puppet 7.16.0-x64-mingw32 → 7.19.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +76 -15
- data/ext/systemd/puppet.service +2 -1
- data/lib/puppet/agent.rb +47 -11
- data/lib/puppet/application/agent.rb +3 -13
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/configurer.rb +1 -1
- data/lib/puppet/defaults.rb +11 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/module/list.rb +16 -7
- data/lib/puppet/functions/capitalize.rb +1 -1
- data/lib/puppet/generate/type.rb +1 -1
- data/lib/puppet/http/client.rb +22 -2
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module/task.rb +5 -1
- data/lib/puppet/parameter.rb +19 -4
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
- data/lib/puppet/pops/functions/dispatcher.rb +10 -6
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
- data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/yum.rb +8 -3
- data/lib/puppet/provider/user/directoryservice.rb +15 -8
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +65 -12
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/transaction.rb +22 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type.rb +20 -3
- data/lib/puppet/util/json.rb +5 -2
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util.rb +12 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +1 -14
- data/man/man5/puppet.conf.5 +12 -4
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +157 -0
- data/spec/integration/application/apply_spec.rb +74 -0
- data/spec/integration/http/client_spec.rb +27 -10
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/unit/agent_spec.rb +28 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/face/module/list_spec.rb +26 -0
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/info_service_spec.rb +11 -3
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/spec/unit/task_spec.rb +56 -13
- data/spec/unit/util/resource_template_spec.rb +1 -1
- data/spec/unit/util/selinux_spec.rb +5 -0
- data/spec/unit/util_spec.rb +11 -1
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +2 -2
data/lib/puppet/util.rb
CHANGED
@@ -34,6 +34,17 @@ module Util
|
|
34
34
|
end
|
35
35
|
module_function :default_env
|
36
36
|
|
37
|
+
if RUBY_VERSION >= "2.6"
|
38
|
+
def create_erb(content)
|
39
|
+
ERB.new(content, trim_mode: '-')
|
40
|
+
end
|
41
|
+
else
|
42
|
+
def create_erb(content)
|
43
|
+
ERB.new(content, 0, '-')
|
44
|
+
end
|
45
|
+
end
|
46
|
+
module_function :create_erb
|
47
|
+
|
37
48
|
# @param name [String] The name of the environment variable to retrieve
|
38
49
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
39
50
|
# @return [String] Value of the specified environment variable. nil if it does not exist
|
@@ -530,7 +541,7 @@ module Util
|
|
530
541
|
IO::new(f.to_i).close rescue nil
|
531
542
|
end
|
532
543
|
end
|
533
|
-
rescue Errno::ENOENT # /proc/self/fd not found
|
544
|
+
rescue Errno::ENOENT, Errno::ENOTDIR # /proc/self/fd not found, /proc/self not a dir
|
534
545
|
3.upto(256){|fd| IO::new(fd).close rescue nil}
|
535
546
|
end
|
536
547
|
|
data/lib/puppet/version.rb
CHANGED
data/lib/puppet.rb
CHANGED
@@ -235,20 +235,7 @@ module Puppet
|
|
235
235
|
|
236
236
|
{
|
237
237
|
:environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)),
|
238
|
-
:ssl_context => proc {
|
239
|
-
begin
|
240
|
-
cert = Puppet::X509::CertProvider.new
|
241
|
-
password = cert.load_private_key_password
|
242
|
-
ssl = Puppet::SSL::SSLProvider.new
|
243
|
-
ssl.load_context(certname: Puppet[:certname], password: password)
|
244
|
-
rescue => e
|
245
|
-
# TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
|
246
|
-
Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
|
247
|
-
# TRANSLATORS: `puppet agent -t` is a command and should not be translated
|
248
|
-
Puppet.err(_("Run `puppet agent -t`"))
|
249
|
-
raise e
|
250
|
-
end
|
251
|
-
},
|
238
|
+
:ssl_context => proc { Puppet.runtime[:http].default_ssl_context },
|
252
239
|
:http_session => proc { Puppet.runtime[:http].create_session },
|
253
240
|
:plugins => proc { Puppet::Plugins::Configuration.load_plugins },
|
254
241
|
:rich_data => false
|
data/man/man5/puppet.conf.5
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPETCONF" "5" "
|
4
|
+
.TH "PUPPETCONF" "5" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
\fBThis page is autogenerated; any changes will get overwritten\fR
|
6
6
|
.
|
7
7
|
.SH "Configuration settings"
|
@@ -929,7 +929,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
|
|
929
929
|
The HTTP User\-Agent string to send when making network requests\.
|
930
930
|
.
|
931
931
|
.IP "\(bu" 4
|
932
|
-
\fIDefault\fR: \fBPuppet/7\.
|
932
|
+
\fIDefault\fR: \fBPuppet/7\.19\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
|
933
933
|
.
|
934
934
|
.IP "" 0
|
935
935
|
.
|
@@ -1486,6 +1486,14 @@ The preferred means of serializing ruby instances for passing over the wire\. Th
|
|
1486
1486
|
.
|
1487
1487
|
.IP "" 0
|
1488
1488
|
.
|
1489
|
+
.SS "preprocess_deferred"
|
1490
|
+
Whether puppet should call deferred functions before applying the catalog\. If set to \fBtrue\fR, then all prerequisites needed for the deferred function must be satified prior to puppet running\. If set to \fBfalse\fR, then deferred functions will follow puppet relationships and ordering\. This allows puppet to install prerequisites needed for a deferred function and call the deferred function in the same run\.
|
1491
|
+
.
|
1492
|
+
.IP "\(bu" 4
|
1493
|
+
\fIDefault\fR: \fBtrue\fR
|
1494
|
+
.
|
1495
|
+
.IP "" 0
|
1496
|
+
.
|
1489
1497
|
.SS "prerun_command"
|
1490
1498
|
A command to run before every agent run\. If this command returns a non\-zero return code, the entire Puppet run will fail\.
|
1491
1499
|
.
|
@@ -1800,7 +1808,7 @@ The maximum time to delay before an agent\'s first run when \fBsplay\fR is enabl
|
|
1800
1808
|
The domain which will be queried to find the SRV records of servers to use\.
|
1801
1809
|
.
|
1802
1810
|
.IP "\(bu" 4
|
1803
|
-
\fIDefault\fR: \
|
1811
|
+
\fIDefault\fR: \fBexample\.com\fR
|
1804
1812
|
.
|
1805
1813
|
.IP "" 0
|
1806
1814
|
.
|
@@ -2000,7 +2008,7 @@ Whether to print stack traces on some errors\. Will print internal Ruby stack tr
|
|
2000
2008
|
.IP "" 0
|
2001
2009
|
.
|
2002
2010
|
.SS "transactionstorefile"
|
2003
|
-
Transactional storage file for persisting data between transactions for the purposes of
|
2011
|
+
Transactional storage file for persisting data between transactions for the purposes of inferring information (such as corrective_change) on new data received\.
|
2004
2012
|
.
|
2005
2013
|
.IP "\(bu" 4
|
2006
2014
|
\fIDefault\fR: \fB$statedir/transactionstore\.yaml\fR
|
data/man/man8/puppet-agent.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-AGENT" "8" "
|
4
|
+
.TH "PUPPET\-AGENT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-agent\fR \- The puppet agent daemon
|
@@ -51,7 +51,7 @@ Some flags are meant specifically for interactive use \-\-\- in particular, \'te
|
|
51
51
|
\'\-\-tags\' allows you to specify what portions of a configuration you want to apply\. Puppet elements are tagged with all of the class or definition names that contain them, and you can use the \'tags\' flag to specify one of these names, causing only configuration elements contained within that class or definition to be applied\. This is very useful when you are testing new configurations \-\-\- for instance, if you are just starting to manage \'ntpd\', you would put all of the new elements into an \'ntpd\' class, and call puppet with \'\-\-tags ntpd\', which would only apply that small portion of the configuration during your testing, rather than applying the whole thing\.
|
52
52
|
.
|
53
53
|
.P
|
54
|
-
\'\-\-fingerprint\' is a one\-time flag\. In this mode \'puppet agent\' runs once and displays on the console (and in the log) the current certificate (or certificate request) fingerprint\. Providing the \'\-\-digest\' option allows to use a different digest algorithm to generate the fingerprint\. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man\-in\-the\-middle attacks when signing certificates)\.
|
54
|
+
\'\-\-fingerprint\' is a one\-time flag\. In this mode \'puppet agent\' runs once and displays on the console (and in the log) the current certificate (or certificate request) fingerprint\. Providing the \'\-\-digest\' option allows you to use a different digest algorithm to generate the fingerprint\. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man\-in\-the\-middle attacks when signing certificates)\.
|
55
55
|
.
|
56
56
|
.P
|
57
57
|
\'\-\-skip_tags\' is a flag used to filter resources\. If this is set, then only resources not tagged with the specified tags will be applied\. Values must be comma\-separated\.
|
data/man/man8/puppet-apply.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-APPLY" "8" "
|
4
|
+
.TH "PUPPET\-APPLY" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-apply\fR \- Apply Puppet manifests locally
|
data/man/man8/puppet-catalog.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-CATALOG" "8" "
|
4
|
+
.TH "PUPPET\-CATALOG" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.
|
data/man/man8/puppet-config.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-CONFIG" "8" "
|
4
|
+
.TH "PUPPET\-CONFIG" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
|
data/man/man8/puppet-describe.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-DESCRIBE" "8" "
|
4
|
+
.TH "PUPPET\-DESCRIBE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-describe\fR \- Display help about resource types
|
data/man/man8/puppet-device.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-DEVICE" "8" "
|
4
|
+
.TH "PUPPET\-DEVICE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-device\fR \- Manage remote network devices
|
data/man/man8/puppet-doc.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-DOC" "8" "
|
4
|
+
.TH "PUPPET\-DOC" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-doc\fR \- Generate Puppet references
|
data/man/man8/puppet-epp.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-EPP" "8" "
|
4
|
+
.TH "PUPPET\-EPP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
|
data/man/man8/puppet-facts.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-FACTS" "8" "
|
4
|
+
.TH "PUPPET\-FACTS" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-facts\fR \- Retrieve and store facts\.
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-FILEBUCKET" "8" "
|
4
|
+
.TH "PUPPET\-FILEBUCKET" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
|
data/man/man8/puppet-generate.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-GENERATE" "8" "
|
4
|
+
.TH "PUPPET\-GENERATE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
|
data/man/man8/puppet-help.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-HELP" "8" "
|
4
|
+
.TH "PUPPET\-HELP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-help\fR \- Display Puppet help\.
|
data/man/man8/puppet-lookup.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-LOOKUP" "8" "
|
4
|
+
.TH "PUPPET\-LOOKUP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-lookup\fR \- Interactive Hiera lookup
|
data/man/man8/puppet-module.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-MODULE" "8" "
|
4
|
+
.TH "PUPPET\-MODULE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
|
data/man/man8/puppet-node.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-NODE" "8" "
|
4
|
+
.TH "PUPPET\-NODE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-node\fR \- View and manage node definitions\.
|
data/man/man8/puppet-parser.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-PARSER" "8" "
|
4
|
+
.TH "PUPPET\-PARSER" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-parser\fR \- Interact directly with the parser\.
|
data/man/man8/puppet-plugin.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-PLUGIN" "8" "
|
4
|
+
.TH "PUPPET\-PLUGIN" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
|
data/man/man8/puppet-report.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-REPORT" "8" "
|
4
|
+
.TH "PUPPET\-REPORT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-report\fR \- Create, display, and submit reports\.
|
data/man/man8/puppet-resource.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-RESOURCE" "8" "
|
4
|
+
.TH "PUPPET\-RESOURCE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-resource\fR \- The resource abstraction layer shell
|
data/man/man8/puppet-script.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-SCRIPT" "8" "
|
4
|
+
.TH "PUPPET\-SCRIPT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
|
data/man/man8/puppet-ssl.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-SSL" "8" "
|
4
|
+
.TH "PUPPET\-SSL" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
|
data/man/man8/puppet.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET" "8" "
|
4
|
+
.TH "PUPPET" "8" "September 2022" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\fR
|
@@ -25,4 +25,4 @@ Specialized:
|
|
25
25
|
catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
|
26
26
|
.
|
27
27
|
.P
|
28
|
-
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.
|
28
|
+
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.19\.0
|
@@ -3,6 +3,7 @@ require 'puppet_spec/files'
|
|
3
3
|
require 'puppet_spec/puppetserver'
|
4
4
|
require 'puppet_spec/compiler'
|
5
5
|
require 'puppet_spec/https'
|
6
|
+
require 'puppet/application/agent'
|
6
7
|
|
7
8
|
describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
8
9
|
include PuppetSpec::Files
|
@@ -97,6 +98,18 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
97
98
|
end
|
98
99
|
|
99
100
|
context 'rich data' do
|
101
|
+
let(:deferred_file) { tmpfile('deferred') }
|
102
|
+
let(:deferred_manifest) do <<~END
|
103
|
+
file { '#{deferred_file}':
|
104
|
+
ensure => file,
|
105
|
+
content => '123',
|
106
|
+
} ->
|
107
|
+
notify { 'deferred':
|
108
|
+
message => Deferred('binary_file', ['#{deferred_file}'])
|
109
|
+
}
|
110
|
+
END
|
111
|
+
end
|
112
|
+
|
100
113
|
it "calls a deferred 4x function" do
|
101
114
|
catalog_handler = -> (req, res) {
|
102
115
|
catalog = compile_to_catalog(<<-MANIFEST, node)
|
@@ -141,6 +154,43 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
141
154
|
end
|
142
155
|
end
|
143
156
|
|
157
|
+
it "fails to apply a deferred function with an unsatified prerequisite" do
|
158
|
+
catalog_handler = -> (req, res) {
|
159
|
+
catalog = compile_to_catalog(deferred_manifest, node)
|
160
|
+
res.body = formatter.render(catalog)
|
161
|
+
res['Content-Type'] = formatter.mime
|
162
|
+
}
|
163
|
+
|
164
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
165
|
+
Puppet[:serverport] = port
|
166
|
+
expect {
|
167
|
+
agent.command_line.args << '--test'
|
168
|
+
agent.run
|
169
|
+
}.to exit_with(1)
|
170
|
+
.and output(%r{Using environment}).to_stdout
|
171
|
+
.and output(%r{The given file '#{deferred_file}' does not exist}).to_stderr
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
it "applies a deferred function and its prerequisite in the same run" do
|
176
|
+
Puppet[:preprocess_deferred] = false
|
177
|
+
|
178
|
+
catalog_handler = -> (req, res) {
|
179
|
+
catalog = compile_to_catalog(deferred_manifest, node)
|
180
|
+
res.body = formatter.render(catalog)
|
181
|
+
res['Content-Type'] = formatter.mime
|
182
|
+
}
|
183
|
+
|
184
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
185
|
+
Puppet[:serverport] = port
|
186
|
+
expect {
|
187
|
+
agent.command_line.args << '--test'
|
188
|
+
agent.run
|
189
|
+
}.to exit_with(2)
|
190
|
+
.and output(%r{defined 'message' as Binary\("MTIz"\)}).to_stdout
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
144
194
|
it "re-evaluates a deferred function in a cached catalog" do
|
145
195
|
Puppet[:report] = false
|
146
196
|
Puppet[:use_cached_catalog] = true
|
@@ -740,4 +790,111 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
740
790
|
end
|
741
791
|
end
|
742
792
|
end
|
793
|
+
|
794
|
+
context "ssl" do
|
795
|
+
context "bootstrapping" do
|
796
|
+
before :each do
|
797
|
+
# reconfigure ssl to non-existent dir and files to force bootstrapping
|
798
|
+
dir = tmpdir('ssl')
|
799
|
+
Puppet[:ssldir] = dir
|
800
|
+
Puppet[:localcacert] = File.join(dir, 'ca.pem')
|
801
|
+
Puppet[:hostcrl] = File.join(dir, 'crl.pem')
|
802
|
+
Puppet[:hostprivkey] = File.join(dir, 'cert.pem')
|
803
|
+
Puppet[:hostcert] = File.join(dir, 'key.pem')
|
804
|
+
|
805
|
+
Puppet[:daemonize] = false
|
806
|
+
Puppet[:logdest] = 'console'
|
807
|
+
Puppet[:log_level] = 'info'
|
808
|
+
end
|
809
|
+
|
810
|
+
it "exits if the agent is not allowed to wait" do
|
811
|
+
Puppet[:waitforcert] = 0
|
812
|
+
|
813
|
+
server.start_server do |port|
|
814
|
+
Puppet[:serverport] = port
|
815
|
+
expect {
|
816
|
+
agent.run
|
817
|
+
}.to exit_with(1)
|
818
|
+
.and output(%r{Exiting now because the waitforcert setting is set to 0}).to_stdout
|
819
|
+
.and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
|
820
|
+
end
|
821
|
+
end
|
822
|
+
|
823
|
+
it "exits if the maxwaitforcert time is exceeded" do
|
824
|
+
Puppet[:waitforcert] = 1
|
825
|
+
Puppet[:maxwaitforcert] = 1
|
826
|
+
|
827
|
+
server.start_server do |port|
|
828
|
+
Puppet[:serverport] = port
|
829
|
+
expect {
|
830
|
+
agent.run
|
831
|
+
}.to exit_with(1)
|
832
|
+
.and output(%r{Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate \(127.0.0.1\). Exiting now because the maxwaitforcert timeout has been exceeded.}).to_stdout
|
833
|
+
.and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
|
834
|
+
end
|
835
|
+
end
|
836
|
+
end
|
837
|
+
|
838
|
+
def copy_fixtures(sources, dest)
|
839
|
+
ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
|
840
|
+
File.open(dest, 'w') do |f|
|
841
|
+
sources.each do |s|
|
842
|
+
f.write(File.read(File.join(ssldir, s)))
|
843
|
+
end
|
844
|
+
end
|
845
|
+
end
|
846
|
+
|
847
|
+
it "reloads the CRL between runs" do
|
848
|
+
Puppet[:localcacert] = ca = tmpfile('ca')
|
849
|
+
Puppet[:hostcrl] = crl = tmpfile('crl')
|
850
|
+
Puppet[:hostcert] = cert = tmpfile('cert')
|
851
|
+
Puppet[:hostprivkey] = key = tmpfile('key')
|
852
|
+
|
853
|
+
copy_fixtures(%w[ca.pem intermediate.pem], ca)
|
854
|
+
copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
|
855
|
+
copy_fixtures(%w[127.0.0.1.pem], cert)
|
856
|
+
copy_fixtures(%w[127.0.0.1-key.pem], key)
|
857
|
+
|
858
|
+
revoked = cert_fixture('revoked.pem')
|
859
|
+
revoked_key = key_fixture('revoked-key.pem')
|
860
|
+
|
861
|
+
mounts = {}
|
862
|
+
mounts[:catalog] = -> (req, res) {
|
863
|
+
catalog = compile_to_catalog(<<~MANIFEST, node)
|
864
|
+
file { '#{cert}':
|
865
|
+
ensure => file,
|
866
|
+
content => '#{revoked}'
|
867
|
+
}
|
868
|
+
file { '#{key}':
|
869
|
+
ensure => file,
|
870
|
+
content => '#{revoked_key}'
|
871
|
+
}
|
872
|
+
MANIFEST
|
873
|
+
|
874
|
+
res.body = formatter.render(catalog)
|
875
|
+
res['Content-Type'] = formatter.mime
|
876
|
+
}
|
877
|
+
|
878
|
+
server.start_server(mounts: mounts) do |port|
|
879
|
+
Puppet[:serverport] = port
|
880
|
+
Puppet[:daemonize] = false
|
881
|
+
Puppet[:runinterval] = 1
|
882
|
+
Puppet[:waitforcert] = 1
|
883
|
+
Puppet[:maxwaitforcert] = 1
|
884
|
+
|
885
|
+
# simulate two runs of the agent, then return so we don't infinite loop
|
886
|
+
allow_any_instance_of(Puppet::Daemon).to receive(:run_event_loop) do |instance|
|
887
|
+
instance.agent.run(splay: false)
|
888
|
+
instance.agent.run(splay: false)
|
889
|
+
end
|
890
|
+
|
891
|
+
agent.command_line.args << '--verbose'
|
892
|
+
expect {
|
893
|
+
agent.run
|
894
|
+
}.to exit_with(1)
|
895
|
+
.and output(%r{Exiting now because the maxwaitforcert timeout has been exceeded}).to_stdout
|
896
|
+
.and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
|
897
|
+
end
|
898
|
+
end
|
899
|
+
end
|
743
900
|
end
|
@@ -665,6 +665,18 @@ class amod::bad_type {
|
|
665
665
|
end
|
666
666
|
|
667
667
|
context 'rich data' do
|
668
|
+
let(:deferred_file) { tmpfile('deferred') }
|
669
|
+
let(:deferred_manifest) do <<~END
|
670
|
+
file { '#{deferred_file}':
|
671
|
+
ensure => file,
|
672
|
+
content => '123',
|
673
|
+
} ->
|
674
|
+
notify { 'deferred':
|
675
|
+
message => Deferred('binary_file', ['#{deferred_file}'])
|
676
|
+
}
|
677
|
+
END
|
678
|
+
end
|
679
|
+
|
668
680
|
it "calls a deferred 4x function" do
|
669
681
|
apply.command_line.args = ['-e', 'notify { "deferred3x": message => Deferred("join", [[1,2,3], ":"]) }']
|
670
682
|
|
@@ -681,5 +693,67 @@ class amod::bad_type {
|
|
681
693
|
}.to exit_with(0) # for some reason apply returns 0 instead of 2
|
682
694
|
.and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as 'I am deferred'}).to_stdout
|
683
695
|
end
|
696
|
+
|
697
|
+
it "fails to apply a deferred function with an unsatified prerequisite" do
|
698
|
+
apply.command_line.args = ['-e', deferred_manifest]
|
699
|
+
expect {
|
700
|
+
apply.run
|
701
|
+
}.to exit_with(1) # for some reason apply returns 0 instead of 2
|
702
|
+
.and output(/Compiled catalog/).to_stdout
|
703
|
+
.and output(%r{The given file '#{deferred_file}' does not exist}).to_stderr
|
704
|
+
end
|
705
|
+
|
706
|
+
it "applies a deferred function and its prerequisite in the same run" do
|
707
|
+
Puppet[:preprocess_deferred] = false
|
708
|
+
|
709
|
+
apply.command_line.args = ['-e', deferred_manifest]
|
710
|
+
expect {
|
711
|
+
apply.run
|
712
|
+
}.to exit_with(0) # for some reason apply returns 0 instead of 2
|
713
|
+
.and output(%r{defined 'message' as Binary\("MTIz"\)}).to_stdout
|
714
|
+
end
|
715
|
+
|
716
|
+
it "validates the deferred resource before applying any resources" do
|
717
|
+
undeferred_file = tmpfile('undeferred')
|
718
|
+
|
719
|
+
manifest = <<~END
|
720
|
+
file { '#{undeferred_file}':
|
721
|
+
ensure => file,
|
722
|
+
}
|
723
|
+
file { '#{deferred_file}':
|
724
|
+
ensure => file,
|
725
|
+
content => Deferred('inline_epp', ['<%= 42 %>']),
|
726
|
+
source => 'http://example.com/content',
|
727
|
+
}
|
728
|
+
END
|
729
|
+
apply.command_line.args = ['-e', manifest]
|
730
|
+
expect {
|
731
|
+
apply.run
|
732
|
+
}.to exit_with(1)
|
733
|
+
.and output(/Compiled catalog/).to_stdout
|
734
|
+
.and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
|
735
|
+
|
736
|
+
# validation happens before all resources are applied, so this shouldn't exist
|
737
|
+
expect(File).to_not be_exist(undeferred_file)
|
738
|
+
end
|
739
|
+
|
740
|
+
it "evaluates resources before validating the deferred resource" do
|
741
|
+
Puppet[:preprocess_deferred] = false
|
742
|
+
|
743
|
+
manifest = <<~END
|
744
|
+
notify { 'runs before file': } ->
|
745
|
+
file { '#{deferred_file}':
|
746
|
+
ensure => file,
|
747
|
+
content => Deferred('inline_epp', ['<%= 42 %>']),
|
748
|
+
source => 'http://example.com/content',
|
749
|
+
}
|
750
|
+
END
|
751
|
+
apply.command_line.args = ['-e', manifest]
|
752
|
+
expect {
|
753
|
+
apply.run
|
754
|
+
}.to exit_with(1)
|
755
|
+
.and output(/Notify\[runs before file\]/).to_stdout
|
756
|
+
.and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
|
757
|
+
end
|
684
758
|
end
|
685
759
|
end
|