
- data/lib/puppet/provider/file/posix.rb +5 -0
- data/lib/puppet/provider/nameservice.rb +10 -3
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/pip.rb +2 -2
- data/lib/puppet/provider/package/rpm.rb +51 -13
- data/lib/puppet/provider/package/yum.rb +8 -4
- data/lib/puppet/provider/service/launchd.rb +20 -5
- data/lib/puppet/provider/service/systemd.rb +5 -10
- data/lib/puppet/provider/service/windows.rb +8 -0
- data/lib/puppet/provider/user/pw.rb +12 -3
- data/lib/puppet/provider/user/user_role_add.rb +4 -0
- data/lib/puppet/provider/user/useradd.rb +23 -7
- data/lib/puppet/resource.rb +17 -0
- data/lib/puppet/settings.rb +40 -0
- data/lib/puppet/type/exec.rb +14 -6
- data/lib/puppet/type/package.rb +10 -0
- data/lib/puppet/type/service.rb +7 -2
- data/lib/puppet/util/execution.rb +4 -3
- data/lib/puppet/util/http_proxy.rb +19 -5
- data/lib/puppet/util/selinux.rb +5 -1
- data/lib/puppet/util/windows/security.rb +2 -0
- data/lib/puppet/util/windows/service.rb +149 -4
- data/lib/puppet/util/windows/sid.rb +1 -0
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +168 -152
- data/man/man5/puppet.conf.5 +18 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +3 -3
- data/spec/integration/provider/service/systemd_spec.rb +8 -5
- data/spec/integration/type/file_spec.rb +28 -0
- data/spec/integration/util/execution_spec.rb +27 -0
- data/spec/unit/application/agent_spec.rb +20 -8
- data/spec/unit/application/device_spec.rb +27 -1
- data/spec/unit/face/facts_spec.rb +9 -0
- data/spec/unit/face/plugin_spec.rb +8 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +62 -5
- data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
- data/spec/unit/network/http/api/indirected_routes_spec.rb +25 -10
- data/spec/unit/network/http/factory_spec.rb +27 -5
- data/spec/unit/pops/validator/validator_spec.rb +7 -0
- data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
- data/spec/unit/provider/package/dnf_spec.rb +7 -0
- data/spec/unit/provider/package/dpkg_spec.rb +2 -2
- data/spec/unit/provider/package/pip_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +150 -16
- data/spec/unit/provider/package/yum_spec.rb +7 -0
- data/spec/unit/provider/service/launchd_spec.rb +28 -0
- data/spec/unit/provider/service/systemd_spec.rb +14 -0
- data/spec/unit/provider/service/windows_spec.rb +20 -0
- data/spec/unit/provider/user/pw_spec.rb +37 -0
- data/spec/unit/provider/user/useradd_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +26 -1
- data/spec/unit/transaction_spec.rb +18 -0
- data/spec/unit/type/exec_spec.rb +9 -0
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/schedule_spec.rb +3 -1
- data/spec/unit/type/service_spec.rb +16 -0
- data/spec/unit/util/http_proxy_spec.rb +40 -1
- data/spec/unit/util/log_spec.rb +27 -1
- data/spec/unit/util/windows/service_spec.rb +9 -0
- metadata +3 -7
- data/ext/windows/eventlog/Rakefile +0 -32
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +0 -18
data/lib/puppet/face/plugin.rb
CHANGED
@@ -41,8 +41,15 @@ Puppet::Face.define(:plugin, '0.0.1') do
|
|
41
41
|
when_invoked do |options|
|
42
42
|
remote_environment_for_plugins = Puppet::Node::Environment.remote(Puppet[:environment])
|
43
43
|
|
44
|
-
|
45
|
-
|
44
|
+
pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
|
45
|
+
Puppet.override(:http_pool => pool) do
|
46
|
+
begin
|
47
|
+
handler = Puppet::Configurer::PluginHandler.new()
|
48
|
+
handler.download_plugins(remote_environment_for_plugins)
|
49
|
+
ensure
|
50
|
+
pool.close
|
51
|
+
end
|
52
|
+
end
|
46
53
|
end
|
47
54
|
|
48
55
|
when_rendering :console do |value|
|
@@ -395,22 +395,28 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
|
|
395
395
|
|
396
396
|
# And then add the server name and IP
|
397
397
|
{"servername" => "fqdn",
|
398
|
-
"serverip"
|
398
|
+
"serverip" => "ipaddress",
|
399
|
+
"serverip6" => "ipaddress6"
|
399
400
|
}.each do |var, fact|
|
400
|
-
|
401
|
+
value = Facter.value(fact)
|
402
|
+
if !value.nil?
|
401
403
|
@server_facts[var] = value
|
402
|
-
else
|
403
|
-
Puppet.warning _("Could not retrieve fact %{fact}") % { fact: fact }
|
404
404
|
end
|
405
405
|
end
|
406
406
|
|
407
407
|
if @server_facts["servername"].nil?
|
408
408
|
host = Facter.value(:hostname)
|
409
|
-
if
|
409
|
+
if host.nil?
|
410
|
+
Puppet.warning _("Could not retrieve fact servername")
|
411
|
+
elsif domain = Facter.value(:domain)
|
410
412
|
@server_facts["servername"] = [host, domain].join(".")
|
411
413
|
else
|
412
414
|
@server_facts["servername"] = host
|
413
415
|
end
|
414
416
|
end
|
417
|
+
|
418
|
+
if @server_facts["serverip"].nil? && @server_facts["serverip6"].nil?
|
419
|
+
Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
|
420
|
+
end
|
415
421
|
end
|
416
422
|
end
|
@@ -1,7 +1,17 @@
|
|
1
1
|
class Puppet::ModuleTool::Tar::Mini
|
2
2
|
def unpack(sourcefile, destdir, _)
|
3
3
|
Zlib::GzipReader.open(sourcefile) do |reader|
|
4
|
-
|
4
|
+
# puppet doesn't have a hard dependency on minitar, so we
|
5
|
+
# can't be certain which version is installed. If it's 0.9
|
6
|
+
# or above then we can prevent minitar from fsync'ing each
|
7
|
+
# extracted file and directory, otherwise fallback to the
|
8
|
+
# old behavior
|
9
|
+
args = [reader, destdir, find_valid_files(reader)]
|
10
|
+
spec = Gem::Specification.find_by_name('minitar')
|
11
|
+
if spec && spec.version >= Gem::Version.new('0.9')
|
12
|
+
args << {:fsync => false}
|
13
|
+
end
|
14
|
+
Archive::Tar::Minitar.unpack(*args) do |action, name, stats|
|
5
15
|
case action
|
6
16
|
when :dir
|
7
17
|
validate_entry(destdir, name)
|
@@ -25,17 +25,7 @@ class Puppet::Network::HTTP::Factory
|
|
25
25
|
def create_connection(site)
|
26
26
|
Puppet.debug("Creating new connection for #{site}")
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
unless Puppet::Util::HttpProxy.no_proxy?(site)
|
31
|
-
if Puppet[:http_proxy_host] == "none"
|
32
|
-
args << nil << nil
|
33
|
-
else
|
34
|
-
args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port]
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
http = Net::HTTP.new(*args)
|
28
|
+
http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
|
39
29
|
http.use_ssl = site.use_ssl?
|
40
30
|
http.read_timeout = Puppet[:http_read_timeout]
|
41
31
|
http.open_timeout = Puppet[:http_connect_timeout]
|
@@ -8,6 +8,11 @@ Puppet::Type.type(:file).provide :posix do
|
|
8
8
|
include Puppet::Util::Warnings
|
9
9
|
|
10
10
|
require 'etc'
|
11
|
+
require 'puppet/util/selinux'
|
12
|
+
|
13
|
+
def self.post_resource_eval
|
14
|
+
Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
|
15
|
+
end
|
11
16
|
|
12
17
|
def uid2name(id)
|
13
18
|
return id.to_s if id.is_a?(Symbol) or id.is_a?(String)
|
@@ -172,9 +172,10 @@ class Puppet::Provider::NameService < Puppet::Provider
|
|
172
172
|
end
|
173
173
|
|
174
174
|
begin
|
175
|
-
|
175
|
+
sensitive = has_sensitive_data?
|
176
|
+
execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
176
177
|
if feature?(:manages_password_age) && (cmd = passcmd)
|
177
|
-
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
|
178
|
+
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
178
179
|
end
|
179
180
|
rescue Puppet::ExecutionFailure => detail
|
180
181
|
raise Puppet::Error, _("Could not create %{resource} %{name}: %{detail}") % { resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
|
@@ -276,13 +277,19 @@ class Puppet::Provider::NameService < Puppet::Provider
|
|
276
277
|
self.class.validate(param, value)
|
277
278
|
cmd = modifycmd(param, munge(param, value))
|
278
279
|
raise Puppet::DevError, _("Nameservice command must be an array") unless cmd.is_a?(Array)
|
280
|
+
sensitive = has_sensitive_data?(param)
|
279
281
|
begin
|
280
|
-
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
|
282
|
+
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
281
283
|
rescue Puppet::ExecutionFailure => detail
|
282
284
|
raise Puppet::Error, _("Could not set %{param} on %{resource}[%{name}]: %{detail}") % { param: param, resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
|
283
285
|
end
|
284
286
|
end
|
285
287
|
|
288
|
+
#Derived classes can override to declare sensitive data so a flag can be passed to execute
|
289
|
+
def has_sensitive_data?(property = nil)
|
290
|
+
false
|
291
|
+
end
|
292
|
+
|
286
293
|
# From overriding Puppet::Property#insync? Ruby Etc::getpwnam < 2.1.0 always
|
287
294
|
# returns a struct with binary encoded string values, and >= 2.1.0 will return
|
288
295
|
# binary encoded strings for values incompatible with current locale charset,
|
@@ -9,7 +9,7 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
|
|
9
9
|
These options should be specified as an array where each element is either
|
10
10
|
a string or a hash."
|
11
11
|
|
12
|
-
has_feature :install_options, :versionable, :virtual_packages
|
12
|
+
has_feature :install_options, :versionable, :virtual_packages, :install_only
|
13
13
|
|
14
14
|
commands :cmd => "dnf", :rpm => "rpm"
|
15
15
|
|
@@ -86,9 +86,9 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
|
|
86
86
|
end
|
87
87
|
|
88
88
|
# Parse lines of output from `pip freeze`, which are structured as:
|
89
|
-
# _package_==_version_
|
89
|
+
# _package_==_version_ or _package_===_version_
|
90
90
|
def self.parse(line)
|
91
|
-
if line.chomp =~ /^([^=]+)
|
91
|
+
if line.chomp =~ /^([^=]+)===?([^=]+)$/
|
92
92
|
{:ensure => $2, :name => $1, :provider => name}
|
93
93
|
end
|
94
94
|
end
|
@@ -13,6 +13,7 @@ These options should be specified as an array where each element is either a str
|
|
13
13
|
has_feature :install_options
|
14
14
|
has_feature :uninstall_options
|
15
15
|
has_feature :virtual_packages
|
16
|
+
has_feature :install_only
|
16
17
|
|
17
18
|
# Note: self:: is required here to keep these constants in the context of what will
|
18
19
|
# eventually become this Puppet::Type::Package::ProviderRpm class.
|
@@ -20,6 +21,7 @@ These options should be specified as an array where each element is either a str
|
|
20
21
|
self::NEVRA_FORMAT = %Q{%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\\n}
|
21
22
|
self::NEVRA_REGEX = %r{^'?(\S+) (\S+) (\S+) (\S+) (\S+)$}
|
22
23
|
self::NEVRA_FIELDS = [:name, :epoch, :version, :release, :arch]
|
24
|
+
self::MULTIVERSION_SEPARATOR = "; "
|
23
25
|
|
24
26
|
ARCH_LIST = [
|
25
27
|
'noarch',
|
@@ -79,12 +81,9 @@ These options should be specified as an array where each element is either a str
|
|
79
81
|
|
80
82
|
# list out all of the packages
|
81
83
|
begin
|
82
|
-
execpipe("#{command(:rpm)} -qa #{nosignature} #{nodigest} --qf '#{self::NEVRA_FORMAT}'") { |process|
|
84
|
+
execpipe("#{command(:rpm)} -qa #{nosignature} #{nodigest} --qf '#{self::NEVRA_FORMAT}' | sort") { |process|
|
83
85
|
# now turn each returned line into a package object
|
84
|
-
process.
|
85
|
-
hash = nevra_to_hash(line)
|
86
|
-
packages << new(hash) unless hash.empty?
|
87
|
-
}
|
86
|
+
nevra_to_multiversion_hash(process).each { |hash| packages << new(hash) }
|
88
87
|
}
|
89
88
|
rescue Puppet::ExecutionFailure
|
90
89
|
raise Puppet::Error, _("Failed to list packages"), $!.backtrace
|
@@ -100,7 +99,7 @@ These options should be specified as an array where each element is either a str
|
|
100
99
|
#NOTE: Prior to a fix for issue 1243, this method potentially returned a cached value
|
101
100
|
#IF YOU CALL THIS METHOD, IT WILL CALL RPM
|
102
101
|
#Use get(:property) to check if cached values are available
|
103
|
-
cmd = ["-q", @resource[:name], "#{self.class.nosignature}", "#{self.class.nodigest}", "--qf", "
|
102
|
+
cmd = ["-q", @resource[:name], "#{self.class.nosignature}", "#{self.class.nodigest}", "--qf", "#{self.class::NEVRA_FORMAT}"]
|
104
103
|
|
105
104
|
begin
|
106
105
|
output = rpm(*cmd)
|
@@ -117,9 +116,7 @@ These options should be specified as an array where each element is either a str
|
|
117
116
|
return nil
|
118
117
|
end
|
119
118
|
end
|
120
|
-
|
121
|
-
# for multilib and this will only return the first such package
|
122
|
-
@property_hash.update(self.class.nevra_to_hash(output))
|
119
|
+
@property_hash.update(self.class.nevra_to_multiversion_hash(output))
|
123
120
|
|
124
121
|
@property_hash.dup
|
125
122
|
end
|
@@ -130,8 +127,8 @@ These options should be specified as an array where each element is either a str
|
|
130
127
|
@resource.fail _("RPMs must specify a package source")
|
131
128
|
end
|
132
129
|
|
133
|
-
cmd = [command(:rpm), "-q", "--qf", "
|
134
|
-
h = self.class.
|
130
|
+
cmd = [command(:rpm), "-q", "--qf", "#{self.class::NEVRA_FORMAT}", "-p", source]
|
131
|
+
h = self.class.nevra_to_multiversion_hash(execute(cmd))
|
135
132
|
h[:ensure]
|
136
133
|
rescue Puppet::ExecutionFailure => e
|
137
134
|
raise Puppet::Error, e.message, e.backtrace
|
@@ -168,7 +165,11 @@ These options should be specified as an array where each element is either a str
|
|
168
165
|
if @resource[:name].start_with? nav
|
169
166
|
identifier = nav
|
170
167
|
else
|
171
|
-
|
168
|
+
if @resource[:install_only]
|
169
|
+
identifier = get(:ensure).split(self.class::MULTIVERSION_SEPARATOR).map { |ver| "#{name}-#{ver}" }
|
170
|
+
else
|
171
|
+
identifier = name
|
172
|
+
end
|
172
173
|
end
|
173
174
|
end
|
174
175
|
# If an arch is specified in the resource, uninstall that arch,
|
@@ -308,8 +309,12 @@ These options should be specified as an array where each element is either a str
|
|
308
309
|
|
309
310
|
def insync?(is)
|
310
311
|
return false if [:purged, :absent].include?(is)
|
312
|
+
return false if is.include?(self.class::MULTIVERSION_SEPARATOR) && !@resource[:install_only]
|
313
|
+
|
311
314
|
should = resource[:ensure]
|
312
|
-
|
315
|
+
is.split(self.class::MULTIVERSION_SEPARATOR).any? do |version|
|
316
|
+
0 == self.rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(version))
|
317
|
+
end
|
313
318
|
end
|
314
319
|
|
315
320
|
# parse a rpm "version" specification
|
@@ -412,4 +417,37 @@ These options should be specified as an array where each element is either a str
|
|
412
417
|
|
413
418
|
return hash
|
414
419
|
end
|
420
|
+
|
421
|
+
# @param line [String] multiple lines of rpm package query information
|
422
|
+
# @return list of [Hash] of NEVRA_FIELDS strings parsed from package info
|
423
|
+
# or an empty list if we failed to parse
|
424
|
+
# @api private
|
425
|
+
def self.nevra_to_multiversion_hash(multiline)
|
426
|
+
list = []
|
427
|
+
multiversion_hash = {}
|
428
|
+
multiline.each_line do |line|
|
429
|
+
hash = self.nevra_to_hash(line)
|
430
|
+
if !hash.empty?
|
431
|
+
if multiversion_hash.empty?
|
432
|
+
multiversion_hash = hash.dup
|
433
|
+
next
|
434
|
+
end
|
435
|
+
|
436
|
+
if multiversion_hash[:name] != hash[:name]
|
437
|
+
list << multiversion_hash
|
438
|
+
multiversion_hash = hash.dup
|
439
|
+
next
|
440
|
+
end
|
441
|
+
|
442
|
+
if !multiversion_hash[:ensure].include?(hash[:ensure])
|
443
|
+
multiversion_hash[:ensure].concat("#{self::MULTIVERSION_SEPARATOR}#{hash[:ensure]}")
|
444
|
+
end
|
445
|
+
end
|
446
|
+
end
|
447
|
+
list << multiversion_hash if multiversion_hash
|
448
|
+
if list.size == 1
|
449
|
+
return list[0]
|
450
|
+
end
|
451
|
+
return list
|
452
|
+
end
|
415
453
|
end
|
@@ -8,7 +8,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
|
|
8
8
|
This provider supports the `install_options` attribute, which allows command-line flags to be passed to yum.
|
9
9
|
These options should be specified as an array where each element is either a string or a hash."
|
10
10
|
|
11
|
-
has_feature :install_options, :versionable, :virtual_packages
|
11
|
+
has_feature :install_options, :versionable, :virtual_packages, :install_only
|
12
12
|
|
13
13
|
commands :cmd => "yum", :rpm => "rpm"
|
14
14
|
|
@@ -203,7 +203,10 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
|
203
203
|
end
|
204
204
|
current_package = self.query
|
205
205
|
if current_package
|
206
|
-
if
|
206
|
+
if @resource[:install_only]
|
207
|
+
self.debug "Updating package #{@resource[:name]} from version #{current_package[:ensure]} to #{should} as install_only packages are never downgraded"
|
208
|
+
operation = update_command
|
209
|
+
elsif rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(current_package[:ensure])) < 0
|
207
210
|
self.debug "Downgrading package #{@resource[:name]} from version #{current_package[:ensure]} to #{should}"
|
208
211
|
operation = :downgrade
|
209
212
|
elsif rpm_compareEVR(rpm_parse_evr(should), rpm_parse_evr(current_package[:ensure])) > 0
|
@@ -228,10 +231,11 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
|
228
231
|
is = self.query
|
229
232
|
raise Puppet::Error, _("Could not find package %{name}") % { name: self.name } unless is
|
230
233
|
|
234
|
+
version = is[:ensure]
|
231
235
|
# FIXME: Should we raise an exception even if should == :latest
|
232
236
|
# and yum updated us to a version other than @param_hash[:ensure] ?
|
233
|
-
|
234
|
-
|
237
|
+
raise Puppet::Error, _("Failed to update to version %{should}, got version %{version} instead") % { should: should, version: version } unless
|
238
|
+
insync?(version)
|
235
239
|
end
|
236
240
|
end
|
237
241
|
|
@@ -240,12 +240,20 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
240
240
|
def status
|
241
241
|
if @resource && ((@resource[:hasstatus] == :false) || (@resource[:status]))
|
242
242
|
return super
|
243
|
-
|
244
|
-
|
245
|
-
|
243
|
+
elsif @property_hash[:status].nil?
|
244
|
+
# property_hash was flushed so the service changed status
|
245
|
+
service_name = @resource[:name]
|
246
|
+
# Updating services with new statuses
|
247
|
+
job_list = self.class.job_list
|
248
|
+
# if job is present in job_list, return its status
|
249
|
+
if job_list.key?(service_name)
|
250
|
+
job_list[service_name]
|
251
|
+
# if job is no longer present in job_list, it was stopped
|
246
252
|
else
|
247
|
-
|
253
|
+
:stopped
|
248
254
|
end
|
255
|
+
else
|
256
|
+
@property_hash[:status]
|
249
257
|
end
|
250
258
|
end
|
251
259
|
|
@@ -313,7 +321,14 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
313
321
|
job_plist_disabled = nil
|
314
322
|
overrides_disabled = nil
|
315
323
|
|
316
|
-
|
324
|
+
begin
|
325
|
+
_, job_plist = plist_from_label(resource[:name])
|
326
|
+
rescue Puppet::Error => err
|
327
|
+
# if job does not exist, log the error and return false as on other platforms
|
328
|
+
Puppet.log_exception(err)
|
329
|
+
return :false
|
330
|
+
end
|
331
|
+
|
317
332
|
job_plist_disabled = job_plist["Disabled"] if job_plist.has_key?("Disabled")
|
318
333
|
|
319
334
|
if FileTest.file?(self.class.launchd_overrides) and overrides = self.class.read_overrides
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# Manage systemd services using systemctl
|
2
2
|
|
3
|
+
require 'puppet/file_system'
|
4
|
+
|
3
5
|
Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
4
6
|
desc "Manages `systemd` services using `systemctl`.
|
5
7
|
|
@@ -9,14 +11,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
9
11
|
|
10
12
|
commands :systemctl => "systemctl"
|
11
13
|
|
12
|
-
|
13
|
-
# With multiple init systems on Debian, it is possible to have
|
14
|
-
# pieces of systemd around (e.g. systemctl) but not really be
|
15
|
-
# using systemd. We do not do this on other platforms as it can
|
16
|
-
# cause issues when running in a chroot without /run mounted
|
17
|
-
# (PUP-5577)
|
18
|
-
confine :exists => "/run/systemd/system"
|
19
|
-
end
|
14
|
+
confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
|
20
15
|
|
21
16
|
defaultfor :osfamily => [:archlinux]
|
22
17
|
defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
|
@@ -24,8 +19,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
24
19
|
defaultfor :osfamily => :suse
|
25
20
|
defaultfor :osfamily => :coreos
|
26
21
|
defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
|
27
|
-
defaultfor :operatingsystem => :debian
|
28
|
-
|
22
|
+
defaultfor :operatingsystem => :debian
|
23
|
+
notdefaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["5", "6", "7"] # These are using the "debian" method
|
29
24
|
defaultfor :operatingsystem => :LinuxMint
|
30
25
|
notdefaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"] # These are using upstart
|
31
26
|
defaultfor :operatingsystem => :ubuntu
|
@@ -35,6 +35,12 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
|
|
35
35
|
raise Puppet::Error.new(_("Cannot enable %{resource_name} for manual start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
|
36
36
|
end
|
37
37
|
|
38
|
+
def delayed_start
|
39
|
+
Puppet::Util::Windows::Service.set_startup_mode( @resource[:name], :SERVICE_AUTO_START, true )
|
40
|
+
rescue => detail
|
41
|
+
raise Puppet::Error.new(_("Cannot enable %{resource_name} for delayed start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
|
42
|
+
end
|
43
|
+
|
38
44
|
def enabled?
|
39
45
|
return :false unless Puppet::Util::Windows::Service.exists?(@resource[:name])
|
40
46
|
|
@@ -47,6 +53,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
|
|
47
53
|
:true
|
48
54
|
when :SERVICE_DEMAND_START
|
49
55
|
:manual
|
56
|
+
when :SERVICE_DELAYED_AUTO_START
|
57
|
+
:delayed
|
50
58
|
when :SERVICE_DISABLED
|
51
59
|
:false
|
52
60
|
else
|
@@ -66,11 +66,11 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
|
|
66
66
|
|
67
67
|
# use pw to update password hash
|
68
68
|
def password=(cryptopw)
|
69
|
-
Puppet.debug "change password for user '#{@resource[:name]}' method called with hash
|
69
|
+
Puppet.debug "change password for user '#{@resource[:name]}' method called with hash [redacted]"
|
70
70
|
stdin, _, _ = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
|
71
71
|
stdin.puts(cryptopw)
|
72
72
|
stdin.close
|
73
|
-
Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash
|
73
|
+
Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash [redacted]"
|
74
74
|
end
|
75
75
|
|
76
76
|
# get password from /etc/master.passwd
|
@@ -78,10 +78,19 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
|
|
78
78
|
Puppet.debug "checking password for user '#{@resource[:name]}' method called"
|
79
79
|
current_passline = `getent passwd #{@resource[:name]}`
|
80
80
|
current_password = current_passline.chomp.split(':')[1] if current_passline
|
81
|
-
Puppet.debug "finished password for user '#{@resource[:name]}' method called :
|
81
|
+
Puppet.debug "finished password for user '#{@resource[:name]}' method called : [redacted]"
|
82
82
|
current_password
|
83
83
|
end
|
84
84
|
|
85
|
+
def has_sensitive_data?(property = nil)
|
86
|
+
#Check for sensitive values?
|
87
|
+
properties = property ? [property] : Puppet::Type.type(:user).validproperties
|
88
|
+
properties.any? do |prop|
|
89
|
+
p = @resource.parameter(prop)
|
90
|
+
p && p.respond_to?(:is_sensitive) && p.is_sensitive
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
85
94
|
# Get expiry from system and convert to Puppet-style date
|
86
95
|
def expiry
|
87
96
|
expiry = self.get(:expiry)
|