puppet 7.16.0-universal-darwin → 7.19.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +76 -15
- data/ext/systemd/puppet.service +2 -1
- data/lib/puppet/agent.rb +47 -11
- data/lib/puppet/application/agent.rb +3 -13
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/configurer.rb +1 -1
- data/lib/puppet/defaults.rb +11 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/module/list.rb +16 -7
- data/lib/puppet/functions/capitalize.rb +1 -1
- data/lib/puppet/generate/type.rb +1 -1
- data/lib/puppet/http/client.rb +22 -2
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module/task.rb +5 -1
- data/lib/puppet/parameter.rb +19 -4
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
- data/lib/puppet/pops/functions/dispatcher.rb +10 -6
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
- data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/yum.rb +8 -3
- data/lib/puppet/provider/user/directoryservice.rb +15 -8
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +65 -12
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/transaction.rb +22 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type.rb +20 -3
- data/lib/puppet/util/json.rb +5 -2
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util.rb +12 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +1 -14
- data/man/man5/puppet.conf.5 +12 -4
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +157 -0
- data/spec/integration/application/apply_spec.rb +74 -0
- data/spec/integration/http/client_spec.rb +27 -10
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/unit/agent_spec.rb +28 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/face/module/list_spec.rb +26 -0
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/info_service_spec.rb +11 -3
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/spec/unit/task_spec.rb +56 -13
- data/spec/unit/util/resource_template_spec.rb +1 -1
- data/spec/unit/util/selinux_spec.rb +5 -0
- data/spec/unit/util_spec.rb +11 -1
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4baf54e06e4f14cbf145ad59b2cf828c46f7a5d1b3295097ec8bd857816133da
|
4
|
+
data.tar.gz: 7a9ff5f1a62cc8bc870582080dc8c1e2f0da676d812fb12e1b5118aa98c2d28e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 81c71cb159f79939e20317455be3c9f17d6379816cce706b76babb34b1446e67ec2457dedcd16687b1ba225535b26f5c2c320759eaa545288f37c1c79f11920b
|
7
|
+
data.tar.gz: 294253daf2d1727384f420bf81365b7717c763abeeaae68ac425c69f54e2aa03be5e6b2410656d0801f0244db699d9b35b00b02267a48ae2d07cb6d1747c9b27
|
data/Gemfile.lock
CHANGED
@@ -1,19 +1,21 @@
|
|
1
1
|
GIT
|
2
2
|
remote: https://github.com/puppetlabs/packaging
|
3
|
-
revision:
|
3
|
+
revision: 5ea5aea92da37b7c7b98cda46b4e8ba225ad307f
|
4
4
|
branch: 1.0.x
|
5
5
|
specs:
|
6
|
-
packaging (0.
|
6
|
+
packaging (0.107.1)
|
7
7
|
apt_stage_artifacts
|
8
8
|
artifactory (~> 3)
|
9
9
|
csv (= 3.1.5)
|
10
|
+
google-cloud-storage
|
11
|
+
googleauth
|
10
12
|
rake (>= 12.3)
|
11
13
|
release-metrics
|
12
14
|
|
13
15
|
PATH
|
14
16
|
remote: .
|
15
17
|
specs:
|
16
|
-
puppet (7.
|
18
|
+
puppet (7.19.0)
|
17
19
|
CFPropertyList (~> 2.2)
|
18
20
|
concurrent-ruby (~> 1.0)
|
19
21
|
deep_merge (~> 1.0)
|
@@ -29,9 +31,9 @@ GEM
|
|
29
31
|
remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
|
30
32
|
specs:
|
31
33
|
CFPropertyList (2.3.6)
|
32
|
-
addressable (2.8.
|
33
|
-
public_suffix (>= 2.0.2, <
|
34
|
-
apt_stage_artifacts (0.
|
34
|
+
addressable (2.8.1)
|
35
|
+
public_suffix (>= 2.0.2, < 6.0)
|
36
|
+
apt_stage_artifacts (0.11.0)
|
35
37
|
docopt
|
36
38
|
artifactory (3.0.15)
|
37
39
|
ast (2.4.2)
|
@@ -40,12 +42,19 @@ GEM
|
|
40
42
|
crack (0.4.5)
|
41
43
|
rexml
|
42
44
|
csv (3.1.5)
|
45
|
+
declarative (0.0.20)
|
43
46
|
deep_merge (1.2.2)
|
44
47
|
diff-lcs (1.5.0)
|
48
|
+
digest-crc (0.6.4)
|
49
|
+
rake (>= 12.0.0, < 14.0.0)
|
45
50
|
docopt (0.6.1)
|
46
|
-
facter (4.2.
|
51
|
+
facter (4.2.11)
|
47
52
|
hocon (~> 1.3)
|
48
53
|
thor (>= 1.0.1, < 2.0)
|
54
|
+
faraday (2.5.2)
|
55
|
+
faraday-net_http (>= 2.0, < 3.1)
|
56
|
+
ruby2_keywords (>= 0.0.4)
|
57
|
+
faraday-net_http (3.0.0)
|
49
58
|
fast_gettext (1.1.2)
|
50
59
|
ffi (1.15.5)
|
51
60
|
gettext (3.2.9)
|
@@ -55,24 +64,63 @@ GEM
|
|
55
64
|
fast_gettext (~> 1.1.0)
|
56
65
|
gettext (>= 3.0.2, < 3.3.0)
|
57
66
|
locale
|
67
|
+
google-apis-core (0.7.0)
|
68
|
+
addressable (~> 2.5, >= 2.5.1)
|
69
|
+
googleauth (>= 0.16.2, < 2.a)
|
70
|
+
httpclient (>= 2.8.1, < 3.a)
|
71
|
+
mini_mime (~> 1.0)
|
72
|
+
representable (~> 3.0)
|
73
|
+
retriable (>= 2.0, < 4.a)
|
74
|
+
rexml
|
75
|
+
webrick
|
76
|
+
google-apis-iamcredentials_v1 (0.13.0)
|
77
|
+
google-apis-core (>= 0.7, < 2.a)
|
78
|
+
google-apis-storage_v1 (0.17.0)
|
79
|
+
google-apis-core (>= 0.7, < 2.a)
|
80
|
+
google-cloud-core (1.6.0)
|
81
|
+
google-cloud-env (~> 1.0)
|
82
|
+
google-cloud-errors (~> 1.0)
|
83
|
+
google-cloud-env (1.6.0)
|
84
|
+
faraday (>= 0.17.3, < 3.0)
|
85
|
+
google-cloud-errors (1.2.0)
|
86
|
+
google-cloud-storage (1.39.0)
|
87
|
+
addressable (~> 2.8)
|
88
|
+
digest-crc (~> 0.4)
|
89
|
+
google-apis-iamcredentials_v1 (~> 0.1)
|
90
|
+
google-apis-storage_v1 (~> 0.17.0)
|
91
|
+
google-cloud-core (~> 1.6)
|
92
|
+
googleauth (>= 0.16.2, < 2.a)
|
93
|
+
mini_mime (~> 1.0)
|
94
|
+
googleauth (1.2.0)
|
95
|
+
faraday (>= 0.17.3, < 3.a)
|
96
|
+
jwt (>= 1.4, < 3.0)
|
97
|
+
memoist (~> 0.16)
|
98
|
+
multi_json (~> 1.11)
|
99
|
+
os (>= 0.9, < 2.0)
|
100
|
+
signet (>= 0.16, < 2.a)
|
58
101
|
hashdiff (1.0.1)
|
59
|
-
hiera (3.
|
60
|
-
hiera-eyaml (3.
|
102
|
+
hiera (3.10.0)
|
103
|
+
hiera-eyaml (3.3.0)
|
61
104
|
highline
|
62
105
|
optimist
|
63
106
|
highline (2.0.3)
|
64
107
|
hocon (1.3.1)
|
65
108
|
hpricot (0.8.6)
|
109
|
+
httpclient (2.8.3)
|
66
110
|
json-schema (2.8.1)
|
67
111
|
addressable (>= 2.4)
|
112
|
+
jwt (2.5.0)
|
68
113
|
locale (2.1.3)
|
114
|
+
memoist (0.16.2)
|
69
115
|
memory_profiler (1.0.0)
|
70
116
|
method_source (1.0.0)
|
117
|
+
mini_mime (1.1.2)
|
71
118
|
minitar (0.9)
|
72
|
-
msgpack (1.5.
|
119
|
+
msgpack (1.5.6)
|
73
120
|
multi_json (1.15.0)
|
74
121
|
mustache (1.1.1)
|
75
122
|
optimist (3.0.1)
|
123
|
+
os (1.1.4)
|
76
124
|
parallel (1.22.1)
|
77
125
|
parser (2.7.2.0)
|
78
126
|
ast (~> 2.4.1)
|
@@ -80,7 +128,7 @@ GEM
|
|
80
128
|
pry (0.14.1)
|
81
129
|
coderay (~> 1.1)
|
82
130
|
method_source (~> 1.0)
|
83
|
-
public_suffix (
|
131
|
+
public_suffix (5.0.0)
|
84
132
|
puppet-resource_api (1.8.14)
|
85
133
|
hocon (>= 1.0)
|
86
134
|
puppetserver-ca (2.3.6)
|
@@ -94,6 +142,11 @@ GEM
|
|
94
142
|
release-metrics (1.1.0)
|
95
143
|
csv
|
96
144
|
docopt
|
145
|
+
representable (3.2.0)
|
146
|
+
declarative (< 0.1.0)
|
147
|
+
trailblazer-option (>= 0.1.1, < 0.2.0)
|
148
|
+
uber (< 0.2.0)
|
149
|
+
retriable (3.1.2)
|
97
150
|
rexml (3.2.5)
|
98
151
|
ronn (0.7.3)
|
99
152
|
hpricot (>= 0.8.2)
|
@@ -105,7 +158,7 @@ GEM
|
|
105
158
|
rspec-mocks (~> 3.11.0)
|
106
159
|
rspec-core (3.11.0)
|
107
160
|
rspec-support (~> 3.11.0)
|
108
|
-
rspec-expectations (3.11.
|
161
|
+
rspec-expectations (3.11.1)
|
109
162
|
diff-lcs (>= 1.2.0, < 2.0)
|
110
163
|
rspec-support (~> 3.11.0)
|
111
164
|
rspec-its (1.3.0)
|
@@ -114,7 +167,7 @@ GEM
|
|
114
167
|
rspec-mocks (3.11.1)
|
115
168
|
diff-lcs (>= 1.2.0, < 2.0)
|
116
169
|
rspec-support (~> 3.11.0)
|
117
|
-
rspec-support (3.11.
|
170
|
+
rspec-support (3.11.1)
|
118
171
|
rubocop (0.49.1)
|
119
172
|
parallel (~> 1.10)
|
120
173
|
parser (>= 2.3.3.1, < 3.0)
|
@@ -126,18 +179,26 @@ GEM
|
|
126
179
|
rubocop (~> 0.49.0)
|
127
180
|
ruby-prof (1.4.3)
|
128
181
|
ruby-progressbar (1.11.0)
|
182
|
+
ruby2_keywords (0.0.5)
|
129
183
|
scanf (1.0.0)
|
130
184
|
semantic_puppet (1.0.4)
|
185
|
+
signet (0.17.0)
|
186
|
+
addressable (~> 2.8)
|
187
|
+
faraday (>= 0.17.5, < 3.a)
|
188
|
+
jwt (>= 1.5, < 3.0)
|
189
|
+
multi_json (~> 1.10)
|
131
190
|
text (1.3.1)
|
132
191
|
thor (1.2.1)
|
192
|
+
trailblazer-option (0.1.2)
|
193
|
+
uber (0.1.0)
|
133
194
|
unicode-display_width (1.8.0)
|
134
195
|
vcr (5.1.0)
|
135
|
-
webmock (3.
|
196
|
+
webmock (3.18.1)
|
136
197
|
addressable (>= 2.8.0)
|
137
198
|
crack (>= 0.3.2)
|
138
199
|
hashdiff (>= 0.4.0, < 2.0.0)
|
139
200
|
webrick (1.7.0)
|
140
|
-
yard (0.9.
|
201
|
+
yard (0.9.28)
|
141
202
|
webrick (~> 1.7.0)
|
142
203
|
|
143
204
|
PLATFORMS
|
data/ext/systemd/puppet.service
CHANGED
@@ -10,8 +10,9 @@
|
|
10
10
|
#
|
11
11
|
[Unit]
|
12
12
|
Description=Puppet agent
|
13
|
+
Documentation=man:puppet-agent(8)
|
13
14
|
Wants=basic.target
|
14
|
-
After=basic.target network.target
|
15
|
+
After=basic.target network.target network-online.target
|
15
16
|
|
16
17
|
[Service]
|
17
18
|
EnvironmentFile=-/etc/sysconfig/puppetagent
|
data/lib/puppet/agent.rb
CHANGED
@@ -38,26 +38,51 @@ class Puppet::Agent
|
|
38
38
|
# Perform a run with our client.
|
39
39
|
def run(client_options = {})
|
40
40
|
if disabled?
|
41
|
-
|
41
|
+
log_disabled_message
|
42
42
|
return
|
43
43
|
end
|
44
44
|
|
45
45
|
result = nil
|
46
46
|
wait_for_lock_deadline = nil
|
47
47
|
block_run = Puppet::Application.controlled_run do
|
48
|
-
splay
|
48
|
+
# splay may sleep for awhile when running onetime! If not onetime, then
|
49
|
+
# the job scheduler splays (only once) so that agents assign themselves a
|
50
|
+
# slot within the splay interval.
|
51
|
+
do_splay = client_options.fetch(:splay, Puppet[:splay])
|
52
|
+
if do_splay
|
53
|
+
splay(do_splay)
|
54
|
+
|
55
|
+
if disabled?
|
56
|
+
log_disabled_message
|
57
|
+
break
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
# waiting for certs may sleep for awhile depending on onetime, waitforcert and maxwaitforcert!
|
62
|
+
# this needs to happen before forking so that if we fail to obtain certs and try to exit, then
|
63
|
+
# we exit the main process and not the forked child.
|
64
|
+
ssl_context = wait_for_certificates(client_options)
|
65
|
+
|
49
66
|
result = run_in_fork(should_fork) do
|
50
67
|
with_client(client_options[:transaction_uuid], client_options[:job_id]) do |client|
|
51
68
|
client_args = client_options.merge(:pluginsync => Puppet::Configurer.should_pluginsync?)
|
52
69
|
begin
|
70
|
+
# lock may sleep for awhile depending on waitforlock and maxwaitforlock!
|
53
71
|
lock do
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
72
|
+
if disabled?
|
73
|
+
log_disabled_message
|
74
|
+
nil
|
75
|
+
else
|
76
|
+
# NOTE: Timeout is pretty heinous as the location in which it
|
77
|
+
# throws an error is entirely unpredictable, which means that
|
78
|
+
# it can interrupt code blocks that perform cleanup or enforce
|
79
|
+
# sanity. The only thing a Puppet agent should do after this
|
80
|
+
# error is thrown is die with as much dignity as possible.
|
81
|
+
Timeout.timeout(Puppet[:runtimeout], RunTimeoutError) do
|
82
|
+
Puppet.override(ssl_context: ssl_context) do
|
83
|
+
client.run(client_args)
|
84
|
+
end
|
85
|
+
end
|
61
86
|
end
|
62
87
|
end
|
63
88
|
rescue Puppet::LockError
|
@@ -78,12 +103,13 @@ class Puppet::Agent
|
|
78
103
|
end
|
79
104
|
rescue RunTimeoutError => detail
|
80
105
|
Puppet.log_exception(detail, _("Execution of %{client_class} did not complete within %{runtimeout} seconds and was terminated.") %
|
81
|
-
{client_class: client_class,
|
82
|
-
runtimeout: Puppet[:runtimeout]})
|
106
|
+
{client_class: client_class, runtimeout: Puppet[:runtimeout]})
|
83
107
|
nil
|
84
108
|
rescue StandardError => detail
|
85
109
|
Puppet.log_exception(detail, _("Could not run %{client_class}: %{detail}") % { client_class: client_class, detail: detail })
|
86
110
|
nil
|
111
|
+
ensure
|
112
|
+
Puppet.runtime[:http].close
|
87
113
|
end
|
88
114
|
end
|
89
115
|
end
|
@@ -137,4 +163,14 @@ class Puppet::Agent
|
|
137
163
|
ensure
|
138
164
|
@client = nil
|
139
165
|
end
|
166
|
+
|
167
|
+
def wait_for_certificates(options)
|
168
|
+
waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
|
169
|
+
sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert, onetime: Puppet[:onetime])
|
170
|
+
sm.ensure_client_certificate
|
171
|
+
end
|
172
|
+
|
173
|
+
def log_disabled_message
|
174
|
+
Puppet.notice _("Skipping run of %{client_class}; administratively disabled (Reason: '%{disable_message}');\nUse 'puppet agent --enable' to re-enable.") % { client_class: client_class, disable_message: disable_message }
|
175
|
+
end
|
140
176
|
end
|
@@ -158,7 +158,7 @@ applying the whole thing.
|
|
158
158
|
'--fingerprint' is a one-time flag. In this mode 'puppet agent' runs
|
159
159
|
once and displays on the console (and in the log) the current certificate
|
160
160
|
(or certificate request) fingerprint. Providing the '--digest' option
|
161
|
-
allows to use a different digest algorithm to generate the fingerprint.
|
161
|
+
allows you to use a different digest algorithm to generate the fingerprint.
|
162
162
|
The main use is to verify that before signing a certificate request on
|
163
163
|
the master, the certificate request the master received is the same as
|
164
164
|
the one the client sent (to prevent against man-in-the-middle attacks
|
@@ -383,15 +383,11 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
383
383
|
|
384
384
|
log_config if Puppet[:daemonize]
|
385
385
|
|
386
|
-
# run ssl state machine, waiting if needed
|
387
|
-
ssl_context = wait_for_certificates
|
388
|
-
|
389
386
|
# Each application is responsible for pushing loaders onto the context.
|
390
387
|
# Use the current environment that has already been established, though
|
391
388
|
# it may change later during the configurer run.
|
392
389
|
env = Puppet.lookup(:current_environment)
|
393
|
-
Puppet.override(
|
394
|
-
current_environment: env,
|
390
|
+
Puppet.override(current_environment: env,
|
395
391
|
loaders: Puppet::Pops::Loaders.new(env, true)) do
|
396
392
|
if Puppet[:onetime]
|
397
393
|
onetime(daemon)
|
@@ -434,7 +430,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
434
430
|
|
435
431
|
def onetime(daemon)
|
436
432
|
begin
|
437
|
-
exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time]})
|
433
|
+
exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time], :waitforcert => options[:waitforcert]})
|
438
434
|
rescue => detail
|
439
435
|
Puppet.log_exception(detail)
|
440
436
|
end
|
@@ -524,10 +520,4 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
524
520
|
|
525
521
|
daemon
|
526
522
|
end
|
527
|
-
|
528
|
-
def wait_for_certificates
|
529
|
-
waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
|
530
|
-
sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert)
|
531
|
-
sm.ensure_client_certificate
|
532
|
-
end
|
533
523
|
end
|
@@ -241,7 +241,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
241
241
|
end
|
242
242
|
|
243
243
|
# Resolve all deferred values and replace them / mutate the catalog
|
244
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment)
|
244
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment, Puppet[:preprocess_deferred])
|
245
245
|
|
246
246
|
# Translate it to a RAL catalog
|
247
247
|
catalog = catalog.to_ral
|
@@ -350,7 +350,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
350
350
|
raise Puppet::Error, _("Could not deserialize catalog from %{format}: %{detail}") % { format: format, detail: detail }, detail.backtrace
|
351
351
|
end
|
352
352
|
# Resolve all deferred values and replace them / mutate the catalog
|
353
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment)
|
353
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment, Puppet[:preprocess_deferred])
|
354
354
|
|
355
355
|
catalog.to_ral
|
356
356
|
end
|
data/lib/puppet/configurer.rb
CHANGED
@@ -112,7 +112,7 @@ class Puppet::Configurer
|
|
112
112
|
catalog_conversion_time = thinmark do
|
113
113
|
# Will mutate the result and replace all Deferred values with resolved values
|
114
114
|
if facts
|
115
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment))
|
115
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment), Puppet[:preprocess_deferred])
|
116
116
|
end
|
117
117
|
|
118
118
|
catalog = result.to_ral
|
data/lib/puppet/defaults.rb
CHANGED
@@ -1534,7 +1534,7 @@ EOT
|
|
1534
1534
|
:type => :file,
|
1535
1535
|
:mode => "0640",
|
1536
1536
|
:desc => "Transactional storage file for persisting data between
|
1537
|
-
transactions for the purposes of
|
1537
|
+
transactions for the purposes of inferring information (such as
|
1538
1538
|
corrective_change) on new data received."
|
1539
1539
|
},
|
1540
1540
|
:clientyamldir => {
|
@@ -2021,6 +2021,16 @@ EOT
|
|
2021
2021
|
being evaluated. This allows you to interactively see exactly
|
2022
2022
|
what is being done.",
|
2023
2023
|
},
|
2024
|
+
:preprocess_deferred => {
|
2025
|
+
:default => true,
|
2026
|
+
:type => :boolean,
|
2027
|
+
:desc => "Whether puppet should call deferred functions before applying
|
2028
|
+
the catalog. If set to `true`, then all prerequisites needed for the
|
2029
|
+
deferred function must be satified prior to puppet running. If set to
|
2030
|
+
`false`, then deferred functions will follow puppet relationships and
|
2031
|
+
ordering. This allows puppet to install prerequisites needed for a
|
2032
|
+
deferred function and call the deferred function in the same run."
|
2033
|
+
},
|
2024
2034
|
:summarize => {
|
2025
2035
|
:default => false,
|
2026
2036
|
:type => :boolean,
|
data/lib/puppet/face/help.rb
CHANGED
@@ -140,7 +140,7 @@ Puppet::Face.define(:help, '0.0.1') do
|
|
140
140
|
|
141
141
|
def erb(name)
|
142
142
|
template = (Pathname(__FILE__).dirname + "help" + name)
|
143
|
-
erb =
|
143
|
+
erb = Puppet::Util.create_erb(template.read)
|
144
144
|
erb.filename = template.to_s
|
145
145
|
return erb
|
146
146
|
end
|
@@ -60,10 +60,12 @@ Puppet::Face.define(:module, '1.0.0') do
|
|
60
60
|
when_invoked do |options|
|
61
61
|
Puppet::ModuleTool.set_option_defaults(options)
|
62
62
|
environment = options[:environment_instance]
|
63
|
+
modules_by_path = environment.modules_by_path
|
63
64
|
|
64
65
|
{
|
65
66
|
:environment => environment,
|
66
|
-
:modules_by_path =>
|
67
|
+
:modules_by_path => modules_by_path,
|
68
|
+
:unmet_dependencies => unmet_dependencies(environment),
|
67
69
|
}
|
68
70
|
end
|
69
71
|
|
@@ -103,12 +105,13 @@ Puppet::Face.define(:module, '1.0.0') do
|
|
103
105
|
end
|
104
106
|
end
|
105
107
|
|
106
|
-
|
108
|
+
|
109
|
+
def unmet_dependencies(environment)
|
107
110
|
error_types = [:non_semantic_version, :version_mismatch, :missing]
|
108
111
|
|
109
|
-
|
112
|
+
unmet_deps = {}
|
110
113
|
error_types.each do |type|
|
111
|
-
|
114
|
+
unmet_deps[type] = Hash.new do |hash, key|
|
112
115
|
hash[key] = { :errors => [], :parent => nil }
|
113
116
|
end
|
114
117
|
end
|
@@ -130,16 +133,22 @@ Puppet::Face.define(:module, '1.0.0') do
|
|
130
133
|
parent_version = dep[:parent][:version]
|
131
134
|
|
132
135
|
msg = _("'%{parent_name}' (%{parent_version}) requires '%{dependency_name}' (%{dependency_version})") % { parent_name: parent_name, parent_version: parent_version, dependency_name: dep_name, dependency_version: version_constraint }
|
133
|
-
|
134
|
-
|
136
|
+
unmet_deps[type][dep[:name]][:errors] << msg
|
137
|
+
unmet_deps[type][dep[:name]][:parent] = {
|
135
138
|
:name => dep[:parent][:name],
|
136
139
|
:version => parent_version
|
137
140
|
}
|
138
|
-
|
141
|
+
unmet_deps[type][dep[:name]][:version] = installed_version
|
139
142
|
end
|
140
143
|
end
|
141
144
|
end
|
142
145
|
end
|
146
|
+
unmet_deps
|
147
|
+
end
|
148
|
+
|
149
|
+
|
150
|
+
def warn_unmet_dependencies(environment)
|
151
|
+
@unmet_deps = unmet_dependencies(environment)
|
143
152
|
|
144
153
|
# Display unmet dependencies by category.
|
145
154
|
error_display_order = [:non_semantic_version, :version_mismatch, :missing]
|
data/lib/puppet/generate/type.rb
CHANGED
@@ -167,7 +167,7 @@ module Puppet
|
|
167
167
|
templates = {}
|
168
168
|
templates.default_proc = lambda { |hash, key|
|
169
169
|
raise _("template was not found at '%{key}'.") % { key: key } unless Puppet::FileSystem.file?(key)
|
170
|
-
template =
|
170
|
+
template = Puppet::Util.create_erb(File.read(key))
|
171
171
|
template.filename = key
|
172
172
|
template
|
173
173
|
}
|
data/lib/puppet/http/client.rb
CHANGED
@@ -98,7 +98,7 @@ class Puppet::HTTP::Client
|
|
98
98
|
# used if :include_system_store is set to true
|
99
99
|
# @param [Integer] redirect_limit default number of HTTP redirections to allow
|
100
100
|
# in a given request. Can also be specified per-request.
|
101
|
-
# @param [Integer] retry_limit number of HTTP
|
101
|
+
# @param [Integer] retry_limit number of HTTP retries allowed in a given
|
102
102
|
# request
|
103
103
|
#
|
104
104
|
def initialize(pool: Puppet::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
|
@@ -300,6 +300,24 @@ class Puppet::HTTP::Client
|
|
300
300
|
# @api public
|
301
301
|
def close
|
302
302
|
@pool.close
|
303
|
+
@default_ssl_context = nil
|
304
|
+
@default_system_ssl_context = nil
|
305
|
+
end
|
306
|
+
|
307
|
+
def default_ssl_context
|
308
|
+
cert = Puppet::X509::CertProvider.new
|
309
|
+
password = cert.load_private_key_password
|
310
|
+
|
311
|
+
ssl = Puppet::SSL::SSLProvider.new
|
312
|
+
ctx = ssl.load_context(certname: Puppet[:certname], password: password)
|
313
|
+
ssl.print(ctx)
|
314
|
+
ctx
|
315
|
+
rescue => e
|
316
|
+
# TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
|
317
|
+
Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
|
318
|
+
# TRANSLATORS: `puppet agent -t` is a command and should not be translated
|
319
|
+
Puppet.err(_("Run `puppet agent -t`"))
|
320
|
+
raise e
|
303
321
|
end
|
304
322
|
|
305
323
|
protected
|
@@ -458,7 +476,9 @@ class Puppet::HTTP::Client
|
|
458
476
|
cacerts = cert_provider.load_cacerts || []
|
459
477
|
|
460
478
|
ssl = Puppet::SSL::SSLProvider.new
|
461
|
-
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
|
479
|
+
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts, include_client_cert: true)
|
480
|
+
ssl.print(@default_system_ssl_context)
|
481
|
+
@default_system_ssl_context
|
462
482
|
end
|
463
483
|
|
464
484
|
def apply_auth(request, basic_auth)
|
@@ -6,7 +6,7 @@ class Puppet::InfoService::TaskInformationService
|
|
6
6
|
env = Puppet.lookup(:environments).get!(environment_name)
|
7
7
|
env.modules.map do |mod|
|
8
8
|
mod.tasks.map do |task|
|
9
|
-
{:module => {:name => task.module.name}, :name => task.name}
|
9
|
+
{:module => {:name => task.module.name}, :name => task.name, :metadata => task.metadata}
|
10
10
|
end
|
11
11
|
end.flatten
|
12
12
|
end
|
data/lib/puppet/module/task.rb
CHANGED
@@ -52,6 +52,10 @@ class Puppet::Module
|
|
52
52
|
return false
|
53
53
|
end
|
54
54
|
|
55
|
+
def self.is_tasks_file?(path)
|
56
|
+
File.file?(path) && is_tasks_filename?(path)
|
57
|
+
end
|
58
|
+
|
55
59
|
# Determine whether a file has a legal name for either a task's executable or metadata file.
|
56
60
|
def self.is_tasks_filename?(path)
|
57
61
|
name_less_extension = File.basename(path, '.*')
|
@@ -200,7 +204,7 @@ class Puppet::Module
|
|
200
204
|
|
201
205
|
def self.tasks_in_module(pup_module)
|
202
206
|
task_files = Dir.glob(File.join(pup_module.tasks_directory, '*'))
|
203
|
-
.keep_if { |f|
|
207
|
+
.keep_if { |f| is_tasks_file?(f) }
|
204
208
|
|
205
209
|
module_executables = task_files.reject(&method(:is_tasks_metadata_filename?)).map.to_a
|
206
210
|
|
data/lib/puppet/parameter.rb
CHANGED
@@ -177,15 +177,15 @@ class Puppet::Parameter
|
|
177
177
|
end
|
178
178
|
|
179
179
|
# @overload unmunge {|| ... }
|
180
|
-
# Defines an optional method used to convert the parameter value to DSL/string form
|
180
|
+
# Defines an optional method used to convert the parameter value from internal form to DSL/string form.
|
181
181
|
# If an `unmunge` method is not defined, the internal form is used.
|
182
182
|
# @see munge
|
183
|
-
# @note This adds a method with the name `
|
183
|
+
# @note This adds a method with the name `unsafe_unmunge` in the created parameter class.
|
184
184
|
# @dsl type
|
185
185
|
# @api public
|
186
186
|
#
|
187
187
|
def unmunge(&block)
|
188
|
-
define_method(:
|
188
|
+
define_method(:unsafe_unmunge, &block)
|
189
189
|
end
|
190
190
|
|
191
191
|
# Sets a marker indicating that this parameter is the _namevar_ (unique identifier) of the type
|
@@ -415,10 +415,21 @@ class Puppet::Parameter
|
|
415
415
|
# @return [Object] the unmunged value
|
416
416
|
#
|
417
417
|
def unmunge(value)
|
418
|
+
return value if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
419
|
+
|
420
|
+
unsafe_unmunge(value)
|
421
|
+
end
|
422
|
+
|
423
|
+
# This is the default implementation of `unmunge` that simply produces the value (if it is valid).
|
424
|
+
# The DSL method {unmunge} should be used to define an overriding method if unmunging is required.
|
425
|
+
#
|
426
|
+
# @api private
|
427
|
+
#
|
428
|
+
def unsafe_unmunge(value)
|
418
429
|
value
|
419
430
|
end
|
420
431
|
|
421
|
-
# Munges the value to internal form.
|
432
|
+
# Munges the value from DSL form to internal form.
|
422
433
|
# This implementation of `munge` provides exception handling around the specified munging of this parameter.
|
423
434
|
# @note This method should not be overridden. Use the DSL method {munge} to define a munging method
|
424
435
|
# if required.
|
@@ -426,6 +437,8 @@ class Puppet::Parameter
|
|
426
437
|
# @return [Object] the munged (internal) value
|
427
438
|
#
|
428
439
|
def munge(value)
|
440
|
+
return value if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
441
|
+
|
429
442
|
begin
|
430
443
|
ret = unsafe_munge(value)
|
431
444
|
rescue Puppet::Error => detail
|
@@ -459,6 +472,8 @@ class Puppet::Parameter
|
|
459
472
|
# @api public
|
460
473
|
#
|
461
474
|
def validate(value)
|
475
|
+
return if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
476
|
+
|
462
477
|
begin
|
463
478
|
unsafe_validate(value)
|
464
479
|
rescue ArgumentError => detail
|
@@ -90,7 +90,7 @@ class Puppet::Parser::TemplateWrapper
|
|
90
90
|
|
91
91
|
result = nil
|
92
92
|
benchmark(:debug, _("Interpolated template %{template_source} in %%{seconds} seconds") % { template_source: escaped_template_source }) do
|
93
|
-
template =
|
93
|
+
template = Puppet::Util.create_erb(string)
|
94
94
|
template.filename = @__file__
|
95
95
|
result = template.result(binding)
|
96
96
|
end
|