puppet 0.16.0 → 0.18.4

data/CHANGELOG

@@ -1,3 +1,101 @@
+0.18.4
+    Another bug-fix release.  The most import bug fixed is that
+    cronjobs again work even with initially empty crontabs.
+
+0.18.3
+    Mostly a bug-fix release; fixed small bugs in the functionality added in
+    0.18.2.
+
+0.18.2
+    Added templating support.
+
+    Added reporting.
+
+    Added gem and blastwave packaging support.
+
+0.18.1
+    Added signal handlers for HUP, so both client and server deal correctly with it.
+
+    Added signal handler for USR1, which triggers a run on the client.
+
+    As usual, fixed many bugs.
+
+    Significant fixes to puppetrun -- it should behave much more correctly now.
+
+    Added "fail" function which throws a syntax error if it's encountered.
+
+    Added plugin downloading from the central server to the client.  It must be
+    enabled with --pluginsync.
+
+    Added support for FreeBSD's special "@daily" cron schedules.
+
+    Correctly handling spaces in file sources.
+
+    Moved documentation into svn tree.
+    
+0.18.0
+    Added support for a "default" node.
+
+    When multiple nodes are specified, they must now be comma-separated (this
+    introduces a language incompatibility).
+
+    Failed dependencies cause dependent objects within the same transaction
+    not to run.
+
+    Many updates to puppetrun
+
+    Many bug fixes
+
+    Function names are no longer reserved words.
+
+    Links can now replace files.
+
+0.17.2
+    Added "puppetrun" application and associated runner server and client classes.
+
+    Fixed cron support so it better supports valid values and environment settings.
+
+0.17.1
+    Fixing a bug requiring rails on all Debian boxes
+
+    Fixing a couple of other small bugs
+
+0.17.0
+    Adding ActiveRecord integration on the server
+
+    Adding export/collect functionality
+
+    Fixing many bugs
+
+0.16.5
+    Fixing a critical bug in importing classes from other files
+
+    Fixing nodename handling to actually allow dashes
+
+0.16.4
+    Fixing a critical bug in puppetd when acquiring a certificate for the first
+    time
+
+0.16.3
+    Some significant bug fixes
+
+    Modified puppetd so that it can now function as an agent independent
+    of a puppetmasterd process, e.g., using the PuppetShow web application.
+
+0.16.2
+    Modified some of the AST classes so that class names, definition names, and
+    node names are all set within the code being evaluated, so 'tagged(name)' returns
+    true while evaluating 'name', for instance.
+
+    Added '--clean' argument to puppetca to remove all traces of a given
+    client.
+
+0.16.1
+    Added 'tagged' and 'defined' functions.
+
+    Moved all functions to a general framework that makes it very easy to add new
+    functions.
+
 0.16.0
     Added 'tag' keyword/function.
 

data/Rakefile

@@ -27,6 +27,10 @@ project = Rake::RedLabProject.new("puppet") do |p|
     ]
 
     p.add_dependency('facter', '1.1.0')
+
+    p.epmhosts = %w{culain}
+    p.sunpkghost = "sol10b"
+    p.rpmhost = "fedora1"
 end
 
 if project.has?(:gem)
@@ -61,4 +65,4 @@ if project.has?(:epm)
     end
 end
 
-# $Id: Rakefile 1079 2006-04-05 06:54:13Z luke $
+# $Id: Rakefile 1249 2006-06-09 18:42:08Z luke $

data/bin/puppet

@@ -1,4 +1,4 @@
-#!/usr/bin/ruby
+#!/usr/bin/env ruby
 
 #
 # = Synopsis

data/bin/puppetca

@@ -1,4 +1,4 @@
-#!/usr/bin/ruby
+#!/usr/bin/env ruby
 
 #
 # = Synopsis
@@ -10,6 +10,7 @@
 #
 #   puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
 #               [-g|--generate] [-l|--list] [-s|--sign]
+#               [-c|--clean] [host]
 #
 # = Description
 #
@@ -29,6 +30,9 @@
 # all::
 #   Operate on all outstanding requests.  Only makes sense with '--sign'.
 #
+# clean::
+#    Remove all traces of a host.  This is useful when rebuilding hosts.
+#
 # debug::
 #   Enable full debugging.
 #
@@ -78,6 +82,7 @@ end
 
 options = [
 	[ "--all",	    "-a",			GetoptLong::NO_ARGUMENT ],
+	[ "--clean",    "-c",			GetoptLong::NO_ARGUMENT ],
 	[ "--debug",    "-d",			GetoptLong::NO_ARGUMENT ],
 	[ "--generate", "-g",  			GetoptLong::NO_ARGUMENT ],
 	[ "--help",		"-h",			GetoptLong::NO_ARGUMENT ],
@@ -100,6 +105,8 @@ begin
         case opt
             when "--all"
                 all = true
+            when "--clean"
+                mode = :clean
             when "--debug"
                 Puppet::Log.level = :debug
             when "--generate"
@@ -141,6 +148,9 @@ Puppet.genmanifest
 begin
     ca = Puppet::SSLCertificates::CA.new()
 rescue => detail
+    if Puppet[:debug]
+        puts detail.backtrace
+    end
     puts detail.to_s
     exit(23)
 end
@@ -150,15 +160,23 @@ unless mode
     exit(12)
 end
 
-hosts = ca.list
-unless hosts.length > 0 or mode == :generate
-    Puppet.info "No waiting requests"
-    exit(0)
+if mode == :generate or mode == :clean
+    hosts = ARGV
+else
+    hosts = ca.list
+    unless hosts.length > 0
+        puts "No certificates to sign"
+        exit(0)
+    end
 end
 
 case mode
 when :list
     puts hosts.join("\n")
+when :clean
+    hosts.each do |host|
+        ca.clean(host)
+    end
 when :sign
     unless ARGV.length > 0 or all
         $stderr.puts(
@@ -200,11 +218,7 @@ when :sign
     }
 when :generate
     # we need to generate a certificate for a host
-    unless ARGV.length > 0
-        $stderr.puts "You must specify hosts to generate certs for"
-        exit(84)
-    end
-    ARGV.each { |host|
+    hosts.each { |host|
         puts "Generating certificate for %s" % host
         cert = Puppet::SSLCertificates::Certificate.new(
             :name => host
@@ -221,4 +235,4 @@ else
     exit(42)
 end
 
-# $Id: puppetca 1111 2006-04-12 17:36:14Z luke $
+# $Id: puppetca 1338 2006-06-29 19:29:05Z luke $

data/bin/puppetd

@@ -1,4 +1,4 @@
-#!/usr/bin/ruby
+#!/usr/bin/env ruby
 # == Synopsis 
 #
 # Retrieve the client configuration from the central puppet server and apply
@@ -8,10 +8,10 @@
 #
 # = Usage
 #
-#   puppetd  [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
-#               [-l|--logdest <syslog|<file>|console>] [--fqdn <host name>]
-#               [-o|--onetime] [-w|--waitforcert <seconds>] [-t|--test]
-#               [--disable] [--enable]
+#   puppetd  [-D|--daemonize] [-d|--debug] [--disable] [--enable]
+#       [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console]
+#       [-o|--onetime] [--serve <handler>] [-t|--test]
+#       [-V|--version] [-v|--verbose] [-w|--waitforcert <seconds>]
 #
 # = Description
 #
@@ -26,9 +26,29 @@
 # Once the client has a signed certificate, it will retrieve its configuration
 # and apply it.
 #
-# The vast majority of options are shared between all Puppet executables and
-# are documented completely at
-# http://reductivelabs.com/projects/puppet/documentation.
+# = Usage Notes
+#
+# +puppetd+ does its best to find a compromise between interactive use and
+# daemon use.  Run with no arguments and no configuration, it will go into the
+# backgroun, attempt to get a signed certificate, and retrieve and apply its
+# configuration every 30 minutes.
+#
+# Some flags are meant specifically for interactive use -- in particular,
+# +test+ and +tag+ are useful.  +test+ enables verobse logging, causes
+# the daemon to stay in the foreground, exits if the server's configuration is
+# invalid (this happens if, for instance, you've left a syntax error on the
+# server), and exits after running the configuration once (rather than hanging
+# around as a long-running process).
+#
+# +tag+ allows you to specify what portions of a configuration you want to apply.
+# Puppet elements are tagged with all of the class or definition names that
+# contain them, and you can use the +tag+ flag to specify one of these names,
+# causing only configuration elements contained within that class or definition
+# to be applied.  This is very useful when you are testing new configurations --
+# for instance, if you are just starting to manage +ntpd+, you would put all of
+# the new elements into an +ntpd+ class, and call puppet with +--tag ntpd+,
+# which would only apply that small portion of the configuration during your
+# testing, rather than applying the whole thing.
 #
 # = Options
 #
@@ -36,7 +56,16 @@
 # is also a valid long argument.  For example, 'server' is a valid configuration
 # parameter, so you can specify '--server <servername>' as an argument.
 #
-# See the configuration file for the full list of acceptable parameters.
+# See the configuration file documentation at
+# http://reductivelabs.com/projects/puppet/documentation/puppet-executable-reference
+# for the full list of acceptable parameters.
+#
+# daemonize::
+#   Send the process into the background.  This is the default unless
+#   +verbose+ or +debug+ is enabled.
+#
+# debug::
+#   Enable full debugging.
 #
 # disable::
 #   Disable working on the local system.  This puts a lock file in place,
@@ -50,9 +79,6 @@
 #
 #   +puppetd+ exits after executing this.
 #
-# debug::
-#   Enable full debugging.
-#
 # enable::
 #   Enable working on the local system.  This removes any lock file, causing
 #   +puppetd+ to start managing the local system again (although it will continue
@@ -77,6 +103,13 @@
 #   Run the configuration once, rather than as a long-running daemon.  This is
 #   useful for interactively running puppetd.
 #
+# serve::
+#   Start another type of server.  By default default, +puppetd+ will start
+#   a server that allows authenticated and authorized remote nodes to trigger
+#   the configuration to be pulled down and applied.  You can specify
+#   any other type of service here that does not require configuration,
+#   e.g., filebucket, ca, or pelement.
+#
 # test::
 #   Enable the most common options used for testing.  These are +onetime+,
 #   +verbose+, and +no-usecacheonfailure+.
@@ -88,8 +121,12 @@
 #   Print the puppet version number and exit.
 #
 # waitforcert::
-#   Have the process wait around, continuously retrying for the certificate
-#   each <argument> seconds.
+#   This option only matters for daemons that do not yet have certificates
+#   and it is enabled by default, with a value of 120 (seconds).  This causes
+#   +puppetd+ to connect to the server every 2 minutes and ask it to sign a
+#   certificate request.  This is useful for the initial setup of a puppet
+#   client.  You can turn off waiting for certificates by specifying a time
+#   of 0.
 #
 # = Example
 #
@@ -104,6 +141,11 @@
 # Copyright (c) 2005, 2006 Reductive Labs, LLC
 # Licensed under the GNU Public License
 
+# Do an initial trap, so that cancels don't get a stack trace.
+trap(:INT) do
+    $stderr.puts "Cancelling startup"
+    exit(0)
+end
 
 require 'puppet'
 require 'puppet/server'
@@ -119,6 +161,7 @@ end
 
 options = [
 	[ "--centrallogging",			GetoptLong::NO_ARGUMENT ],
+	[ "--daemonize", "-D",			GetoptLong::NO_ARGUMENT ],
 	[ "--disable",	    			GetoptLong::NO_ARGUMENT ],
 	[ "--debug",	"-d",			GetoptLong::NO_ARGUMENT ],
 	[ "--enable",	    			GetoptLong::NO_ARGUMENT ],
@@ -127,6 +170,7 @@ options = [
 	[ "--logdest",	"-l",			GetoptLong::REQUIRED_ARGUMENT ],
 	[ "--onetime",  "-o",			GetoptLong::NO_ARGUMENT ],
 	[ "--test",	    "-t",			GetoptLong::NO_ARGUMENT ],
+	[ "--no-client",       			GetoptLong::NO_ARGUMENT ],
 	[ "--verbose",	"-v",			GetoptLong::NO_ARGUMENT ],
 	[ "--version",	"-V",			GetoptLong::NO_ARGUMENT ],
 	[ "--waitforcert",	"-w",		GetoptLong::REQUIRED_ARGUMENT ]
@@ -137,40 +181,45 @@ Puppet.config.addargs(options)
 
 result = GetoptLong.new(*options)
 
-server = "puppet"
-fqdn = nil
 args = {}
 
-waitforcert = false
-
-onetime = false
-
-centrallogs = false
-
-setdest = false
-
-enable = false
-disable = false
+options = {
+    :waitforcert => 120,  # Default to checking for certs every 5 minutes
+    :onetime => false,
+    :centrallogs => false,
+    :setdest => false,
+    :enable => false,
+    :disable => false,
+    :client => true,
+    :fqdn => nil,
+    :serve => {}
+}
 
 begin
     result.each { |opt,arg|
         case opt
             # First check to see if the argument is a valid configuration parameter;
             # if so, set it.
+            when "--daemonize"
+                options[:daemonize] = true
             when "--disable"
-                disable = true
+                options[:disable] = true
+            when "--serve"
+                if klass = Puppet::Server::Handler.handler(arg)
+                    options[:serve][klass.name] = klass
+                end
             when "--enable"
-                enable = true
+                options[:enable] = true
             when "--test"
                 # Enable all of the most common test options.
                 Puppet.config.handlearg("--no-usecacheonfailure")
-                onetime = true
+                options[:onetime] = true
                 unless Puppet::Log.level == :debug
                     Puppet::Log.level = :info
                 end
                 Puppet::Log.newdestination(:console)
             when "--centrallogging"
-                centrallogs = true
+                options[:centrallogs] = true
             when "--help"
                 if $haveusage
                     RDoc::usage && exit
@@ -188,20 +237,22 @@ begin
                 Puppet::Log.level = :debug
                 Puppet::Log.newdestination(:console)
             when "--fqdn"
-                fqdn = arg
+                options[:fqdn] = arg
+            when "--no-client"
+                options[:client] = false
             when "--onetime"
-                onetime = true
+                options[:onetime] = true
             when "--port"
                 args[:Port] = arg
             when "--logdest"
                 begin
                     Puppet::Log.newdestination(arg)
-                    setdest = true
+                    options[:setdest] = true
                 rescue => detail
                     $stderr.puts detail.to_s
                 end
             when "--waitforcert"
-                waitforcert = arg.to_i
+                options[:waitforcert] = arg.to_i
             else
                 Puppet.config.handlearg(opt, arg)
         end
@@ -224,22 +275,26 @@ if Puppet[:config] and File.exists? Puppet[:config]
     Puppet.config.parse(Puppet[:config])
 end
 
-if Puppet::Log.level == :debug or Puppet::Log.level == :info
-    args[:Daemonize] = false
-else
-    args[:Daemonize] = true
+# Default to daemonizing, but if verbose or debug is specified,
+# default to staying in the foreground.
+unless options.include?(:daemonize)
+    if Puppet::Log.level == :debug or Puppet::Log.level == :info
+        options[:daemonize] = false
+    else
+        options[:daemonize] = true
+    end
 end
 
-unless setdest
+unless options[:setdest]
     Puppet::Log.newdestination(:syslog)
 end
 
 args[:Server] = Puppet[:server]
-if fqdn
+if options[:fqdn]
     args[:FQDN] = fqdn
 end
 
-if centrallogs
+if options[:centrallogs]
     logdest = args[:Server]
 
     if args.include?(:Port)
@@ -248,62 +303,120 @@ if centrallogs
     Puppet::Log.newdestination(logdest)
 end
 
-Puppet.notice "Starting Puppet client version %s" % [Puppet.version]
-client = Puppet::Client::MasterClient.new(args)
+if options[:onetime]
+    Puppet[:setpidfile] = false
+end
 
-if enable
+# We need tomake the client either way, we just don't start it
+# if --no-client is set.
+client = Puppet::Client::MasterClient.new(args)
+if options[:enable]
     client.enable
-elsif disable
+elsif options[:disable]
     client.disable
 end
 
-if enable or disable
+if options[:enable] or options[:disable]
     exit(0)
 end
 
+server = nil
+
+# It'd be nice to daemonize later, but we have to daemonize before the
+# waitforcert happens.
+if options[:daemonize]
+    client.daemonize
+end
+
 unless client.readcert
-    if waitforcert
+    # If we don't already have the certificate, then create a client to
+    # request one.
+    caclient = Puppet::Client::CA.new(args)
+    if options[:waitforcert] > 0
         begin
-            while ! client.requestcert do
+            while ! caclient.requestcert do
                 Puppet.notice "Did not receive certificate"
-                sleep waitforcert
+                sleep options[:waitforcert]
             end
         rescue => detail
             Puppet.err "Could not request certificate: %s" % detail.to_s
             exit(23)
         end
     else
-        unless client.requestcert
+        unless caclient.requestcert
             Puppet.notice "No certificates; exiting"
             exit(1)
         end
     end
 
-    # Now, because the Net::HTTP object cannot be modified once we've connected,
-    # we need to recreate the client with the certs intact
-    client = Puppet::Client::MasterClient.new(args)
+    # Now read the new cert in.
     unless client.readcert
-        PUppet.err "Could not read certificates after retrieving them"
+        Puppet.err "Could not read certificates after retrieving them"
         exit(34)
     end
 end
 
-if args[:Daemonize]
-    #exit(13)
-    client.daemonize
+objects = []
+
+# This has to go after the certs are dealt with.
+if Puppet[:listen]
+    unless FileTest.exists?(Puppet[:authconfig])
+        $stderr.puts "Will not start without authorization file %s" %
+            Puppet[:authconfig]
+        exit(14)
+    end
+
+    handlers = nil
+
+    if options[:serve].empty?
+        handlers = {:Runner => {}}
+    else
+        handlers = options[:serve].inject({}) do |hash, name, klass|
+            hash[name] = {}
+        end
+    end
+
+    handlers.each do |name, hash|
+        Puppet.info "Starting handler for %s" % name
+    end
+
+    args[:Handlers] = handlers
+    args[:Port] = Puppet[:puppetport]
+
+    begin
+        server = Puppet::Server.new(args)
+    rescue => detail
+        $stderr.puts detail
+        puts detail.backtrace
+        exit(1)
+    end
+
+    objects << server
 end
 
 # now set up the network client with the certs, now that we have them
 client.setcerts
 
-[:INT, :TERM].each do |signal|
-    trap(signal) do
-        Puppet.notice "Caught #{signal}; shutting down"
-        client.shutdown
-    end
+if options[:client]
+    objects << client
 end
 
-if onetime
+# Set traps for INT and TERM
+Puppet.settraps
+
+if options[:onetime]
+    unless options[:client]
+        $stderr.puts "onetime is specified but there is no client"
+        exit(43)
+    end
+
+    if server
+        Puppet.notice "Ignoring --listen on onetime run"
+    end
+
+    # Add the service, so the traps work correctly.
+    Puppet.newservice(client)
+
     begin
         client.run
     rescue => detail
@@ -312,11 +425,21 @@ if onetime
             puts detail.backtrace
         end
     end
+    exit(0)
 else
-    client.start
+    if server
+        Puppet.newservice(server)
+    end
+
+    if options[:client]
+        Puppet.notice "Starting Puppet client version %s" % [Puppet.version]
+        Puppet.newservice(client)
+    end
+
+    Puppet.settraps
 
-    # Mmm, hackish
     Puppet.start
 end
 
-# $Id: puppetd 1108 2006-04-11 23:08:48Z luke $
+
+# $Id: puppetd 1415 2006-07-21 15:37:15Z luke $