| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previous commit blacklisted a small set of settings from having
$environment interpolated. After some discussion, we decided to broaden
this to a whitelist, and the only setting we can currently think of
needing $environment interpolation when using directory environments is
config_version.
We also decided to not halt startup for default_manifest with
$environment in it, as these errors are difficult to read with the
current error reporting from a rack master. So the validation for
default_manifest is removed.
|
|
After discussion with Nick Fagerlund and Henrik Lindberg, changing
restrict_environment_manifest setting to
disable_per_environment_manifest to more clearly reflect what the
setting does.
|
|
Added tests for checking that default_manifest behaves properly when
given $environment. Also when restrict_environment_manifest is true with
a non-relative default_manifest.
This commit also fixed the hook on the :default_manifest setting to
validate that $environment was not present when setting the value.
|
|
This reverts commit cf4501c7a97c106994c2ef81756c2081f56feeef, reversing
changes made to fcf482aa85708fe20f38cd96d6d92fc58ee78cf6.
|
|
- Previously, Puppet would ignore the configuration in defaults.rb for
setting a group / owner on a given file or directory -- even when
the Windows machine was running with administrative permissions
- Since Windows now has the capability of properly setting a group
and owner, allow Windows to manage these permissions when
appropriate
- The existing Puppet::Settings::FileSettings::Service class
depends on looking up the appropriate default service accounts
for use in a number of locations. To fall in line with this usage
pattern, "Administrators" is set as the default owner and
the "Service" group S-1-5-6 is set as the default group. This
special OS managed group includes all accounts with the logon
as a service token privilege.
|
|
zaphod42/issue/master/20967-mysterious-errors-caused-by-patch"
This reverts commit 1b27ae45c6866f9931ed6042a1c4db0a4c6aabd8, reversing
changes made to cb4881f8737ce1138057b2ec69e01a68ea7e2b65.
Joshua Partlow: Wait, @finch, I think you just reverted something
@AndrewParker and I are working on
Whoops.
|
|
zaphod42/issue/master/incorrect-management-of-rundir"
This reverts commit a6e746d1a5df96f59ea0fdbe13345a5fcdacc7ff, reversing
changes made to 4cce551e419c57fb1306fa4b98a429f83aa2527a.
This appears to be causing inexplicable failures in some testing
machines. The errors manifest with the master being unable to write to
certain directories:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: cannot generate tempfile `/var/lib/puppet/yaml/node/solaris-11-32-2.delivery.puppetlabs.net.yaml20130606-4478-it4k80-9'
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://solaris-11-32-2/plugins
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: cannot generate tempfile `/var/lib/puppet/yaml/facts/solaris-11-32-2.delivery.puppetlabs.net.yaml20130606-4478-19pqoux-9'
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
|
|
When the change from 01777 to 0755 for rundir is applied, the puppet
master can get itself into a situation where it cannot properly write to
its rundir. This occurs when it creats the rundir as root and then later
tries to write the pidfile as the system (usually puppet) user. This is
solved by also making puppet try to manage the ownership of the rundir,
which also makes it consistent with what packages were creating and the
other directories that it tries to manage for the master.
|
|
The previous behavior for managing the group of a file meant that if the
group didn't exist puppet errored when trying to set permissions. This
changes the behavior to check for the existance of the group and in the
case of the group not existing (and we don't expect it to be created
because `:mkusers` is false) then the group is not managed.
There were several alternatives that were possible:
* use the primary group of the "root" user
* use the primary group of the `:owner` for the file
Neither of these were compellingly better alternatives, since this
should only be happening when puppet hasn't been fully configured on the
system.
|
|
The hook on the storedconfigs setting would try and setup the terminuses
so that they were properly wired up to the store configs. One part of
this was to set the `cache_terminus` for the `Puppet::Node` to
`:store_configs`. However, up until commit
5a79d9abd96e73ff166527cdee69a30da8ab0f87 this was overridden by the
master application to be `:yaml`. That commit removed this so that an
ENC was able to be authoritative, but once it was removed the store
configs cache terminus was left on and interferred with the ENC.
This commit removes the cache for the `Puppet::Node` since there is no
need for it and all it does is interfere with fetching node data. The
`Puppet::Node::Facts` store configs code will actually create the entry
in the `host` table that is needed.
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
Without this patch it is very confusing what the intended purpose of the
agent_pidfile setting is. This confusion may lead to people thinking
this file is intended to be used my monitoring systems or service
management frameworks to determine the PID of a running puppet agent
process. This thinking is incorrect, the `pidfile` setting is intended
for this purpose.
The `agent_pidfile` setting is intended to provide mutual exclusion of
configuration catalog runs. This patch reduces confusion by more
closely matching the name and description to the intent.
In addition, the prose in the descriptions and comments have been
augmented to make it clear "running agent" refers to an agent performing
a configuration catalog run and not simply the running agent process.
|
|
* 2.7.x:
(#2888) Fix race condition with puppetdlockfile
(#2888) Add settings catalog info to README_DEVELOPER
Conflicts:
lib/puppet/defaults.rb
spec/integration/defaults_spec.rb
|
|
Without this patch applied there is a race condition where by two or
more concurrent puppet agent processes will eventually result in a
deadlock state where all processes consider catalog runs to be
administratively disabled.
This is a problem because the configuration catalog stops being applied
periodically. The system will not recover unless there is manual
intervention by the end user.
The problem is caused by the settings catalog. The settings catalog
will contain a file resource for the puppetdlockfile if the file exists.
When two processes are running, the file will exist when it is created
by the other process. When the file resource is in the settings
catalog, it will be created as a zero length file, or truncated to a
zero length file if it already exists.
Here is the state transition for two puppet agent --test processes, A
and B.
A:
lock()
File.exist? => false
File.open()
catalog.run
...
B:
Puppet::Util::Settings#to_catalog
File.exist? => true
catalog.add_resource(Puppet::Type::File)
...
resource synchronizes
Puppet::Type::File#write(:content)
A:
unlock()
unlink()
B:
settings catalog apply
File.open("puppetdlock", "wb") { ... } # Truncates the file!
A:
locked? => true
mine? => false
B:
locked? => true
mine? => false
A and B are deadlocked.
This patch fixes the problem by marking the puppetdlockfile settings as
a `:type => :setting`. This change prevents the settings catalog from
containing a file resource for the puppetdlockfile setting.
Paired-with: Josh Cooper <josh@puppetlabs.com>
|
|
This was only used to choose between WEBrick and Mongrel for the built-in
server. Since we've removed Mongrel it is now useless.
Paired with: Andy Parker <andy@puppetlabs.com>
|
|
This was the only meaningful test in that file, and helps ensure that the
Puppet version number is sane.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
Conflicts:
spec/integration/defaults_spec.rb
spec/unit/puppet_spec.rb
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Conflicts:
Rakefile
ext/redhat/puppet.spec.erb
lib/puppet/defaults.rb
spec/integration/defaults_spec.rb
tasks/rake/apple.rake
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Previously, we were adding `/usr/sbin` and `/sbin` to Puppet's shell
search path on all platforms, including Windows.
This commit changes the behavior on Windows so that those paths are not
added. It also doesn't add Windows equivalents, because the environment
it inherits from its parent process already contains a suitable search
path.
This commit also sets File::PATH_SEPARATOR appropriately when using the
windows or posix shared context.
|
|
The terminus setting type makes it possible to set a terminus to nil by
providing an empty string in the configuration. It also converts the terminus
name to a symbol automatically.
This required making all terminus settings consistently use symbols.
Paired with: Andy Parker <andy@puppetlabs.com>
|
|
Remove `reportserver` setting as it has been deprecated.
`report_server` should be used instead.
|
|
Remove support for setting cacrl to false. Puppet will now just
ignore the CRL.
|
|
* 2.7.x:
Add Puppet::Parser::Functions::clear for specs
Clear Environment.current when calling Environment.clear
Check that function loading worked correctly.
Avoid stubbing Thread::new due to issues in newer mocha
Rename specs to end in _spec.rb
Don't require mocha in spec_helper
Fix stubbing on nil in some specs
(#14515) Tests fail with mocha 0.11.4
Conflicts:
spec/unit/network/http/webrick_spec.rb
spec/unit/parser/functions/require_spec.rb
spec/unit/parser/functions/template_spec.rb
|
|
This makes Puppet::Node::Environment::clear properly clear all the environment
state. This reduces dependencies between tests due to leaked state. It also
moves the call to clear to happen before each test. This avoids issues where
tests set up stubs on settings, as the after block is called before stubs are
removed.
|
|
In rspec 2.11, expectations on a block must take the form of expect...to or
lambda...should. Other combinations of those are no longer accepted. This
commit converts all mixed cases to use expect...to, as it seems to be the
preferred syntax now.
|
|
* 2.7.x:
Use rspec 2.11 compatible block syntax
Conflicts:
spec/integration/faces/ca_spec.rb
spec/integration/network/server/mongrel_spec.rb
spec/unit/application_spec.rb
spec/unit/face/help_spec.rb
spec/unit/network/handler/fileserver_spec.rb
spec/unit/parser/functions/create_resources_spec.rb
spec/unit/provider/nameservice/directoryservice_spec.rb
spec/unit/type/file_spec.rb
spec/unit/type_spec.rb
|
|
In rspec 2.11, expectations on a block must take the form of expect...to or
lambda...should. Other combinations of those are no longer accepted. This
commit converts all mixed cases to use expect...to, as it seems to be the
preferred syntax now.
|
|
Without this patch some spec files are using `ruby -S rspec` and others
are using `rspec`.
We should standardize on a single form of the interpreter used for spec
files.
`ruby -S rspec` is the best choice because it correctly informs editors
such as Vim with Syntastic that the file is a Ruby file rather than an
Rspec file.
|
|
|
|
This patch makes Hiera the default data binding terminus. Users have the
option of "turning it off" by setting `data_binding_terminus` in
puppet.conf to "none":
# puppet.conf
[main]
data_binding_terminus = "none"
This patch includes updated specs.
|
|
kelseyhightower/ticket/master/8235_plugin_system_for_tools_like_hiera
(#8235) Add plug-in system for tools like Hiera
|
|
This path type will expand all paths in a string separated by
File::PATH_SEPARATOR, but does not add the paths to the settings catalog. This
helps the most on Windows, where it means that paths given to settings will
consistently use File::SEPARATOR, no matter how they were entered by the user.
|
|
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
A new data_binding indirection is being added for interfacing with
tools like Hiera; and provides an "in-dsl" solution for data separation.
Data exposed by tools like Hiera will be made available during parse
time.
For example, if we had the follow class definition:
class nginx($port=80) { ... }
And it was declared without specifying the `port` attribute:
class {'nginx': }
The above would result in a data lookup to the data_binding backend for
the following namespaced key:
nginx::port
Namespaced keys are being used to prevent the pollution of the global
namespace. The convention for namespaced keys is a combination of the
class name and the class parameter being resolved.
Example:
class ssh::server($port) { ... } # Lookup ssh::server::port
The data_binding backend would need to provide a value for the
namespaced key or return nil. When a nil value is returned by the
data_binding backend the class parameter default, if available, will be
used instead.
It should be noted that class parameters are looked up one at a time
with no assumptions in regards to the performance of data lookups. It's
the responsibility of the data_binding backend to handle any performance
requirements including caching.
This patch also adds two new terminii: hiera and none. The "none"
terminus implements a find method that always returns nil; it's being
set as the default data_binding terminus to allow end-users the ability
to opt-in and maintain backwards compatibility with older versions of
Puppet.
The "hiera" terminus implements a find method that delegates class
parameter lookups to Hiera using the Hiera Ruby API.
Two new configuration settings are being added:
[main]
hiera_config = "$confdir/hiera.yaml"
data_binding_terminus = "none"
Updated specs are included in this patch
|
|
Previously, `Puppet[:color]` was false on Windows, because the Windows
console does not support ANSI escape sequences.
The win32console gem converts ANSI color escape sequences into Win32
console API calls to change the foreground color, etc. If the output
stream has been redirected to a file, then the gem does not translate
the sequences, instead preserving them in the stream, as is done on
Unix.
To disable colorized output specify `color=false` or `--color=false` on
the command line.
This commit adds a `Puppet.features.ansicolor?` feature that defines
whether ANSI color escape sequences are supported. On Windows, this is
only true if the win32console gem can be loaded. On other platforms, the
value is always true.
The win32console gem will be packaged into the Windows installer, and
so, `Puppet[:color]` now defaults to true. If the gem can't be loaded,
then puppet will revert to its previous behavior.
|
|
The only meaningful test was that the Puppet version number was sane.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Major changes include:
* support multiple config files (/etc/puppet, ~/.puppet). we no longer
use "run_mode" to determine the location of the config file.
* remove all references to application run_mode/state from defaults
* make the typing of settings a little more strict
* create a new setting type for directories, to make us a little less vulnerable to the terrible matching algorithm in FileSetting
|
|
|
|
There are still deprecated stubs for execpipe, execfail, and execute in Puppet::Util for backwards compatibility. rspecs are all passing, but would still like to go through and check for deprecation warnings that were triggered by this changeset (and fix them, obviously).
get spec tests running against Puppet::Util -> Util::Execution refactor
|
|
Conflicts:
spec/unit/daemon_spec.rb
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Previously, anyone running `puppet apply` or `puppet agent` with
either the `--test`, `--noop`, or `--show_diffs` option, would see a
`CreateProcess` exception while trying to execute the `diff`
command. This was made worse by the recent change that causes puppet
to diff its last run summary file.
On Windows, diff is not present, by default. There is fc.exe (file
compare), but it is rather brain-dead, especially if you diff a binary
file.
This commit makes `Puppet::Util::Diff.diff` return '' by default on
Windows. However, if a diff command has been specified in puppet.conf,
then puppet will use it, as before.
|
|
Fact syncing is now done through pluginsync. The separate factsync option has
been deprecated since 0.25 (ticket #2277).
|
|
The `not_to` method for RSpec came in later than the version available on some
of our older test platforms. This uses a less well worded, but more
compatible, test to keep everything passing on the older machine.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
As part of the update to SSL the behaviour of the `certdnsnames` options
changed sufficiently that it would be terribly confusing to retain it.
Instead, modify the setting to warn that it is ignored, and add a new setting
to set the default subjectAltName value for bootstrapping a master
certificate.
This retains the one really useful part of the feature, without the risk that
someone will accidentally use the old name and receive a nasty surprise.
It should also draw more attention to formerly insecure configurations.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Running puppet agent on Windows with the default set of options fails
because the win32-process gem doesn't really support fork (it
re-executes the parent program, but doesn't preserve the parent
context), and then it fails to setsid as this call is not implemented
by the ruby runtime.
But the bigger issue is that Windows services are the preferred way to
run daemon processes. For this release, we will not be providing the
code to run puppet agent as a service, though we have verified that
puppet will run as a service using a third-party service wrapper,
nssm.
This commit changes the daemonize option to default to false on
Windows, so that the typical 'puppet agent' command does the right
thing. And if the daemonize option is set to true on Windows, it will
report an error.
|
|
Move from the hard-coded ActiveRecord back-end for StoreConfigs to an
indirection model; now, we have a back-end setting for StoreConfigs which
flows through to select the appropriate wrapped terminus when the parent
terminus is used.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Windows consoles do not support ansi escape sequences for colorizing
output. This commit changes the default setting of 'color' to false when
the "microsoft_windows" feature is present.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d7d384ec0b7f28a8f0be20defcc2eebd0550aff0)
|
|
Edit test to accomodate the default URL change made in commit
f6882d6d5779883e931a6f558c06f631098011c5.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
|
Conflicts:
acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
lib/puppet/application/apply.rb
lib/puppet/configurer.rb
lib/puppet/configurer/fact_handler.rb
spec/unit/application/apply_spec.rb
spec/unit/configurer/fact_handler_spec.rb
spec/unit/configurer_spec.rb
|
|
This adds the node_name_fact setting, which specifies a fact to use to
determine the node name. This allows dynamically determining the node name
without having to modify puppet.conf or command line options.
Using this setting requires modifying auth.conf to allow nodes to request
catalogs not matching their certnames.
For example, this would allow any authenticated node to retrieve any catalog:
# $confdir/auth.conf
path ~ /catalog/.+
allow *
The node_name_fact and node_name_value options are mutually exclusive, because
it is ambiguous which setting should take precedence.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
|
The setting node_name_value may now be used for 'puppet apply' or 'puppet
agent' to specify the name for the node. This will not affect the certificate
used by the node, and the node will still be authenticated based on its
certname. The default value for node_name_value is the certname.
This is useful for eg. EC2 nodes whose random hostnames cannot be easily used
to classify them.
Paired-With: Jacob Helwig
|
