puppet 6.0.1-universal-darwin → 6.0.2-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/puppet/defaults.rb +8 -20
  4. data/lib/puppet/face/config.rb +1 -1
  5. data/lib/puppet/face/key.rb +1 -1
  6. data/lib/puppet/provider/exec.rb +1 -4
  7. data/lib/puppet/provider/service/windows.rb +4 -0
  8. data/lib/puppet/provider/user/windows_adsi.rb +9 -1
  9. data/lib/puppet/ssl/host.rb +2 -2
  10. data/lib/puppet/type/resources.rb +12 -2
  11. data/lib/puppet/util/windows/adsi.rb +21 -1
  12. data/lib/puppet/util/windows/process.rb +3 -2
  13. data/lib/puppet/util/windows/service.rb +23 -1
  14. data/lib/puppet/version.rb +1 -1
  15. data/locales/puppet.pot +50 -38
  16. data/man/man5/puppet.conf.5 +7 -30
  17. data/man/man8/puppet-agent.8 +1 -1
  18. data/man/man8/puppet-apply.8 +1 -1
  19. data/man/man8/puppet-catalog.8 +1 -1
  20. data/man/man8/puppet-config.8 +2 -2
  21. data/man/man8/puppet-describe.8 +1 -1
  22. data/man/man8/puppet-device.8 +1 -1
  23. data/man/man8/puppet-doc.8 +1 -1
  24. data/man/man8/puppet-epp.8 +1 -1
  25. data/man/man8/puppet-facts.8 +1 -1
  26. data/man/man8/puppet-filebucket.8 +1 -1
  27. data/man/man8/puppet-generate.8 +1 -1
  28. data/man/man8/puppet-help.8 +1 -1
  29. data/man/man8/puppet-key.8 +2 -2
  30. data/man/man8/puppet-lookup.8 +1 -1
  31. data/man/man8/puppet-man.8 +1 -1
  32. data/man/man8/puppet-module.8 +1 -1
  33. data/man/man8/puppet-node.8 +1 -1
  34. data/man/man8/puppet-parser.8 +1 -1
  35. data/man/man8/puppet-plugin.8 +1 -1
  36. data/man/man8/puppet-report.8 +1 -1
  37. data/man/man8/puppet-resource.8 +1 -1
  38. data/man/man8/puppet-script.8 +1 -1
  39. data/man/man8/puppet-ssl.8 +1 -1
  40. data/man/man8/puppet-status.8 +1 -1
  41. data/man/man8/puppet.8 +2 -2
  42. data/spec/integration/provider/service/windows_spec.rb +5 -5
  43. data/spec/unit/provider/service/windows_spec.rb +14 -0
  44. data/spec/unit/provider/user/windows_adsi_spec.rb +3 -0
  45. data/spec/unit/type/resources_spec.rb +18 -0
  46. data/spec/unit/util/storage_spec.rb +4 -4
  47. data/spec/unit/util/windows/service_spec.rb +36 -1
  48. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: be99f88ff0b755ce5c710b5f9de4dc1b235f1c964ab08a901c272e79643e32eb
4
- data.tar.gz: b9848402ab82dba8b0d947384a42fc3dcc1a1ea3548bc397f6c3dbb100d8b674
3
+ metadata.gz: 2d872500577376e33e680f75e05b7aab2236a1b877ea013a4cbfea1c7961425c
4
+ data.tar.gz: 1300eeaf12a0b4ded918e64edb8a72b82e05dd168bf6b30d97a94bffd3ebb9d0
5
5
  SHA512:
6
- metadata.gz: f853d1ad481fc187d0c4112339381b3e5f6769563881fcaae4730952d54bc122c8b8a488b5e60eebe7fdc2b9d6631f289570e32a2dd1bba3830e0384d0bb117d
7
- data.tar.gz: 8853306a43e26096d01a8ba5b47918fca570256b62e2dade6360710f41c46814c5cecf676e139a404f956b571ad51fdb33e5e5c30961311a8d82d03a0d2f321c
6
+ metadata.gz: 308cf327703f7ec247914d586ae460a0daf824e46cc024efdffa14880bfbb46284190cf0e2c7a87697186734d7396e2fbd7e48523bdb766dd4012347390415ff
7
+ data.tar.gz: a1519b90dbe93f42f60c7bd316c5e02d5d85e3046bf9b28e9cae809fc3847d760e6f0cfe8f443e7ea765d1d15210d8797c47ee166f6c623570870cc4a9738be3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- puppet (6.0.1)
4
+ puppet (6.0.2)
5
5
  CFPropertyList (~> 2.2)
6
6
  facter (>= 2.0.1, < 4)
7
7
  fast_gettext (~> 1.1.2)
@@ -734,9 +734,8 @@ module Puppet
734
734
  :desc => <<EOT,
735
735
  A comma-separated list of alternate DNS names for Puppet Server. These are extra
736
736
  hostnames (in addition to its `certname`) that the server is allowed to use when
737
- serving agents. Puppet checks this setting when automatically requesting a
738
- certificate for Puppet agent or Puppet Server, and when manually generating a
739
- certificate with `puppet cert generate`. These can be either IP or DNS, and the type
737
+ serving agents. Puppet checks this setting when automatically creating a
738
+ certificate for Puppet agent or Puppet Server. These can be either IP or DNS, and the type
740
739
  should be specified and followed with a colon. Untyped inputs will default to DNS.
741
740
 
742
741
  In order to handle agent requests at a given hostname (like
@@ -749,23 +748,12 @@ names.
749
748
 
750
749
  **Note:** The list of alternate names is locked in when the server's
751
750
  certificate is signed. If you need to change the list later, you can't just
752
- change this setting; you also need to:
753
-
754
- * On the server: Stop Puppet Server.
755
- * On the CA server: Revoke and clean the server's old certificate. (`puppet cert clean <NAME>`)
756
- (Note `puppet cert clean` is deprecated and will be replaced with `puppetserver ca clean`
757
- in Puppet 6.)
758
- * On the server: Delete the old certificate (and any old certificate signing requests)
759
- from the [ssldir](https://puppet.com/docs/puppet/latest/dirs_ssldir.html).
760
- * On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to request a new certificate
761
- * On the CA server: Sign the certificate request, explicitly allowing alternate names
762
- (`puppet cert sign --allow-dns-alt-names <NAME>`). (Note `puppet cert sign` is deprecated
763
- and will be replaced with `puppetserver ca sign` in Puppet 6.)
764
- * On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to retrieve the cert.
765
- * On the server: Start Puppet Server again.
751
+ change this setting; you also need to regenerate the certificate. For more
752
+ information on that process, see the [cert regen docs]
753
+ (https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html).
766
754
 
767
755
  To see all the alternate names your servers are using, log into your CA server
768
- and run `puppet cert list -a`, then check the output for `(alt names: ...)`.
756
+ and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`.
769
757
  Most agent nodes should NOT have alternate names; the only certs that should
770
758
  have them are Puppet Server nodes that you want other agents to trust.
771
759
  EOT
@@ -777,7 +765,7 @@ EOT
777
765
  An optional file containing custom attributes to add to certificate signing
778
766
  requests (CSRs). You should ensure that this file does not exist on your CA
779
767
  puppet master; if it does, unwanted certificate extensions may leak into
780
- certificates created with the `puppet cert generate` command.
768
+ certificates created with the `puppetserver ca generate` command.
781
769
 
782
770
  If present, this file must be a YAML hash containing a `custom_attributes` key
783
771
  and/or an `extension_requests` key. The value of each key must be a hash, where
@@ -1070,7 +1058,7 @@ EOT
1070
1058
  and non-zero if the cert should not be autosigned.
1071
1059
 
1072
1060
  If a certificate request is not autosigned, it will persist for review. An admin
1073
- user can use the `puppet cert sign` command to manually sign it, or can delete
1061
+ user can use the `puppetserver ca sign` command to manually sign it, or can delete
1074
1062
  the request.
1075
1063
 
1076
1064
  For info on autosign configuration files, see
@@ -23,7 +23,7 @@ Puppet::Face.define(:config, '0.0.1') do
23
23
  The three most commonly used sections are 'main', 'master', and 'agent'.
24
24
  'Main' is the default, and is used by all Puppet applications. Other
25
25
  sections can override 'main' values for specific applications --- the
26
- 'master' section affects puppet master and puppet cert, and the 'agent'
26
+ 'master' section affects Puppet Server, and the 'agent'
27
27
  section affects puppet agent.
28
28
 
29
29
  Less commonly used is the 'user' section, which affects puppet apply. Any
@@ -8,7 +8,7 @@ Puppet::Indirector::Face.define(:key, '0.0.1') do
8
8
  description <<-'EOT'
9
9
  This subcommand manages certificate private keys. Keys are created
10
10
  automatically by puppet agent and when certificate requests are generated
11
- with 'puppet certificate generate'; it should not be necessary to use this
11
+ with 'puppet ssl submit_request'; it should not be necessary to use this
12
12
  subcommand directly.
13
13
  EOT
14
14
 
@@ -46,10 +46,7 @@ class Puppet::Provider::Exec < Puppet::Provider
46
46
  #
47
47
  # This is backwards compatible all the way to Ruby 1.8.7.
48
48
  Timeout::timeout(resource[:timeout], Timeout::Error) do
49
- # If we're running a command that's meant to be a check on whether we should run
50
- # our actual command (e.g. like a command passed to the :onlyif or :unless properties),
51
- # then we should not set the cwd when executing the check's corresponding command.
52
- cwd = check ? nil : resource[:cwd]
49
+ cwd = resource[:cwd]
53
50
  cwd ||= Dir.pwd
54
51
 
55
52
  # note that we are passing "false" for the "override_locale" parameter, which ensures that the user's
@@ -35,6 +35,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
35
35
  end
36
36
 
37
37
  def enabled?
38
+ return :false unless Puppet::Util::Windows::Service.exists?(@resource[:name])
39
+
38
40
  start_type = Puppet::Util::Windows::Service.service_start_type(@resource[:name])
39
41
  debug("Service #{@resource[:name]} start type is #{start_type}")
40
42
  case start_type
@@ -74,6 +76,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
74
76
  end
75
77
 
76
78
  def status
79
+ return :stopped unless Puppet::Util::Windows::Service.exists?(@resource[:name])
80
+
77
81
  current_state = Puppet::Util::Windows::Service.service_state(@resource[:name])
78
82
  state = case current_state
79
83
  when :SERVICE_STOPPED,
@@ -124,7 +124,15 @@ Puppet::Type.type(:user).provide :windows_adsi do
124
124
  end
125
125
 
126
126
  def password=(value)
127
- user.password = value
127
+ if user.disabled?
128
+ warning _("The user account '%s' is disabled; puppet will not reset the password" % @resource[:name])
129
+ elsif user.locked_out?
130
+ warning _("The user account '%s' is locked out; puppet will not reset the password" % @resource[:name])
131
+ elsif user.expired?
132
+ warning _("The user account '%s' is expired; puppet will not reset the password" % @resource[:name])
133
+ else
134
+ user.password = value
135
+ end
128
136
  end
129
137
 
130
138
  def uid
@@ -159,7 +159,7 @@ The certificate retrieved from the master does not match the agent's private key
159
159
  Certificate fingerprint: %{fingerprint}
160
160
  To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
161
161
  On the master:
162
- puppet cert clean %{cert_name}
162
+ puppetserver ca clean --certname %{cert_name}
163
163
  On the agent:
164
164
  1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
165
165
  1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f
@@ -261,7 +261,7 @@ CSR public key: %{csr_public_key}
261
261
  Agent public key: %{agent_public_key}
262
262
  To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
263
263
  On the master:
264
- puppet cert clean %{cert_name}
264
+ puppetserver ca clean --certname %{cert_name}
265
265
  On the agent:
266
266
  1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
267
267
  1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f
@@ -87,6 +87,12 @@ Puppet::Type.newtype(:resources) do
87
87
  end
88
88
  end
89
89
 
90
+ WINDOWS_SYSTEM_SID_REGEXES =
91
+ # Administrator, Guest, Domain Admins, Schema Admins, Enterprise Admins.
92
+ # https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
93
+ [/S-1-5-21.+-500/, /S-1-5-21.+-501/, /S-1-5-21.+-512/, /S-1-5-21.+-518/,
94
+ /S-1-5-21.+-519/]
95
+
90
96
  def check(resource)
91
97
  @checkmethod ||= "#{self[:name]}_check"
92
98
  @hascheck ||= respond_to?(@checkmethod)
@@ -145,8 +151,12 @@ Puppet::Type.newtype(:resources) do
145
151
 
146
152
  return false if system_users.include?(resource[:name])
147
153
  return false if unless_uids && unless_uids.include?(current_uid)
148
-
149
- current_uid > self[:unless_system_user]
154
+ if current_uid.is_a?(String)
155
+ # Windows user; is a system user if any regex matches.
156
+ WINDOWS_SYSTEM_SID_REGEXES.none? { |regex| current_uid =~ regex }
157
+ else
158
+ current_uid > self[:unless_system_user]
159
+ end
150
160
  end
151
161
 
152
162
  def system_users
@@ -134,7 +134,7 @@ module Puppet::Util::Windows::ADSI
134
134
 
135
135
  def parse_name(name)
136
136
  if name =~ /\//
137
- raise Puppet::Error.new( _("Value must be in DOMAIN\\user style syntax") )
137
+ raise Puppet::Error.new( _("Value must be in DOMAIN\\%{object_class} style syntax") % { object_class: @object_class } )
138
138
  end
139
139
 
140
140
  matches = name.scan(/((.*)\\)?(.*)/)
@@ -434,6 +434,26 @@ module Puppet::Util::Windows::ADSI
434
434
  op_userflags(*flags) { |userflags, flag| userflags & ~ADS_USERFLAGS[flag] }
435
435
  end
436
436
 
437
+ def disabled?
438
+ userflag_set?(:ADS_UF_ACCOUNTDISABLE)
439
+ end
440
+
441
+ def locked_out?
442
+ # Note that the LOCKOUT flag is known to be inaccurate when using the
443
+ # LDAP IADsUser provider, but this class consistently uses the WinNT
444
+ # provider, which is expected to be accurate.
445
+ userflag_set?(:ADS_UF_LOCKOUT)
446
+ end
447
+
448
+ def expired?
449
+ expires = native_object.Get('AccountExpirationDate')
450
+ expires && expires < Time.now
451
+ rescue WIN32OLERuntimeError => e
452
+ # This OLE error code indicates the property can't be found in the cache
453
+ raise e unless e.message =~ /8000500D/m
454
+ false
455
+ end
456
+
437
457
  # UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
438
458
  MAX_USERNAME_LENGTH = 256
439
459
  def self.current_user_name
@@ -7,6 +7,7 @@ module Puppet::Util::Windows::Process
7
7
  extend FFI::Library
8
8
 
9
9
  WAIT_TIMEOUT = 0x102
10
+ WAIT_INTERVAL = 200
10
11
 
11
12
  def execute(command, arguments, stdin, stdout, stderr)
12
13
  create_args = {
@@ -29,8 +30,8 @@ module Puppet::Util::Windows::Process
29
30
  module_function :execute
30
31
 
31
32
  def wait_process(handle)
32
- while WaitForSingleObject(handle, 0) == WAIT_TIMEOUT
33
- sleep(1)
33
+ while WaitForSingleObject(handle, WAIT_INTERVAL) == WAIT_TIMEOUT
34
+ sleep(0)
34
35
  end
35
36
 
36
37
  exit_status = -1
@@ -17,6 +17,10 @@ module Puppet::Util::Windows
17
17
  # no shorter
18
18
  DEFAULT_TIMEOUT = 30
19
19
 
20
+ # Service error codes
21
+ # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
22
+ ERROR_SERVICE_DOES_NOT_EXIST = 0x00000424
23
+
20
24
  # Service control codes
21
25
  # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-controlserviceexw
22
26
  SERVICE_CONTROL_STOP = 0x00000001
@@ -249,6 +253,19 @@ module Puppet::Util::Windows
249
253
  )
250
254
  end
251
255
 
256
+ # Returns true if the service exists, false otherwise.
257
+ #
258
+ # @param [:string] service_name name of the service
259
+ def exists?(service_name)
260
+ open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_STATUS) do |_|
261
+ true
262
+ end
263
+ rescue Puppet::Util::Windows::Error => e
264
+ return false if e.code == ERROR_SERVICE_DOES_NOT_EXIST
265
+ raise e
266
+ end
267
+ module_function :exists?
268
+
252
269
  # Start a windows service, assume that the service is already in the stopped state
253
270
  #
254
271
  # @param [:string] service_name name of the service to start
@@ -446,13 +463,18 @@ module Puppet::Util::Windows
446
463
  # @param [Integer] service_access code corresponding to the access type requested for the service
447
464
  # @yieldparam [:handle] service the windows native handle used to access
448
465
  # the service
466
+ # @return the result of the block
449
467
  def open_service(service_name, scm_access, service_access, &block)
450
468
  service = FFI::Pointer::NULL_HANDLE
469
+
470
+ result = nil
451
471
  open_scm(scm_access) do |scm|
452
472
  service = OpenServiceW(scm, wide_string(service_name), service_access)
453
473
  raise Puppet::Util::Windows::Error.new(_("Failed to open a handle to the service")) if service == FFI::Pointer::NULL_HANDLE
454
- yield service
474
+ result = yield service
455
475
  end
476
+
477
+ result
456
478
  ensure
457
479
  CloseServiceHandle(service)
458
480
  end
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '6.0.1'
9
+ PUPPETVERSION = '6.0.2'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and
data/locales/puppet.pot CHANGED
@@ -6,11 +6,11 @@
6
6
  #, fuzzy
7
7
  msgid ""
8
8
  msgstr ""
9
- "Project-Id-Version: Puppet automation framework 6.0.0-75-g8fd4c49\n"
9
+ "Project-Id-Version: Puppet automation framework 6.0.1-45-g4becbeb\n"
10
10
  "\n"
11
11
  "Report-Msgid-Bugs-To: https://tickets.puppetlabs.com\n"
12
- "POT-Creation-Date: 2018-09-26 14:07+0000\n"
13
- "PO-Revision-Date: 2018-09-26 14:07+0000\n"
12
+ "POT-Creation-Date: 2018-10-03 20:05+0000\n"
13
+ "PO-Revision-Date: 2018-10-03 20:05+0000\n"
14
14
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
15
15
  "Language-Team: LANGUAGE <LL@li.org>\n"
16
16
  "Language: \n"
@@ -629,15 +629,15 @@ msgstr ""
629
629
  msgid "Certificate names must be lower case"
630
630
  msgstr ""
631
631
 
632
- #: ../lib/puppet/defaults.rb:973 ../lib/puppet/settings/enum_setting.rb:13 ../lib/puppet/settings/symbolic_enum_setting.rb:14
632
+ #: ../lib/puppet/defaults.rb:961 ../lib/puppet/settings/enum_setting.rb:13 ../lib/puppet/settings/symbolic_enum_setting.rb:14
633
633
  msgid "Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'"
634
634
  msgstr ""
635
635
 
636
- #: ../lib/puppet/defaults.rb:1488 ../lib/puppet/defaults.rb:1503
636
+ #: ../lib/puppet/defaults.rb:1476 ../lib/puppet/defaults.rb:1491
637
637
  msgid "Attempted to set both server and server_list."
638
638
  msgstr ""
639
639
 
640
- #: ../lib/puppet/defaults.rb:1489 ../lib/puppet/defaults.rb:1504
640
+ #: ../lib/puppet/defaults.rb:1477 ../lib/puppet/defaults.rb:1492
641
641
  msgid "Server setting will not be used."
642
642
  msgstr ""
643
643
 
@@ -6207,7 +6207,7 @@ msgstr ""
6207
6207
  msgid "Overriding environment setting '%{var}' with '%{value}'"
6208
6208
  msgstr ""
6209
6209
 
6210
- #: ../lib/puppet/provider/exec.rb:94
6210
+ #: ../lib/puppet/provider/exec.rb:91
6211
6211
  msgid "'%{command}' is not qualified and no path was specified. Please qualify the command or specify a path."
6212
6212
  msgstr ""
6213
6213
 
@@ -6779,19 +6779,19 @@ msgstr ""
6779
6779
  msgid "Cannot enable %{resource_name} for manual start, error was: %{detail}"
6780
6780
  msgstr ""
6781
6781
 
6782
- #: ../lib/puppet/provider/service/windows.rb:50
6782
+ #: ../lib/puppet/provider/service/windows.rb:52
6783
6783
  msgid "Unknown start type: %{start_type}"
6784
6784
  msgstr ""
6785
6785
 
6786
- #: ../lib/puppet/provider/service/windows.rb:53
6786
+ #: ../lib/puppet/provider/service/windows.rb:55
6787
6787
  msgid "Cannot get start type %{resource_name}, error was: %{detail}"
6788
6788
  msgstr ""
6789
6789
 
6790
- #: ../lib/puppet/provider/service/windows.rb:60
6790
+ #: ../lib/puppet/provider/service/windows.rb:62
6791
6791
  msgid "Will not start disabled service %{resource_name} without managing enable. Specify 'enable => false' to override."
6792
6792
  msgstr ""
6793
6793
 
6794
- #: ../lib/puppet/provider/service/windows.rb:89
6794
+ #: ../lib/puppet/provider/service/windows.rb:93
6795
6795
  msgid "Unknown service state '%{current_state}' for service '%{resource_name}'"
6796
6796
  msgstr ""
6797
6797
 
@@ -6813,6 +6813,18 @@ msgstr ""
6813
6813
  msgid "ruby-shadow doesn't support %{method}"
6814
6814
  msgstr ""
6815
6815
 
6816
+ #: ../lib/puppet/provider/user/windows_adsi.rb:128
6817
+ msgid "The user account '%s' is disabled; puppet will not reset the password"
6818
+ msgstr ""
6819
+
6820
+ #: ../lib/puppet/provider/user/windows_adsi.rb:130
6821
+ msgid "The user account '%s' is locked out; puppet will not reset the password"
6822
+ msgstr ""
6823
+
6824
+ #: ../lib/puppet/provider/user/windows_adsi.rb:132
6825
+ msgid "The user account '%s' is expired; puppet will not reset the password"
6826
+ msgstr ""
6827
+
6816
6828
  #: ../lib/puppet/reference/indirection.rb:22
6817
6829
  msgid "Could not build docs for indirector %{name}, terminus %{terminus}: could not locate terminus."
6818
6830
  msgstr ""
@@ -7445,7 +7457,7 @@ msgid ""
7445
7457
  "Certificate fingerprint: %{fingerprint}\n"
7446
7458
  "To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.\n"
7447
7459
  "On the master:\n"
7448
- " puppet cert clean %{cert_name}\n"
7460
+ " puppetserver ca clean --certname %{cert_name}\n"
7449
7461
  "On the agent:\n"
7450
7462
  " 1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete\n"
7451
7463
  " 1b. On Windows: del \"%{cert_dir}\\\\%{cert_name}.pem\" /f\n"
@@ -7473,7 +7485,7 @@ msgid ""
7473
7485
  "Agent public key: %{agent_public_key}\n"
7474
7486
  "To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.\n"
7475
7487
  "On the master:\n"
7476
- " puppet cert clean %{cert_name}\n"
7488
+ " puppetserver ca clean --certname %{cert_name}\n"
7477
7489
  "On the agent:\n"
7478
7490
  " 1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete\n"
7479
7491
  " 1b. On Windows: del \"%{cert_dir}\\\\%{cert_name}.pem\" /f\n"
@@ -8095,11 +8107,11 @@ msgstr ""
8095
8107
  msgid "Invalid value %{value}"
8096
8108
  msgstr ""
8097
8109
 
8098
- #: ../lib/puppet/type/resources.rb:103
8110
+ #: ../lib/puppet/type/resources.rb:109
8099
8111
  msgid "The 'ensure' attribute on %{name} resources does not accept 'absent' as a value"
8100
8112
  msgstr ""
8101
8113
 
8102
- #: ../lib/puppet/type/resources.rb:130
8114
+ #: ../lib/puppet/type/resources.rb:136
8103
8115
  msgid "Could not find resource type"
8104
8116
  msgstr ""
8105
8117
 
@@ -9105,7 +9117,7 @@ msgid "Must use a valid SID::Principal"
9105
9117
  msgstr ""
9106
9118
 
9107
9119
  #: ../lib/puppet/util/windows/adsi.rb:137
9108
- msgid "Value must be in DOMAIN\\user style syntax"
9120
+ msgid "Value must be in DOMAIN\\%{object_class} style syntax"
9109
9121
  msgstr ""
9110
9122
 
9111
9123
  #: ../lib/puppet/util/windows/adsi.rb:163
@@ -9132,15 +9144,15 @@ msgstr ""
9132
9144
  msgid "Unrecognized ADS UserFlags: %{unrecognized_flags}"
9133
9145
  msgstr ""
9134
9146
 
9135
- #: ../lib/puppet/util/windows/adsi.rb:447
9147
+ #: ../lib/puppet/util/windows/adsi.rb:467
9136
9148
  msgid "Failed to get user name"
9137
9149
  msgstr ""
9138
9150
 
9139
- #: ../lib/puppet/util/windows/adsi.rb:484
9151
+ #: ../lib/puppet/util/windows/adsi.rb:504
9140
9152
  msgid "Cannot delete user profile for '%{sid}' prior to Vista SP1"
9141
9153
  msgstr ""
9142
9154
 
9143
- #: ../lib/puppet/util/windows/adsi.rb:502
9155
+ #: ../lib/puppet/util/windows/adsi.rb:522
9144
9156
  msgid "Cannot create group if user '%{name}' exists."
9145
9157
  msgstr ""
9146
9158
 
@@ -9216,27 +9228,27 @@ msgstr ""
9216
9228
  msgid "Failed to call LookupAccountSidW with bytes: %{sid_bytes}"
9217
9229
  msgstr ""
9218
9230
 
9219
- #: ../lib/puppet/util/windows/process.rb:39
9231
+ #: ../lib/puppet/util/windows/process.rb:40
9220
9232
  msgid "Failed to get child process exit code"
9221
9233
  msgstr ""
9222
9234
 
9223
- #: ../lib/puppet/util/windows/process.rb:232
9235
+ #: ../lib/puppet/util/windows/process.rb:233
9224
9236
  msgid "GetVersionEx failed"
9225
9237
  msgstr ""
9226
9238
 
9227
- #: ../lib/puppet/util/windows/process.rb:261
9239
+ #: ../lib/puppet/util/windows/process.rb:262
9228
9240
  msgid "Discarding environment variable %{string} which contains invalid bytes"
9229
9241
  msgstr ""
9230
9242
 
9231
- #: ../lib/puppet/util/windows/process.rb:277
9243
+ #: ../lib/puppet/util/windows/process.rb:278
9232
9244
  msgid "environment variable name must not be nil or empty"
9233
9245
  msgstr ""
9234
9246
 
9235
- #: ../lib/puppet/util/windows/process.rb:282
9247
+ #: ../lib/puppet/util/windows/process.rb:283
9236
9248
  msgid "Failed to remove environment variable: %{name}"
9237
9249
  msgstr ""
9238
9250
 
9239
- #: ../lib/puppet/util/windows/process.rb:287
9251
+ #: ../lib/puppet/util/windows/process.rb:288
9240
9252
  msgid "Failed to set environment variable: %{name}"
9241
9253
  msgstr ""
9242
9254
 
@@ -9332,55 +9344,55 @@ msgstr ""
9332
9344
  msgid "Failed to set security information"
9333
9345
  msgstr ""
9334
9346
 
9335
- #: ../lib/puppet/util/windows/service.rb:259
9347
+ #: ../lib/puppet/util/windows/service.rb:276
9336
9348
  msgid "Failed to start the service"
9337
9349
  msgstr ""
9338
9350
 
9339
- #: ../lib/puppet/util/windows/service.rb:275
9351
+ #: ../lib/puppet/util/windows/service.rb:292
9340
9352
  msgid "Failed to send stop control to service, current state is %{current_state}. Failed with"
9341
9353
  msgstr ""
9342
9354
 
9343
- #: ../lib/puppet/util/windows/service.rb:294
9355
+ #: ../lib/puppet/util/windows/service.rb:311
9344
9356
  msgid "Unknown Service state '%{current_state}' for '%{service_name}'"
9345
9357
  msgstr ""
9346
9358
 
9347
- #: ../lib/puppet/util/windows/service.rb:311
9359
+ #: ../lib/puppet/util/windows/service.rb:328
9348
9360
  msgid "Unknown start type '%{start_type}' for '%{service_name}'"
9349
9361
  msgstr ""
9350
9362
 
9351
- #: ../lib/puppet/util/windows/service.rb:326
9363
+ #: ../lib/puppet/util/windows/service.rb:343
9352
9364
  msgid "Unknown start type %{start_type}"
9353
9365
  msgstr ""
9354
9366
 
9355
- #: ../lib/puppet/util/windows/service.rb:347
9367
+ #: ../lib/puppet/util/windows/service.rb:364
9356
9368
  msgid "Failed to update service configuration"
9357
9369
  msgstr ""
9358
9370
 
9359
- #: ../lib/puppet/util/windows/service.rb:407
9371
+ #: ../lib/puppet/util/windows/service.rb:424
9360
9372
  msgid "Failed to fetch services"
9361
9373
  msgstr ""
9362
9374
 
9363
- #: ../lib/puppet/util/windows/service.rb:453
9375
+ #: ../lib/puppet/util/windows/service.rb:473
9364
9376
  msgid "Failed to open a handle to the service"
9365
9377
  msgstr ""
9366
9378
 
9367
- #: ../lib/puppet/util/windows/service.rb:468
9379
+ #: ../lib/puppet/util/windows/service.rb:490
9368
9380
  msgid "Failed to open a handle to the service control manager"
9369
9381
  msgstr ""
9370
9382
 
9371
- #: ../lib/puppet/util/windows/service.rb:532 ../lib/puppet/util/windows/service.rb:568
9383
+ #: ../lib/puppet/util/windows/service.rb:554 ../lib/puppet/util/windows/service.rb:590
9372
9384
  msgid "Service query failed"
9373
9385
  msgstr ""
9374
9386
 
9375
- #: ../lib/puppet/util/windows/service.rb:594
9387
+ #: ../lib/puppet/util/windows/service.rb:616
9376
9388
  msgid "Transition timed out, service still in %{current_state}"
9377
9389
  msgstr ""
9378
9390
 
9379
- #: ../lib/puppet/util/windows/service.rb:616
9391
+ #: ../lib/puppet/util/windows/service.rb:638
9380
9392
  msgid "Service was not in pending state: %{pending_state}, current state is %{current_state}"
9381
9393
  msgstr ""
9382
9394
 
9383
- #: ../lib/puppet/util/windows/service.rb:634
9395
+ #: ../lib/puppet/util/windows/service.rb:656
9384
9396
  msgid "Pending operation timed out, service still in %{current_state}"
9385
9397
  msgstr ""
9386
9398
 
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPETCONF" "5" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPETCONF" "5" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  \fBThis page is autogenerated; any changes will get overwritten\fR
6
6
  .
7
7
  .SH "Configuration settings"
@@ -94,7 +94,7 @@ The file specified in this setting may be either a \fBconfiguration file\fR or a
94
94
  If a custom policy executable is configured, the CA puppet master will run it every time it receives a CSR\. The executable will be passed the subject CN of the request \fIas a command line argument,\fR and the contents of the CSR in PEM format \fIon stdin\.\fR It should exit with a status of 0 if the cert should be autosigned and non\-zero if the cert should not be autosigned\.
95
95
  .
96
96
  .P
97
- If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppet cert sign\fR command to manually sign it, or can delete the request\.
97
+ If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppetserver ca sign\fR command to manually sign it, or can delete the request\.
98
98
  .
99
99
  .P
100
100
  For info on autosign configuration files, see the guide to Puppet\'s config files \fIhttps://puppet\.com/docs/puppet/latest/config_about_settings\.html\fR\.
@@ -363,7 +363,7 @@ Setting a global value for config_version in puppet\.conf is not allowed (but it
363
363
  Prints the value of a specific configuration setting\. If the name of a setting is provided for this, then the value is printed and puppet exits\. Comma\-separate multiple values\. For a list of all values, specify \'all\'\. This setting is deprecated, the \'puppet config\' command replaces this functionality\.
364
364
  .
365
365
  .SS "csr_attributes"
366
- An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA puppet master; if it does, unwanted certificate extensions may leak into certificates created with the \fBpuppet cert generate\fR command\.
366
+ An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA puppet master; if it does, unwanted certificate extensions may leak into certificates created with the \fBpuppetserver ca generate\fR command\.
367
367
  .
368
368
  .P
369
369
  If present, this file must be a YAML hash containing a \fBcustom_attributes\fR key and/or an \fBextension_requests\fR key\. The value of each key must be a hash, where each key is a valid OID and each value is an object that can be cast to a string\.
@@ -516,39 +516,16 @@ Valid values for this setting are:
516
516
  .IP "" 0
517
517
  .
518
518
  .SS "dns_alt_names"
519
- A comma\-separated list of alternate DNS names for Puppet Server\. These are extra hostnames (in addition to its \fBcertname\fR) that the server is allowed to use when serving agents\. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with \fBpuppet cert generate\fR\. These can be either IP or DNS, and the type should be specified and followed with a colon\. Untyped inputs will default to DNS\.
519
+ A comma\-separated list of alternate DNS names for Puppet Server\. These are extra hostnames (in addition to its \fBcertname\fR) that the server is allowed to use when serving agents\. Puppet checks this setting when automatically creating a certificate for Puppet agent or Puppet Server\. These can be either IP or DNS, and the type should be specified and followed with a colon\. Untyped inputs will default to DNS\.
520
520
  .
521
521
  .P
522
522
  In order to handle agent requests at a given hostname (like "puppet\.example\.com"), Puppet Server needs a certificate that proves it\'s allowed to use that name; if a server shows a certificate that doesn\'t include its hostname, Puppet agents will refuse to trust it\. If you use a single hostname for Puppet traffic but load\-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names\.
523
523
  .
524
524
  .P
525
- \fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to:
526
- .
527
- .IP "\(bu" 4
528
- On the server: Stop Puppet Server\.
529
- .
530
- .IP "\(bu" 4
531
- On the CA server: Revoke and clean the server\'s old certificate\. (\fBpuppet cert clean <NAME>\fR) (Note \fBpuppet cert clean\fR is deprecated and will be replaced with \fBpuppetserver ca clean\fR in Puppet 6\.)
532
- .
533
- .IP "\(bu" 4
534
- On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir \fIhttps://puppet\.com/docs/puppet/latest/dirs_ssldir\.html\fR\.
535
- .
536
- .IP "\(bu" 4
537
- On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to request a new certificate
538
- .
539
- .IP "\(bu" 4
540
- On the CA server: Sign the certificate request, explicitly allowing alternate names (\fBpuppet cert sign \-\-allow\-dns\-alt\-names <NAME>\fR)\. (Note \fBpuppet cert sign\fR is deprecated and will be replaced with \fBpuppetserver ca sign\fR in Puppet 6\.)
541
- .
542
- .IP "\(bu" 4
543
- On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to retrieve the cert\.
544
- .
545
- .IP "\(bu" 4
546
- On the server: Start Puppet Server again\.
547
- .
548
- .IP "" 0
525
+ \fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to regenerate the certificate\. For more information on that process, see the [cert regen docs] (https://puppet\.com/docs/puppet/latest/ssl_regenerate_certificates\.html)\.
549
526
  .
550
527
  .P
551
- To see all the alternate names your servers are using, log into your CA server and run \fBpuppet cert list \-a\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
528
+ To see all the alternate names your servers are using, log into your CA server and run \fBpuppetserver ca list \-\-all\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
552
529
  .
553
530
  .SS "document_all"
554
531
  Whether to document all resources when using \fBpuppet doc\fR to generate manifest documentation\.
@@ -891,7 +868,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
891
868
  The HTTP User\-Agent string to send when making network requests\.
892
869
  .
893
870
  .IP "\(bu" 4
894
- \fIDefault\fR: Puppet/6\.0\.1 Ruby/2\.4\.1\-p111 (x86_64\-linux)
871
+ \fIDefault\fR: Puppet/6\.0\.2 Ruby/2\.4\.1\-p111 (x86_64\-linux)
895
872
  .
896
873
  .IP "" 0
897
874
  .
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-AGENT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-AGENT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-agent\fR \- The puppet agent daemon
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-APPLY" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-APPLY" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-apply\fR \- Apply Puppet manifests locally
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CATALOG" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CATALOG" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CONFIG" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CONFIG" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
@@ -35,7 +35,7 @@ Whether to log debug information\.
35
35
  The section of the puppet\.conf configuration file to interact with\.
36
36
  .
37
37
  .IP
38
- The three most commonly used sections are \'main\', \'master\', and \'agent\'\. \'Main\' is the default, and is used by all Puppet applications\. Other sections can override \'main\' values for specific applications \-\-\- the \'master\' section affects puppet master and puppet cert, and the \'agent\' section affects puppet agent\.
38
+ The three most commonly used sections are \'main\', \'master\', and \'agent\'\. \'Main\' is the default, and is used by all Puppet applications\. Other sections can override \'main\' values for specific applications \-\-\- the \'master\' section affects Puppet Server, and the \'agent\' section affects puppet agent\.
39
39
  .
40
40
  .IP
41
41
  Less commonly used is the \'user\' section, which affects puppet apply\. Any other section will be treated as the name of a legacy environment (a deprecated feature), and can only include the \'manifest\' and \'modulepath\' settings\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DESCRIBE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DESCRIBE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-describe\fR \- Display help about resource types
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DEVICE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DEVICE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-device\fR \- Manage remote network devices
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DOC" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DOC" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-doc\fR \- Generate Puppet references
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-EPP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-EPP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FACTS" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FACTS" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-facts\fR \- Retrieve and store facts\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FILEBUCKET" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FILEBUCKET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-GENERATE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-GENERATE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-HELP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-HELP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-help\fR \- Display Puppet help\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-KEY" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-KEY" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.
@@ -10,7 +10,7 @@
10
10
  puppet key \fIaction\fR [\-\-terminus _TERMINUS] [\-\-extra HASH]
11
11
  .
12
12
  .SH "DESCRIPTION"
13
- This subcommand manages certificate private keys\. Keys are created automatically by puppet agent and when certificate requests are generated with \'puppet certificate generate\'; it should not be necessary to use this subcommand directly\.
13
+ This subcommand manages certificate private keys\. Keys are created automatically by puppet agent and when certificate requests are generated with \'puppet ssl submit_request\'; it should not be necessary to use this subcommand directly\.
14
14
  .
15
15
  .SH "OPTIONS"
16
16
  Note that any setting that\'s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action\. For example, \fBserver\fR and \fBrun_mode\fR are valid settings, so you can specify \fB\-\-server <servername>\fR, or \fB\-\-run_mode <runmode>\fR as an argument\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-LOOKUP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-LOOKUP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-lookup\fR \- Interactive Hiera lookup
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MAN" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MAN" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-man\fR \- Display Puppet manual pages\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MODULE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MODULE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-NODE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-NODE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-node\fR \- View and manage node definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PARSER" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PARSER" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-parser\fR \- Interact directly with the parser\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PLUGIN" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PLUGIN" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-REPORT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-REPORT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-report\fR \- Create, display, and submit reports\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-RESOURCE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-RESOURCE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-resource\fR \- The resource abstraction layer shell
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SCRIPT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SCRIPT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SSL" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SSL" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-STATUS" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-STATUS" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-status\fR \- View puppet server status\.
data/man/man8/puppet.8 CHANGED
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET" "8" "September 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
25
25
  catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
26
26
  .
27
27
  .P
28
- See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.0\.1
28
+ See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.0\.2
@@ -12,17 +12,17 @@ describe test_title, '(integration)', :if => Puppet::Util::Platform.windows? do
12
12
  Puppet::Type.type(:service).stubs(:defaultprovider).returns provider_class
13
13
  end
14
14
 
15
- context 'should fail querying services that do not exist' do
15
+ context 'should return valid values when querying a service that does not exist' do
16
16
  let(:service) do
17
17
  Puppet::Type.type(:service).new(:name => 'foobarservice1234')
18
18
  end
19
19
 
20
- it "with a Puppet::Error when querying enabled?" do
21
- expect { service.provider.enabled? }.to raise_error(Puppet::Error)
20
+ it "with :false when asked if enabled" do
21
+ expect(service.provider.enabled?).to eql(:false)
22
22
  end
23
23
 
24
- it "with a Puppet::Error when querying status" do
25
- expect { service.provider.status }.to raise_error(Puppet::Error)
24
+ it "with :stopped when asked about status" do
25
+ expect(service.provider.status).to eql(:stopped)
26
26
  end
27
27
  end
28
28
 
@@ -22,6 +22,8 @@ describe 'Puppet::Type::Service::Provider::Windows',
22
22
  # make sure we never actually execute anything (there are two execute methods)
23
23
  provider.class.expects(:execute).never
24
24
  provider.expects(:execute).never
25
+
26
+ service_util.stubs(:exists?).with(resource[:name]).returns(true)
25
27
  end
26
28
 
27
29
  describe ".instances" do
@@ -76,6 +78,12 @@ describe 'Puppet::Type::Service::Provider::Windows',
76
78
  end
77
79
 
78
80
  describe "#status" do
81
+ it "should report a nonexistent service as stopped" do
82
+ service_util.stubs(:exists?).with(resource[:name]).returns(false)
83
+
84
+ expect(provider.status).to eql(:stopped)
85
+ end
86
+
79
87
  [
80
88
  :SERVICE_STOPPED,
81
89
  :SERVICE_PAUSED,
@@ -121,6 +129,12 @@ describe 'Puppet::Type::Service::Provider::Windows',
121
129
  end
122
130
 
123
131
  describe "#enabled?" do
132
+ it "should report a nonexistent service as false" do
133
+ service_util.stubs(:exists?).with(resource[:name]).returns(false)
134
+
135
+ expect(provider.enabled?).to eql(:false)
136
+ end
137
+
124
138
  it "should report a service with a startup type of manual as manual" do
125
139
  service_util.expects(:service_start_type).with(name).returns(:SERVICE_DEMAND_START)
126
140
  expect(provider.enabled?).to eq(:manual)
@@ -218,6 +218,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet::Util::
218
218
  end
219
219
 
220
220
  it "should set a user's password" do
221
+ provider.user.expects(:disabled?).returns(false)
222
+ provider.user.expects(:locked_out?).returns(false)
223
+ provider.user.expects(:expired?).returns(false)
221
224
  provider.user.expects(:password=).with('plaintextbad')
222
225
 
223
226
  provider.password = "plaintextbad"
@@ -100,6 +100,24 @@ describe resources do
100
100
  user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
101
101
  expect(res.user_check(user)).to be_falsey
102
102
  end
103
+
104
+ it "should not purge Windows system users" do
105
+ res = Puppet::Type.type(:resources).new :name => :user, :purge => true
106
+ res.catalog = Puppet::Resource::Catalog.new
107
+ user_hash = {:name => 'Administrator', :uid => 'S-1-5-21-12345-500'}
108
+ user = Puppet::Type.type(:user).new(user_hash)
109
+ user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
110
+ expect(res.user_check(user)).to be_falsey
111
+ end
112
+
113
+ it "should not purge Windows system users" do
114
+ res = Puppet::Type.type(:resources).new :name => :user, :purge => true
115
+ res.catalog = Puppet::Resource::Catalog.new
116
+ user_hash = {:name => 'other', :uid => 'S-1-5-21-12345-1001'}
117
+ user = Puppet::Type.type(:user).new(user_hash)
118
+ user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
119
+ expect(res.user_check(user)).to be_truthy
120
+ end
103
121
  end
104
122
 
105
123
  %w(FreeBSD OpenBSD).each do |os|
@@ -228,8 +228,8 @@ describe Puppet::Util::Storage do
228
228
 
229
229
  it "expires entries with a :checked older than statettl seconds ago" do
230
230
  Puppet[:statettl] = '1d'
231
- recent_checked = Time.now
232
- stale_checked = Time.now - (Puppet[:statettl] + 1)
231
+ recent_checked = Time.now.round
232
+ stale_checked = recent_checked - (Puppet[:statettl] + 10)
233
233
  Puppet::Util::Storage.cache(:yayness)[:checked] = recent_checked
234
234
  Puppet::Util::Storage.cache(:stale)[:checked] = stale_checked
235
235
  expect(Puppet::Util::Storage.state).to eq(
@@ -262,8 +262,8 @@ describe Puppet::Util::Storage do
262
262
 
263
263
  it "does not expire entries when statettl is 0" do
264
264
  Puppet[:statettl] = '0'
265
- recent_checked = Time.now
266
- older_checked = Time.now - 10_000_000
265
+ recent_checked = Time.now.round
266
+ older_checked = recent_checked - 10_000_000
267
267
  Puppet::Util::Storage.cache(:yayness)[:checked] = recent_checked
268
268
  Puppet::Util::Storage.cache(:older)[:checked] = older_checked
269
269
  expect(Puppet::Util::Storage.state).to eq(
@@ -4,6 +4,12 @@ require 'spec_helper'
4
4
  describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_windows? do
5
5
  require 'puppet/util/windows'
6
6
 
7
+ before(:each) do
8
+ Puppet::Util::Windows::Error.stubs(:format_error_code)
9
+ .with(anything)
10
+ .returns("fake error!")
11
+ end
12
+
7
13
  # The following should emulate a successful call to the private function
8
14
  # query_status that returns the value of query_return. This should give
9
15
  # us a way to mock changes in service status.
@@ -47,7 +53,7 @@ describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_wind
47
53
  subject::SERVICE_STATUS_PROCESS.stubs(:new)
48
54
  subject::QUERY_SERVICE_CONFIGW.stubs(:new)
49
55
  subject::SERVICE_STATUS.stubs(:new).returns({:dwCurrentState => subject::SERVICE_RUNNING})
50
- Puppet::Util::Windows::Error.stubs(:new).raises(Puppet::Error.new('fake error'))
56
+ FFI.stubs(:errno).returns(0)
51
57
  FFI::MemoryPointer.stubs(:new).yields(pointer)
52
58
  pointer.stubs(:read_dword)
53
59
  pointer.stubs(:write_dword)
@@ -55,6 +61,35 @@ describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_wind
55
61
  subject.stubs(:sleep)
56
62
  end
57
63
 
64
+ describe "#exists?" do
65
+ context "when the service control manager cannot be opened" do
66
+ let(:scm) { FFI::Pointer::NULL_HANDLE }
67
+ it "raises a puppet error" do
68
+ expect{ subject.exists?(mock_service_name) }.to raise_error(Puppet::Error)
69
+ end
70
+ end
71
+
72
+ context "when the service cannot be opened" do
73
+ let(:service) { FFI::Pointer::NULL_HANDLE }
74
+
75
+ it "returns false if it fails to open because the service does not exist" do
76
+ FFI.stubs(:errno).returns(Puppet::Util::Windows::Service::ERROR_SERVICE_DOES_NOT_EXIST)
77
+
78
+ expect(subject.exists?(mock_service_name)).to be false
79
+ end
80
+
81
+ it "raises a puppet error if it fails to open for some other reason" do
82
+ expect{ subject.exists?(mock_service_name) }.to raise_error(Puppet::Error)
83
+ end
84
+ end
85
+
86
+ context "when the service can be opened" do
87
+ it "returns true" do
88
+ expect(subject.exists?(mock_service_name)).to be true
89
+ end
90
+ end
91
+ end
92
+
58
93
  describe "#start" do
59
94
 
60
95
  context "when the service control manager cannot be opened" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.1
4
+ version: 6.0.2
5
5
  platform: universal-darwin
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-01 00:00:00.000000000 Z
11
+ date: 2018-10-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter