module Puppet
Defines the `Puppet` module. There are different entry points into Puppet depending on your use case.
To use puppet as a library, see {Puppet::Pal}.
To create a new application, see {Puppet::Application}.
To create a new function, see {Puppet::Functions}.
To access puppet's REST APIs, see puppet.com/docs/puppet/latest/http_api/http_api_index.html.
@api public
@api private Default Facter implementation that delegates to Facter API
The JsonCatalogEncoder is a wrapper around a catalog produced by the Pal::CatalogCompiler.with_json_encoding method. It allows encoding the entire catalog or an individual resource as Rich Data Json.
@api public
Generated by Puppet::Pops::Types::RubyGenerator from TypeSet Puppet::AST on -4712-01-01
see the bottom of the file for the rest of the inclusions
Manage file modes. This state should support different formats for specification (e.g., u+rwx, or -0011), but for now only supports specifying the full mode.
Manage SELinux context of files.
This code actually manages three pieces of data in the context.
[root@delenn files]# ls -dZ / drwxr-xr-x root root system_u:object_r:root_t /
The context of '/' here is 'system_u:object_r:root_t'. This is three separate fields:
system_u is the user context object_r is the role context root_t is the type context
All three of these fields are returned in a single string by the output of the stat command, but set individually with the chcon command. This allows the user to specify a subset of the three values while leaving the others alone.
See www.nsa.gov/selinux/ for complete docs on SELinux.
Simple module for logging messages on the client-side
This is our main way of managing processes right now.
a service is distinct from a process in that services can only be managed through the interface of an init script which is why they have a search path for initscripts and such
A common module for converting between constants and file names.
Puppet::Util::Windows::EventLog needs to be requirable without having loaded any other parts of Puppet so it can be leveraged independently by the code that runs Puppet as a service on Windows.
For this reason we:
-
Define
Puppet::Util::Windows -
Replicate logic that exists elsewhere in puppet/util/windows
-
Raise generic RuntimeError instead of
Puppet::Util::Windows::Errorif its not defined
The version method and constant are isolated in puppet/version.rb so that a simple `require 'puppet/version'` allows a rubygems gemspec or bundler Gemfile to get the Puppet version of the gem install.
The version can be set programmatically because we want to allow the Raketasks and such to set the version based on the output of `git describe`
Constants
- AS_DURATION
NOTE: For information about the available values for the “:type” property of settings,
see the docs for Settings.define_settings
- Face
- Log
Pass feedback to the user.
Loglevels are modeled after syslog's, and it is expected that that will be the most common log destination. Supports multiple destinations, one of which is a remote server.- OLDEST_RECOMMENDED_RUBY_VERSION
- PUPPETVERSION
- ResourceType
- SEPARATOR_REGEX
- ScheduleMethods
- ScheduleScales
Attributes
features[R]
Public Class Methods
[](param)
click to toggle source
Get the value for a setting
@param [Symbol] param the setting to retrieve
@api public
# File lib/puppet.rb 75 def self.[](param) 76 if param == :debug 77 return Puppet::Util::Log.level == :debug 78 else 79 return @@settings[param] 80 end 81 end
[]=(param,value)
click to toggle source
setting access and stuff
# File lib/puppet.rb 93 def self.[]=(param,value) 94 @@settings[param] = value 95 end
base_context(settings)
click to toggle source
The bindings used for initialization of puppet
@param settings [Puppet::Settings,Hash<Symbol,String>] either a Puppet::Settings instance
or a Hash of settings key/value pairs.
@api private
# File lib/puppet.rb 212 def self.base_context(settings) 213 environmentpath = settings[:environmentpath] 214 basemodulepath = Puppet::Node::Environment.split_path(settings[:basemodulepath]) 215 216 if environmentpath.nil? || environmentpath.empty? 217 raise(Puppet::Error, _("The environmentpath setting cannot be empty or nil.")) 218 else 219 loaders = Puppet::Environments::Directories.from_path(environmentpath, basemodulepath) 220 # in case the configured environment (used for the default sometimes) 221 # doesn't exist 222 default_environment = Puppet[:environment].to_sym 223 if default_environment == :production 224 modulepath = settings[:modulepath] 225 modulepath = (modulepath.nil? || '' == modulepath) ? basemodulepath : Puppet::Node::Environment.split_path(modulepath) 226 loaders << Puppet::Environments::StaticPrivate.new( 227 Puppet::Node::Environment.create(default_environment, 228 modulepath, 229 Puppet::Node::Environment::NO_MANIFEST)) 230 end 231 end 232 233 { 234 :environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)), 235 :ssl_context => proc { Puppet.runtime[:http].default_ssl_context }, 236 :http_session => proc { Puppet.runtime[:http].create_session }, 237 :plugins => proc { Puppet::Plugins::Configuration.load_plugins }, 238 :rich_data => false 239 } 240 end
bootstrap_context()
click to toggle source
A simple set of bindings that is just enough to limp along to initialization where the {base_context} bindings are put in place @api private
# File lib/puppet.rb 245 def self.bootstrap_context 246 root_environment = Puppet::Node::Environment.create(:'*root*', [], Puppet::Node::Environment::NO_MANIFEST) 247 { 248 :current_environment => root_environment, 249 :root_environment => root_environment 250 } 251 end
checks()
click to toggle source
# File lib/puppet/type/exec.rb 81 def self.checks 82 @checks.keys 83 end
clear()
click to toggle source
# File lib/puppet.rb 97 def self.clear 98 @@settings.clear 99 end
debug=(value)
click to toggle source
# File lib/puppet.rb 101 def self.debug=(value) 102 if value 103 Puppet::Util::Log.level=(:debug) 104 else 105 Puppet::Util::Log.level=(:notice) 106 end 107 end
default_basemodulepath()
click to toggle source
# File lib/puppet/defaults.rb 52 def self.default_basemodulepath 53 if Puppet::Util::Platform.windows? 54 path = ['$codedir/modules'] 55 installdir = ENV["FACTER_env_windows_installdir"] 56 if installdir 57 path << "#{installdir}/puppet/modules" 58 end 59 path.join(File::PATH_SEPARATOR) 60 else 61 '$codedir/modules:/opt/puppetlabs/puppet/modules' 62 end 63 end
default_cadir()
click to toggle source
# File lib/puppet/defaults.rb 36 def self.default_cadir 37 return "" if Puppet::Util::Platform.windows? 38 old_ca_dir = "#{Puppet[:ssldir]}/ca" 39 new_ca_dir = "/etc/puppetlabs/puppetserver/ca" 40 41 if File.exist?(old_ca_dir) 42 if File.symlink?(old_ca_dir) 43 File.readlink(old_ca_dir) 44 else 45 old_ca_dir 46 end 47 else 48 new_ca_dir 49 end 50 end
default_diffargs()
click to toggle source
# File lib/puppet/defaults.rb 6 def self.default_diffargs 7 if (Puppet.runtime[:facter].value(:kernel) == "AIX" && Puppet.runtime[:facter].value(:kernelmajversion) == "5300") 8 "" 9 else 10 "-u" 11 end 12 end
default_digest_algorithm()
click to toggle source
# File lib/puppet/defaults.rb 14 def self.default_digest_algorithm 15 'sha256' 16 end
default_file_checksum_types()
click to toggle source
# File lib/puppet/defaults.rb 24 def self.default_file_checksum_types 25 Puppet::Util::Platform.fips_enabled? ? 26 %w[sha256 sha384 sha512 sha224] : 27 %w[sha256 sha384 sha512 sha224 md5] 28 end
default_vendormoduledir()
click to toggle source
# File lib/puppet/defaults.rb 65 def self.default_vendormoduledir 66 if Puppet::Util::Platform.windows? 67 installdir = ENV["FACTER_env_windows_installdir"] 68 if installdir 69 "#{installdir}\\puppet\\vendor_modules" 70 else 71 nil 72 end 73 else 74 '/opt/puppetlabs/puppet/vendor_modules' 75 end 76 end
ignore(name)
click to toggle source
@param name The name of a context key to ignore; intended for test usage. @api private
# File lib/puppet.rb 291 def self.ignore(name) 292 @context.ignore(name) 293 end
initialize_default_settings!(settings)
click to toggle source
@api public @param args [Puppet::Settings] the settings object to define default settings for @return void
# File lib/puppet/defaults.rb 88 def self.initialize_default_settings!(settings) 89 settings.define_settings(:main, 90 :confdir => { 91 :default => nil, 92 :type => :directory, 93 :desc => "The main Puppet configuration directory. The default for this setting 94 is calculated based on the user. If the process is running as root or 95 the user that Puppet is supposed to run as, it defaults to a system 96 directory, but if it's running as any other user, it defaults to being 97 in the user's home directory.", 98 }, 99 :codedir => { 100 :default => nil, 101 :type => :directory, 102 :desc => "The main Puppet code directory. The default for this setting 103 is calculated based on the user. If the process is running as root or 104 the user that Puppet is supposed to run as, it defaults to a system 105 directory, but if it's running as any other user, it defaults to being 106 in the user's home directory.", 107 }, 108 :vardir => { 109 :default => nil, 110 :type => :directory, 111 :owner => "service", 112 :group => "service", 113 :desc => "Where Puppet stores dynamic and growing data. The default for this 114 setting is calculated specially, like `confdir`_.", 115 }, 116 117 ### NOTE: this setting is usually being set to a symbol value. We don't officially have a 118 ### setting type for that yet, but we might want to consider creating one. 119 :name => { 120 :default => nil, 121 :desc => "The name of the application, if we are running as one. The 122 default is essentially $0 without the path or `.rb`.", 123 } 124 ) 125 126 settings.define_settings(:main, 127 :logdir => { 128 :default => nil, 129 :type => :directory, 130 :mode => "0750", 131 :owner => "service", 132 :group => "service", 133 :desc => "The directory in which to store log files", 134 }, 135 :log_level => { 136 :default => 'notice', 137 :type => :enum, 138 :values => ["debug","info","notice","warning","err","alert","emerg","crit"], 139 :desc => "Default logging level for messages from Puppet. Allowed values are: 140 141 * debug 142 * info 143 * notice 144 * warning 145 * err 146 * alert 147 * emerg 148 * crit 149 ", 150 :hook => proc {|value| Puppet::Util::Log.level = value }, 151 :call_hook => :on_initialize_and_write, 152 }, 153 :disable_warnings => { 154 :default => [], 155 :type => :array, 156 :desc => "A comma-separated list of warning types to suppress. If large numbers 157 of warnings are making Puppet's logs too large or difficult to use, you 158 can temporarily silence them with this setting. 159 160 If you are preparing to upgrade Puppet to a new major version, you 161 should re-enable all warnings for a while. 162 163 Valid values for this setting are: 164 165 * `deprecations` --- disables deprecation warnings. 166 * `undefined_variables` --- disables warnings about non existing variables. 167 * `undefined_resources` --- disables warnings about non existing resources.", 168 :hook => proc do |value| 169 values = munge(value) 170 valid = %w[deprecations undefined_variables undefined_resources] 171 invalid = values - (values & valid) 172 if not invalid.empty? 173 raise ArgumentError, _("Cannot disable unrecognized warning types '%{invalid}'.") % { invalid: invalid.join(',') } + 174 ' ' + _("Valid values are '%{values}'.") % { values: valid.join(', ') } 175 end 176 end 177 }, 178 :merge_dependency_warnings => { 179 :default => false, 180 :type => :boolean, 181 :desc => "Whether to merge class-level dependency failure warnings. 182 183 When a class has a failed dependency, every resource in the class 184 generates a notice level message about the dependency failure, 185 and a warning level message about skipping the resource. 186 187 If true, all messages caused by a class dependency failure are merged 188 into one message associated with the class. 189 ", 190 }, 191 :strict => { 192 :default => :error, 193 :type => :symbolic_enum, 194 :values => [:off, :warning, :error], 195 :desc => "The strictness level of puppet. Allowed values are: 196 197 * off - do not perform extra validation, do not report 198 * warning - perform extra validation, report as warning 199 * error - perform extra validation, fail with error (default) 200 201 The strictness level is for both language semantics and runtime 202 evaluation validation. In addition to controlling the behavior with 203 this primary server switch some individual warnings may also be controlled 204 by the disable_warnings setting. 205 206 No new validations will be added to a micro (x.y.z) release, 207 but may be added in minor releases (x.y.0). In major releases 208 it expected that most (if not all) strictness validation become 209 standard behavior.", 210 :hook => proc do |value| 211 munge(value) 212 value.to_sym 213 end 214 }, 215 :disable_i18n => { 216 :default => true, 217 :type => :boolean, 218 :desc => "If true, turns off all translations of Puppet and module 219 log messages, which affects error, warning, and info log messages, 220 as well as any translations in the report and CLI.", 221 :hook => proc do |value| 222 if value 223 require_relative '../puppet/gettext/stubs' 224 Puppet::GettextConfig.disable_gettext 225 end 226 end 227 } 228 ) 229 230 settings.define_settings(:main, 231 :priority => { 232 :default => nil, 233 :type => :priority, 234 :desc => "The scheduling priority of the process. Valid values are 'high', 235 'normal', 'low', or 'idle', which are mapped to platform-specific 236 values. The priority can also be specified as an integer value and 237 will be passed as is, e.g. -5. Puppet must be running as a privileged 238 user in order to increase scheduling priority.", 239 }, 240 :trace => { 241 :default => false, 242 :type => :boolean, 243 :desc => "Whether to print stack traces on some errors. Will print 244 internal Ruby stack trace interleaved with Puppet function frames.", 245 :hook => proc do |value| 246 # Enable or disable Facter's trace option too 247 Puppet.runtime[:facter].trace(value) 248 end 249 }, 250 :puppet_trace => { 251 :default => false, 252 :type => :boolean, 253 :desc => "Whether to print the Puppet stack trace on some errors. 254 This is a noop if `trace` is also set.", 255 }, 256 :profile => { 257 :default => false, 258 :type => :boolean, 259 :desc => "Whether to enable experimental performance profiling", 260 }, 261 :versioned_environment_dirs => { 262 :default => false, 263 :type => :boolean, 264 :desc => "Whether or not to look for versioned environment directories, 265 symlinked from `$environmentpath/<environment>`. This is an experimental 266 feature and should be used with caution." 267 }, 268 :static_catalogs => { 269 :default => true, 270 :type => :boolean, 271 :desc => "Whether to compile a [static catalog](https://puppet.com/docs/puppet/latest/static_catalogs.html#enabling-or-disabling-static-catalogs), 272 which occurs only on Puppet Server when the `code-id-command` and 273 `code-content-command` settings are configured in its `puppetserver.conf` file.", 274 }, 275 :settings_catalog => { 276 :default => true, 277 :type => :boolean, 278 :desc => "Whether to compile and apply the settings catalog", 279 }, 280 :strict_environment_mode => { 281 :default => false, 282 :type => :boolean, 283 :desc => "Whether the agent specified environment should be considered authoritative, 284 causing the run to fail if the retrieved catalog does not match it.", 285 }, 286 :autoflush => { 287 :default => true, 288 :type => :boolean, 289 :desc => "Whether log files should always flush to disk.", 290 :hook => proc { |value| Log.autoflush = value } 291 }, 292 :syslogfacility => { 293 :default => "daemon", 294 :desc => "What syslog facility to use when logging to syslog. 295 Syslog has a fixed list of valid facilities, and you must 296 choose one of those; you cannot just make one up." 297 }, 298 :statedir => { 299 :default => "$vardir/state", 300 :type => :directory, 301 :mode => "01755", 302 :desc => "The directory where Puppet state is stored. Generally, 303 this directory can be removed without causing harm (although it 304 might result in spurious service restarts)." 305 }, 306 :rundir => { 307 :default => nil, 308 :type => :directory, 309 :mode => "0755", 310 :owner => "service", 311 :group => "service", 312 :desc => "Where Puppet PID files are kept." 313 }, 314 :genconfig => { 315 :default => false, 316 :type => :boolean, 317 :desc => "When true, causes Puppet applications to print an example config file 318 to stdout and exit. The example will include descriptions of each 319 setting, and the current (or default) value of each setting, 320 incorporating any settings overridden on the CLI (with the exception 321 of `genconfig` itself). This setting only makes sense when specified 322 on the command line as `--genconfig`.", 323 }, 324 :genmanifest => { 325 :default => false, 326 :type => :boolean, 327 :desc => "Whether to just print a manifest to stdout and exit. Only makes 328 sense when specified on the command line as `--genmanifest`. Takes into account arguments specified 329 on the CLI.", 330 }, 331 :configprint => { 332 :default => "", 333 :deprecated => :completely, 334 :desc => "Prints the value of a specific configuration setting. If the name of a 335 setting is provided for this, then the value is printed and puppet 336 exits. Comma-separate multiple values. For a list of all values, 337 specify 'all'. This setting is deprecated, the 'puppet config' command replaces this functionality.", 338 }, 339 :color => { 340 :default => "ansi", 341 :type => :string, 342 :desc => "Whether to use colors when logging to the console. Valid values are 343 `ansi` (equivalent to `true`), `html`, and `false`, which produces no color." 344 }, 345 :mkusers => { 346 :default => false, 347 :type => :boolean, 348 :desc => "Whether to create the necessary user and group that puppet agent will run as.", 349 }, 350 :manage_internal_file_permissions => { 351 :default => ! Puppet::Util::Platform.windows?, 352 :type => :boolean, 353 :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally. 354 **Note**: For Windows agents, the default is `false` for versions 4.10.13 and greater, versions 5.5.6 and greater, and versions 6.0 and greater.", 355 }, 356 :onetime => { 357 :default => false, 358 :type => :boolean, 359 :desc => "Perform one configuration run and exit, rather than spawning a long-running 360 daemon. This is useful for interactively running puppet agent, or 361 running puppet agent from cron.", 362 :short => 'o', 363 }, 364 :path => { 365 :default => "none", 366 :desc => "The shell search path. Defaults to whatever is inherited 367 from the parent process. 368 369 This setting can only be set in the `[main]` section of puppet.conf; it cannot 370 be set in `[server]`, `[agent]`, or an environment config section.", 371 :call_hook => :on_define_and_write, 372 :hook => proc do |value| 373 ENV['PATH'] = '' if ENV['PATH'].nil? 374 ENV['PATH'] = value unless value == 'none' 375 paths = ENV['PATH'].split(File::PATH_SEPARATOR) 376 Puppet::Util::Platform.default_paths.each do |path| 377 next if paths.include?(path) 378 ENV['PATH'] = ENV['PATH'] + File::PATH_SEPARATOR + path 379 end 380 value 381 end 382 }, 383 :libdir => { 384 :type => :directory, 385 :default => "$vardir/lib", 386 :desc => "An extra search path for Puppet. This is only useful 387 for those files that Puppet will load on demand, and is only 388 guaranteed to work for those cases. In fact, the autoload 389 mechanism is responsible for making sure this directory 390 is in Ruby's search path\n" 391 }, 392 :environment => { 393 :default => "production", 394 :desc => "The environment in which Puppet is running. For clients, 395 such as `puppet agent`, this determines the environment itself, which 396 Puppet uses to find modules and much more. For servers, such as `puppet server`, 397 this provides the default environment for nodes that Puppet knows nothing about. 398 399 When defining an environment in the `[agent]` section, this refers to the 400 environment that the agent requests from the primary server. The environment doesn't 401 have to exist on the local filesystem because the agent fetches it from the 402 primary server. This definition is used when running `puppet agent`. 403 404 When defined in the `[user]` section, the environment refers to the path that 405 Puppet uses to search for code and modules related to its execution. This 406 requires the environment to exist locally on the filesystem where puppet is 407 being executed. Puppet subcommands, including `puppet module` and 408 `puppet apply`, use this definition. 409 410 Given that the context and effects vary depending on the 411 [config section](https://puppet.com/docs/puppet/latest/config_file_main.html#config-sections) 412 in which the `environment` setting is defined, do not set it globally.", 413 :short => "E" 414 }, 415 :environmentpath => { 416 :default => "$codedir/environments", 417 :desc => "A search path for directory environments, as a list of directories 418 separated by the system path separator character. (The POSIX path separator 419 is ':', and the Windows path separator is ';'.) 420 421 This setting must have a value set to enable **directory environments.** The 422 recommended value is `$codedir/environments`. For more details, see 423 <https://puppet.com/docs/puppet/latest/environments_about.html>", 424 :type => :path, 425 }, 426 :report_configured_environmentpath => { 427 :type => :boolean, 428 :default => true, 429 :desc => <<-'EOT' 430 When versioned_environment_dirs is `true` Puppet will readlink the environmentpath 431 when constructing the environment's modulepath. The full readlinked path is referred 432 to as the "resolved path" and the configured path potentially containing symlinks is 433 the "configured path". When reporting where resources come from users may choose 434 between the configured or resolved path. 435 436 When set to false, the resolved paths are reported instead of the configured paths. 437 EOT 438 }, 439 :use_last_environment => { 440 :type => :boolean, 441 :default => true, 442 :desc => <<-'EOT' 443 Puppet saves both the initial and converged environment in the last_run_summary file. 444 If they differ, and this setting is set to true, we will use the last converged 445 environment and skip the node request. 446 447 When set to false, we will do the node request and ignore the environment data from the last_run_summary file. 448 EOT 449 }, 450 :always_retry_plugins => { 451 :type => :boolean, 452 :default => true, 453 :desc => <<-'EOT' 454 Affects how we cache attempts to load Puppet resource types and features. If 455 true, then calls to `Puppet.type.<type>?` `Puppet.feature.<feature>?` 456 will always attempt to load the type or feature (which can be an 457 expensive operation) unless it has already been loaded successfully. 458 This makes it possible for a single agent run to, e.g., install a 459 package that provides the underlying capabilities for a type or feature, 460 and then later load that type or feature during the same run (even if 461 the type or feature had been tested earlier and had not been available). 462 463 If this setting is set to false, then types and features will only be 464 checked once, and if they are not available, the negative result is 465 cached and returned for all subsequent attempts to load the type or 466 feature. This behavior is almost always appropriate for the server, 467 and can result in a significant performance improvement for types and 468 features that are checked frequently. 469 EOT 470 }, 471 :diff_args => { 472 :default => lambda { default_diffargs }, 473 :desc => "Which arguments to pass to the diff command when printing differences between 474 files. The command to use can be chosen with the `diff` setting.", 475 }, 476 :diff => { 477 :default => (Puppet::Util::Platform.windows? ? "" : "diff"), 478 :desc => "Which diff command to use when printing differences between files. This setting 479 has no default value on Windows, as standard `diff` is not available, but Puppet can use many 480 third-party diff tools.", 481 }, 482 :show_diff => { 483 :type => :boolean, 484 :default => false, 485 :desc => "Whether to log and report a contextual diff when files are being replaced. 486 This causes partial file contents to pass through Puppet's normal 487 logging and reporting system, so this setting should be used with 488 caution if you are sending Puppet's reports to an insecure 489 destination. This feature currently requires the `diff/lcs` Ruby 490 library.", 491 }, 492 :daemonize => { 493 :type => :boolean, 494 :default => (Puppet::Util::Platform.windows? ? false : true), 495 :desc => "Whether to send the process into the background. This defaults 496 to true on POSIX systems, and to false on Windows (where Puppet 497 currently cannot daemonize).", 498 :short => "D", 499 :hook => proc do |value| 500 if value and Puppet::Util::Platform.windows? 501 raise "Cannot daemonize on Windows" 502 end 503 end 504 }, 505 :maximum_uid => { 506 :default => 4294967290, 507 :type => :integer, 508 :desc => "The maximum allowed UID. Some platforms use negative UIDs 509 but then ship with tools that do not know how to handle signed ints, 510 so the UIDs show up as huge numbers that can then not be fed back into 511 the system. This is a hackish way to fail in a slightly more useful 512 way when that happens.", 513 }, 514 :route_file => { 515 :default => "$confdir/routes.yaml", 516 :desc => "The YAML file containing indirector route configuration.", 517 }, 518 :node_terminus => { 519 :type => :terminus, 520 :default => "plain", 521 :desc => <<-'EOT', 522 Which node data plugin to use when compiling node catalogs. 523 524 When Puppet compiles a catalog, it combines two primary sources of info: the main manifest, 525 and a node data plugin (often called a "node terminus," for historical reasons). Node data 526 plugins provide three things for a given node name: 527 528 1. A list of classes to add to that node's catalog (and, optionally, values for their 529 parameters). 530 2. Which Puppet environment the node should use. 531 3. A list of additional top-scope variables to set. 532 533 The three main node data plugins are: 534 535 * `plain` --- Returns no data, so that the main manifest controls all node configuration. 536 * `exec` --- Uses an 537 [external node classifier (ENC)](https://puppet.com/docs/puppet/latest/nodes_external.html), 538 configured by the `external_nodes` setting. This lets you pull a list of Puppet classes 539 from any external system, using a small glue script to perform the request and format the 540 result as YAML. 541 * `classifier` (formerly `console`) --- Specific to Puppet Enterprise. Uses the PE console 542 for node data." 543 EOT 544 }, 545 :node_cache_terminus => { 546 :type => :terminus, 547 :default => nil, 548 :desc => "How to store cached nodes. 549 Valid values are (none), 'json', 'msgpack', or 'yaml'.", 550 }, 551 :data_binding_terminus => { 552 :type => :terminus, 553 :default => "hiera", 554 :desc => 555 "This setting has been deprecated. Use of any value other than 'hiera' should instead be configured 556 in a version 5 hiera.yaml. Until this setting is removed, it controls which data binding terminus 557 to use for global automatic data binding (across all environments). By default this value is 'hiera'. 558 A value of 'none' turns off the global binding.", 559 :call_hook => :on_initialize_and_write, 560 :hook => proc do |value| 561 if Puppet[:strict] != :off 562 s_val = value.to_s # because sometimes the value is a symbol 563 unless s_val == 'hiera' || s_val == 'none' || value == '' || value.nil? 564 #TRANSLATORS 'data_binding_terminus' is a setting and should not be translated 565 message = _("Setting 'data_binding_terminus' is deprecated.") 566 #TRANSLATORS 'hiera' should not be translated 567 message += ' ' + _("Convert custom terminus to hiera 5 API.") 568 Puppet.deprecation_warning(message) 569 end 570 end 571 end 572 }, 573 :hiera_config => { 574 :default => lambda do 575 config = nil 576 codedir = settings[:codedir] 577 if codedir.is_a?(String) 578 config = File.expand_path(File.join(codedir, 'hiera.yaml')) 579 config = nil unless Puppet::FileSystem.exist?(config) 580 end 581 config = File.expand_path(File.join(settings[:confdir], 'hiera.yaml')) if config.nil? 582 config 583 end, 584 :desc => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet server every time you edit it.", 585 :type => :file, 586 }, 587 :binder_config => { 588 :default => nil, 589 :desc => "The binder configuration file. Puppet reads this file on each request to configure the bindings system. 590 If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration 591 is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file.", 592 :type => :file, 593 }, 594 :catalog_terminus => { 595 :type => :terminus, 596 :default => "compiler", 597 :desc => "Where to get node catalogs. This is useful to change if, for instance, 598 you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.", 599 }, 600 :catalog_cache_terminus => { 601 :type => :terminus, 602 :default => nil, 603 :desc => "How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'." 604 }, 605 :facts_terminus => { 606 :default => 'facter', 607 :desc => "The node facts terminus.", 608 }, 609 :trusted_external_command => { 610 :default => nil, 611 :type => :file_or_directory, 612 :desc => "The external trusted facts script or directory to use. 613 This setting's value can be set to the path to an executable command that 614 can produce external trusted facts or to a directory containing those 615 executable commands. The command(s) must: 616 617 * Take the name of a node as a command-line argument. 618 * Return a JSON hash with the external trusted facts for this node. 619 * For unknown or invalid nodes, exit with a non-zero exit code. 620 621 If the setting points to an executable command, then the external trusted 622 facts will be stored in the 'external' key of the trusted facts hash. Otherwise 623 for each executable file in the directory, the external trusted facts will be 624 stored in the `<basename>` key of the `trusted['external']` hash. For example, 625 if the files foo.rb and bar.sh are in the directory, then `trusted['external']` 626 will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.", 627 }, 628 :default_file_terminus => { 629 :type => :terminus, 630 :default => "rest", 631 :desc => "The default source for files if no server is given in a 632 uri, e.g. puppet:///file. The default of `rest` causes the file to be 633 retrieved using the `server` setting. When running `apply` the default 634 is `file_server`, causing requests to be filled locally." 635 }, 636 :http_proxy_host => { 637 :default => "none", 638 :desc => "The HTTP proxy host to use for outgoing connections. The proxy will be bypassed if 639 the server's hostname matches the NO_PROXY environment variable or `no_proxy` setting. Note: You 640 may need to use a FQDN for the server hostname when using a proxy. Environment variable 641 http_proxy or HTTP_PROXY will override this value. ", 642 }, 643 :http_proxy_port => { 644 :default => 3128, 645 :type => :port, 646 :desc => "The HTTP proxy port to use for outgoing connections", 647 }, 648 :http_proxy_user => { 649 :default => "none", 650 :desc => "The user name for an authenticated HTTP proxy. Requires the `http_proxy_host` setting.", 651 }, 652 :http_proxy_password =>{ 653 :default => "none", 654 :hook => proc do |value| 655 if value =~ /[@!# \/]/ 656 raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}" 657 end 658 end, 659 :desc => "The password for the user of an authenticated HTTP proxy. 660 Requires the `http_proxy_user` setting. 661 662 Note that passwords must be valid when used as part of a URL. If a password 663 contains any characters with special meanings in URLs (as specified by RFC 3986 664 section 2.2), they must be URL-encoded. (For example, `#` would become `%23`.)", 665 }, 666 :no_proxy => { 667 :default => "localhost, 127.0.0.1", 668 :desc => "List of host or domain names that should not go through `http_proxy_host`. Environment variable no_proxy or NO_PROXY will override this value. Names can be specified as an FQDN `host.example.com`, wildcard `*.example.com`, dotted domain `.example.com`, or suffix `example.com`.", 669 }, 670 :http_keepalive_timeout => { 671 :default => "4s", 672 :type => :duration, 673 :desc => "The maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed. This timeout should be shorter than the keepalive timeout used on the HTTP server, e.g. Apache KeepAliveTimeout directive. 674 #{AS_DURATION}" 675 }, 676 :http_debug => { 677 :default => false, 678 :type => :boolean, 679 :desc => "Whether to write HTTP request and responses to stderr. This should never be used in a production environment." 680 }, 681 :http_connect_timeout => { 682 :default => "2m", 683 :type => :duration, 684 :desc => "The maximum amount of time to wait when establishing an HTTP connection. The default 685 value is 2 minutes. 686 #{AS_DURATION}", 687 }, 688 :http_read_timeout => { 689 :default => "10m", 690 :type => :duration, 691 :desc => "The time to wait for data to be read from an HTTP connection. If nothing is 692 read after the elapsed interval then the connection will be closed. The default value is 10 minutes. 693 #{AS_DURATION}", 694 }, 695 :http_user_agent => { 696 :default => "Puppet/#{Puppet.version} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})", 697 :desc => "The HTTP User-Agent string to send when making network requests." 698 }, 699 :filetimeout => { 700 :default => "15s", 701 :type => :duration, 702 :desc => "The minimum time to wait between checking for updates in 703 configuration files. This timeout determines how quickly Puppet checks whether 704 a file (such as manifests or puppet.conf) has changed on disk. The default will 705 change in a future release to be 'unlimited', requiring a reload of the Puppet 706 service to pick up changes to its internal configuration. Currently we do not 707 accept a value of 'unlimited'. To reparse files within an environment in 708 Puppet Server please use the environment_cache endpoint", 709 :hook => proc do |val| 710 unless [0, 15, '15s'].include?(val) 711 Puppet.deprecation_warning(<<-WARNING) 712 Fine grained control of filetimeouts is deprecated. In future 713 releases this value will only determine if file content is cached. 714 715 Valid values are 0 (never cache) and 15 (15 second minimum wait time). 716 WARNING 717 end 718 end 719 }, 720 :environment_timeout => { 721 :default => "0", 722 :type => :ttl, 723 :desc => "How long the Puppet server should cache data it loads from an 724 environment. 725 726 A value of `0` will disable caching. This setting can also be set to 727 `unlimited`, which will cache environments until the server is restarted 728 or told to refresh the cache. All other values will result in Puppet 729 server evicting environments that haven't been used within the last 730 `environment_timeout` seconds. 731 732 You should change this setting once your Puppet deployment is doing 733 non-trivial work. We chose the default value of `0` because it lets new 734 users update their code without any extra steps, but it lowers the 735 performance of your Puppet server. We recommend either: 736 737 * Setting this to `unlimited` and explicitly refreshing your Puppet server 738 as part of your code deployment process. 739 740 * Setting this to a number that will keep your most actively used 741 environments cached, but allow testing environments to fall out of the 742 cache and reduce memory usage. A value of 3 minutes (3m) is a reasonable 743 value. 744 745 Once you set `environment_timeout` to a non-zero value, you need to tell 746 Puppet server to read new code from disk using the `environment-cache` API 747 endpoint after you deploy new code. See the docs for the Puppet Server 748 [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html). 749 " 750 }, 751 :environment_data_provider => { 752 :desc => "The name of a registered environment data provider used when obtaining environment 753 specific data. The three built in and registered providers are 'none' (no data), 'function' (data 754 obtained by calling the function 'environment::data()') and 'hiera' (data obtained using a data 755 provider configured using a hiera.yaml file in root of the environment). 756 Other environment data providers may be registered in modules on the module path. For such 757 custom data providers see the respective module documentation. This setting is deprecated.", 758 :hook => proc { |value| 759 unless value.nil? || Puppet[:strict] == :off 760 #TRANSLATORS 'environment_data_provider' is a setting and should not be translated 761 Puppet.deprecation_warning(_("Setting 'environment_data_provider' is deprecated.")) 762 end 763 } 764 }, 765 :prerun_command => { 766 :default => "", 767 :desc => "A command to run before every agent run. If this command returns a non-zero 768 return code, the entire Puppet run will fail.", 769 }, 770 :postrun_command => { 771 :default => "", 772 :desc => "A command to run after every agent run. If this command returns a non-zero 773 return code, the entire Puppet run will be considered to have failed, even though it might have 774 performed work during the normal run.", 775 }, 776 :freeze_main => { 777 :default => false, 778 :type => :boolean, 779 :desc => "Freezes the 'main' class, disallowing any code to be added to it. This 780 essentially means that you can't have any code outside of a node, 781 class, or definition other than in the site manifest.", 782 }, 783 :preview_outputdir => { 784 :default => '$vardir/preview', 785 :type => :directory, 786 :mode => "0750", 787 :owner => "service", 788 :group => "service", 789 :desc => "The directory where catalog previews per node are generated." 790 }, 791 :location_trusted => { 792 :default => false, 793 :type => :boolean, 794 :desc => "This will allow sending the name + password and the cookie header to all hosts that puppet may redirect to. 795 This may or may not introduce a security breach if puppet redirects you to a site to which you'll send your authentication info and cookies." 796 } 797 ) 798 799 settings.define_settings(:module_tool, 800 :module_repository => { 801 :default => 'https://forgeapi.puppet.com', 802 :desc => "The module repository", 803 }, 804 :module_working_dir => { 805 :default => (Puppet::Util::Platform.windows? ? Dir.tmpdir() : '$vardir/puppet-module'), 806 :desc => "The directory into which module tool data is stored", 807 }, 808 :forge_authorization => { 809 :default => nil, 810 :desc => "The authorization key to connect to the Puppet Forge. Leave blank for unauthorized or license based connections", 811 }, 812 :module_groups => { 813 :default => nil, 814 :desc => "Extra module groups to request from the Puppet Forge. This is an internal setting, and users should never change it.", 815 } 816 ) 817 818 settings.define_settings( 819 :main, 820 821 # We have to downcase the fqdn, because the current ssl stuff (as opposed to in master) doesn't have good facilities for 822 # manipulating naming. 823 :certname => { 824 :default => lambda { Puppet::Settings.default_certname.downcase }, 825 :desc => "The name to use when handling certificates. When a node 826 requests a certificate from the CA Puppet Server, it uses the value of the 827 `certname` setting as its requested Subject CN. 828 829 This is the name used when managing a node's permissions in 830 Puppet Server's [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html). 831 In most cases, it is also used as the node's name when matching 832 [node definitions](https://puppet.com/docs/puppet/latest/lang_node_definitions.html) 833 and requesting data from an ENC. (This can be changed with the `node_name_value` 834 and `node_name_fact` settings, although you should only do so if you have 835 a compelling reason.) 836 837 A node's certname is available in Puppet manifests as `$trusted['certname']`. (See 838 [Facts and Built-In Variables](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html) 839 for more details.) 840 841 * For best compatibility, you should limit the value of `certname` to 842 only use lowercase letters, numbers, periods, underscores, and dashes. (That is, 843 it should match `/\A[a-z0-9._-]+\Z/`.) 844 * The special value `ca` is reserved, and can't be used as the certname 845 for a normal node. 846 847 **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors. 848 849 Defaults to the node's fully qualified domain name.", 850 :call_hook => :on_initialize_and_write, 851 :hook => proc { |value| 852 raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase 853 }}, 854 :dns_alt_names => { 855 :default => '', 856 :desc => <<EOT, 857 A comma-separated list of alternate DNS names for Puppet Server. These are extra 858 hostnames (in addition to its `certname`) that the server is allowed to use when 859 serving agents. Puppet checks this setting when automatically creating a 860 certificate for Puppet agent or Puppet Server. These can be either IP or DNS, and the type 861 should be specified and followed with a colon. Untyped inputs will default to DNS. 862 863 In order to handle agent requests at a given hostname (like 864 "puppet.example.com"), Puppet Server needs a certificate that proves it's 865 allowed to use that name; if a server shows a certificate that doesn't include 866 its hostname, Puppet agents will refuse to trust it. If you use a single 867 hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each 868 of those servers needs to include the official hostname in its list of extra 869 names. 870 871 **Note:** The list of alternate names is locked in when the server's 872 certificate is signed. If you need to change the list later, you can't just 873 change this setting; you also need to regenerate the certificate. For more 874 information on that process, see the 875 [cert regen docs](https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html). 876 877 To see all the alternate names your servers are using, log into your CA server 878 and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`. 879 Most agent nodes should NOT have alternate names; the only certs that should 880 have them are Puppet Server nodes that you want other agents to trust. 881 EOT 882 }, 883 :csr_attributes => { 884 :default => "$confdir/csr_attributes.yaml", 885 :type => :file, 886 :desc => <<EOT 887 An optional file containing custom attributes to add to certificate signing 888 requests (CSRs). You should ensure that this file does not exist on your CA 889 Puppet Server; if it does, unwanted certificate extensions may leak into 890 certificates created with the `puppetserver ca generate` command. 891 892 If present, this file must be a YAML hash containing a `custom_attributes` key 893 and/or an `extension_requests` key. The value of each key must be a hash, where 894 each key is a valid OID and each value is an object that can be cast to a string. 895 896 Custom attributes can be used by the CA when deciding whether to sign the 897 certificate, but are then discarded. Attribute OIDs can be any OID value except 898 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). 899 This is useful for embedding a pre-shared key for autosigning policy executables 900 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` 901 ("challenge password") OID. 902 903 Extension requests will be permanently embedded in the final certificate. 904 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`), 905 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`), or 906 "ppAuthCertExt" (`1.3.6.1.4.1.34380.1.3`) OID arcs. The ppRegCertExt arc is 907 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), 908 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) 909 --- in the YAML file, these can be referred to by their short descriptive names 910 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used 911 for site-specific extensions. The ppAuthCert arc is reserved for two pieces of 912 data to embed: `pp_authorization` (`.1`) and `pp_auth_role` (`.13`). As with 913 ppRegCertExt, in the YAML file, these can be referred to by their short 914 descriptive name instead of their full OID. 915 EOT 916 }, 917 :certdir => { 918 :default => "$ssldir/certs", 919 :type => :directory, 920 :mode => "0755", 921 :owner => "service", 922 :group => "service", 923 :desc => "The certificate directory." 924 }, 925 :ssldir => { 926 :default => "$confdir/ssl", 927 :type => :directory, 928 :mode => "0771", 929 :owner => "service", 930 :group => "service", 931 :desc => "Where SSL certificates are kept." 932 }, 933 :ssl_lockfile => { 934 :default => "$ssldir/ssl.lock", 935 :type => :string, 936 :desc => "A lock file to indicate that the ssl bootstrap process is currently in progress.", 937 }, 938 :publickeydir => { 939 :default => "$ssldir/public_keys", 940 :type => :directory, 941 :mode => "0755", 942 :owner => "service", 943 :group => "service", 944 :desc => "The public key directory." 945 }, 946 :requestdir => { 947 :default => "$ssldir/certificate_requests", 948 :type => :directory, 949 :mode => "0755", 950 :owner => "service", 951 :group => "service", 952 :desc => "Where host certificate requests are stored." 953 }, 954 :privatekeydir => { 955 :default => "$ssldir/private_keys", 956 :type => :directory, 957 :mode => "0750", 958 :owner => "service", 959 :group => "service", 960 :desc => "The private key directory." 961 }, 962 :privatedir => { 963 :default => "$ssldir/private", 964 :type => :directory, 965 :mode => "0750", 966 :owner => "service", 967 :group => "service", 968 :desc => "Where the client stores private certificate information." 969 }, 970 :passfile => { 971 :default => "$privatedir/password", 972 :type => :file, 973 :mode => "0640", 974 :owner => "service", 975 :group => "service", 976 :desc => "Where puppet agent stores the password for its private key. 977 Generally unused." 978 }, 979 :hostcsr => { 980 :default => "$requestdir/$certname.pem", 981 :type => :file, 982 :mode => "0644", 983 :owner => "service", 984 :group => "service", 985 :desc => "Where individual hosts store their certificate request (CSR) 986 while waiting for the CA to issue their certificate." 987 }, 988 :hostcert => { 989 :default => "$certdir/$certname.pem", 990 :type => :file, 991 :mode => "0644", 992 :owner => "service", 993 :group => "service", 994 :desc => "Where individual hosts store and look for their certificates." 995 }, 996 :hostprivkey => { 997 :default => "$privatekeydir/$certname.pem", 998 :type => :file, 999 :mode => "0640", 1000 :owner => "service", 1001 :group => "service", 1002 :desc => "Where individual hosts store and look for their private key." 1003 }, 1004 :hostpubkey => { 1005 :default => "$publickeydir/$certname.pem", 1006 :type => :file, 1007 :mode => "0644", 1008 :owner => "service", 1009 :group => "service", 1010 :desc => "Where individual hosts store and look for their public key." 1011 }, 1012 :localcacert => { 1013 :default => "$certdir/ca.pem", 1014 :type => :file, 1015 :mode => "0644", 1016 :owner => "service", 1017 :group => "service", 1018 :desc => "Where each client stores the CA certificate." 1019 }, 1020 :ca_fingerprint => { 1021 :default => nil, 1022 :type => :string, 1023 :desc => "The expected fingerprint of the CA certificate. If specified, the agent 1024 will compare the CA certificate fingerprint that it downloads against this value 1025 and reject the CA certificate if the values do not match. This only applies 1026 during the first download of the CA certificate." 1027 }, 1028 :ssl_trust_store => { 1029 :default => nil, 1030 :type => :file, 1031 :desc => "A file containing CA certificates in PEM format that puppet should trust 1032 when making HTTPS requests. This **only** applies to https requests to non-puppet 1033 infrastructure, such as retrieving file metadata and content from https file sources, 1034 puppet module tool and the 'http' report processor. This setting is ignored when 1035 making requests to puppet:// URLs such as catalog and report requests.", 1036 }, 1037 :hostcrl => { 1038 :default => "$ssldir/crl.pem", 1039 :type => :file, 1040 :mode => "0644", 1041 :owner => "service", 1042 :group => "service", 1043 :desc => "Where the host's certificate revocation list can be found. 1044 This is distinct from the certificate authority's CRL." 1045 }, 1046 :certificate_revocation => { 1047 :default => 'chain', 1048 :type => :certificate_revocation, 1049 :desc => <<-'EOT' 1050 Whether certificate revocation checking should be enabled, and what level of 1051 checking should be performed. 1052 1053 When certificate revocation is enabled, Puppet expects the contents of its CRL 1054 to be one or more PEM-encoded CRLs concatenated together. When using a cert 1055 bundle, CRLs for all CAs in the chain of trust must be included in the crl file. 1056 The chain should be ordered from least to most authoritative, with the first CRL 1057 listed being for the root of the chain and the last being for the leaf CA. 1058 1059 When certificate_revocation is set to 'true' or 'chain', Puppet ensures 1060 that each CA in the chain of trust has not been revoked by its issuing CA. 1061 1062 When certificate_revocation is set to 'leaf', Puppet verifies certs against 1063 the issuing CA's revocation list, but it does not verify the revocation status 1064 of the issuing CA or any CA above it within the chain of trust. 1065 1066 When certificate_revocation is set to 'false', Puppet disables all 1067 certificate revocation checking and does not attempt to download the CRL. 1068 EOT 1069 }, 1070 :ciphers => { 1071 :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256', 1072 :type => :string, 1073 :desc => "The list of ciphersuites for TLS connections initiated by puppet. The 1074 default value is chosen to support TLS 1.0 and up, but can be made 1075 more restrictive if needed. The ciphersuites must be specified in OpenSSL 1076 format, not IANA." 1077 }, 1078 :key_type => { 1079 :default => 'rsa', 1080 :type => :enum, 1081 :values => %w[rsa ec], 1082 :desc => "The type of private key. Valid values are `rsa` and `ec`. Default is `rsa`." 1083 }, 1084 :named_curve => { 1085 :default => 'prime256v1', 1086 :type => :string, 1087 :desc => "The short name for the EC curve used to generate the EC private key. Valid 1088 values must be one of the curves in `OpenSSL::PKey::EC.builtin_curves`. 1089 Default is `prime256v1`." 1090 }, 1091 :digest_algorithm => { 1092 :default => lambda { default_digest_algorithm }, 1093 :type => :enum, 1094 :values => valid_digest_algorithms, 1095 :desc => "Which digest algorithm to use for file resources and the filebucket. 1096 Valid values are #{valid_digest_algorithms.join(', ')}. Default is 1097 #{default_digest_algorithm}.", 1098 }, 1099 :supported_checksum_types => { 1100 :default => lambda { default_file_checksum_types }, 1101 :type => :array, 1102 :desc => "Checksum types supported by this agent for use in file resources of a 1103 static catalog. Values must be comma-separated. Valid types are 1104 #{valid_file_checksum_types.join(', ')}. Default is 1105 #{default_file_checksum_types.join(', ')}.", 1106 :hook => proc do |value| 1107 values = munge(value) 1108 1109 invalid = values - Puppet.valid_file_checksum_types 1110 if not invalid.empty? 1111 raise ArgumentError, _("Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'") % { 1112 value: invalid.first, name: @name, allowed_values: Puppet.valid_file_checksum_types.join("', '") 1113 } 1114 end 1115 end 1116 }, 1117 :logdest => { 1118 :type => :string, 1119 :desc => "Where to send log messages. Choose between 'syslog' (the POSIX syslog 1120 service), 'eventlog' (the Windows Event Log), 'console', or the path to a log 1121 file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)" 1122 # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook, 1123 # unfortunately we have a large number of tests that rely on the logging not resetting itself when the 1124 # settings are initialized as they test what gets logged during settings initialization. 1125 } 1126 ) 1127 1128 settings.define_settings( 1129 :ca, 1130 :ca_name => { 1131 :default => "Puppet CA: $certname", 1132 :desc => "The name to use the Certificate Authority certificate.", 1133 }, 1134 :cadir => { 1135 :default => lambda { default_cadir }, 1136 :type => :directory, 1137 :desc => "The root directory for the certificate authority.", 1138 }, 1139 :cacert => { 1140 :default => "$cadir/ca_crt.pem", 1141 :type => :file, 1142 :desc => "The CA certificate.", 1143 }, 1144 :cakey => { 1145 :default => "$cadir/ca_key.pem", 1146 :type => :file, 1147 :desc => "The CA private key.", 1148 }, 1149 :capub => { 1150 :default => "$cadir/ca_pub.pem", 1151 :type => :file, 1152 :desc => "The CA public key.", 1153 }, 1154 :cacrl => { 1155 :default => "$cadir/ca_crl.pem", 1156 :type => :file, 1157 :desc => "The certificate revocation list (CRL) for the CA.", 1158 }, 1159 :csrdir => { 1160 :default => "$cadir/requests", 1161 :type => :directory, 1162 :desc => "Where the CA stores certificate requests.", 1163 }, 1164 :signeddir => { 1165 :default => "$cadir/signed", 1166 :type => :directory, 1167 :desc => "Where the CA stores signed certificates.", 1168 }, 1169 :serial => { 1170 :default => "$cadir/serial", 1171 :type => :file, 1172 :desc => "Where the serial number for certificates is stored.", 1173 }, 1174 :autosign => { 1175 :default => "$confdir/autosign.conf", 1176 :type => :autosign, 1177 :desc => "Whether (and how) to autosign certificate requests. This setting 1178 is only relevant on a Puppet Server acting as a certificate authority (CA). 1179 1180 Valid values are true (autosigns all certificate requests; not recommended), 1181 false (disables autosigning certificates), or the absolute path to a file. 1182 1183 The file specified in this setting may be either a **configuration file** 1184 or a **custom policy executable.** Puppet will automatically determine 1185 what it is: If the Puppet user (see the `user` setting) can execute the 1186 file, it will be treated as a policy executable; otherwise, it will be 1187 treated as a config file. 1188 1189 If a custom policy executable is configured, the CA Puppet Server will run it 1190 every time it receives a CSR. The executable will be passed the subject CN of the 1191 request _as a command line argument,_ and the contents of the CSR in PEM format 1192 _on stdin._ It should exit with a status of 0 if the cert should be autosigned 1193 and non-zero if the cert should not be autosigned. 1194 1195 If a certificate request is not autosigned, it will persist for review. An admin 1196 user can use the `puppetserver ca sign` command to manually sign it, or can delete 1197 the request. 1198 1199 For info on autosign configuration files, see 1200 [the guide to Puppet's config files](https://puppet.com/docs/puppet/latest/config_file_autosign.html).", 1201 }, 1202 :allow_duplicate_certs => { 1203 :default => false, 1204 :type => :boolean, 1205 :desc => "Whether to allow a new certificate request to overwrite an existing 1206 certificate request. If true, then the old certificate must be cleaned using 1207 `puppetserver ca clean`, and the new request signed using `puppetserver ca sign`." 1208 }, 1209 :ca_ttl => { 1210 :default => "5y", 1211 :type => :duration, 1212 :desc => "The default TTL for new certificates. 1213 #{AS_DURATION}", 1214 }, 1215 :crl_refresh_interval => { 1216 :default => "1d", 1217 :type => :duration, 1218 :desc => "How often the Puppet agent refreshes its local CRL. By 1219 default the CRL is refreshed once every 24 hours. If a different 1220 duration is specified, then the agent will refresh its CRL whenever 1221 it next runs and the elapsed time since the CRL was last refreshed 1222 exceeds the duration. 1223 1224 In general, the duration should be greater than the `runinterval`. 1225 Setting it to an equal or lesser value will cause the CRL to be 1226 refreshed on every run. 1227 1228 If the agent downloads a new CRL, the agent will use it for subsequent 1229 network requests. If the refresh request fails or if the CRL is 1230 unchanged on the server, then the agent run will continue using the 1231 local CRL it already has.#{AS_DURATION}", 1232 }, 1233 :keylength => { 1234 :default => 4096, 1235 :type => :integer, 1236 :desc => "The bit length of keys.", 1237 }, 1238 :cert_inventory => { 1239 :default => "$cadir/inventory.txt", 1240 :type => :file, 1241 :desc => "The inventory file. This is a text file to which the CA writes a 1242 complete listing of all certificates.", 1243 } 1244 ) 1245 1246 # Define the config default. 1247 1248 settings.define_settings(:application, 1249 :config_file_name => { 1250 :type => :string, 1251 :default => Puppet::Settings.default_config_file_name, 1252 :desc => "The name of the puppet config file.", 1253 }, 1254 :config => { 1255 :type => :file, 1256 :default => "$confdir/${config_file_name}", 1257 :desc => "The configuration file for the current puppet application.", 1258 }, 1259 :pidfile => { 1260 :type => :file, 1261 :default => "$rundir/${run_mode}.pid", 1262 :desc => "The file containing the PID of a running process. 1263 This file is intended to be used by service management frameworks 1264 and monitoring systems to determine if a puppet process is still in 1265 the process table.", 1266 }, 1267 :sourceaddress => { 1268 :default => nil, 1269 :desc => "The address the agent should use to initiate requests.", 1270 }, 1271 ) 1272 1273 settings.define_settings(:environment, 1274 :manifest => { 1275 :default => nil, 1276 :type => :file_or_directory, 1277 :desc => "The entry-point manifest for the primary server. This can be one file 1278 or a directory of manifests to be evaluated in alphabetical order. Puppet manages 1279 this path as a directory if one exists or if the path ends with a / or \\. 1280 1281 Setting a global value for `manifest` in puppet.conf is not allowed 1282 (but it can be overridden from the commandline). Please use 1283 directory environments instead. If you need to use something other than the 1284 environment's `manifests` directory as the main manifest, you can set 1285 `manifest` in environment.conf. For more info, see 1286 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1287 }, 1288 :modulepath => { 1289 :default => "", 1290 :type => :path, 1291 :desc => "The search path for modules, as a list of directories separated by the system 1292 path separator character. (The POSIX path separator is ':', and the 1293 Windows path separator is ';'.) 1294 1295 Setting a global value for `modulepath` in puppet.conf is not allowed 1296 (but it can be overridden from the commandline). Please use 1297 directory environments instead. If you need to use something other than the 1298 default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`, 1299 you can set `modulepath` in environment.conf. For more info, see 1300 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1301 }, 1302 :config_version => { 1303 :default => "", 1304 :desc => "How to determine the configuration version. By default, it will be the 1305 time that the configuration is parsed, but you can provide a shell script to override how the 1306 version is determined. The output of this script will be added to every log message in the 1307 reports, allowing you to correlate changes on your hosts to the source version on the server. 1308 1309 Setting a global value for config_version in puppet.conf is not allowed 1310 (but it can be overridden from the commandline). Please set a 1311 per-environment value in environment.conf instead. For more info, see 1312 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1313 } 1314 ) 1315 1316 settings.define_settings(:server, 1317 :user => { 1318 :default => "puppet", 1319 :desc => "The user Puppet Server will run as. Used to ensure 1320 the agent side processes (agent, apply, etc) create files and 1321 directories readable by Puppet Server when necessary.", 1322 }, 1323 :group => { 1324 :default => "puppet", 1325 :desc => "The group Puppet Server will run as. Used to ensure 1326 the agent side processes (agent, apply, etc) create files and 1327 directories readable by Puppet Server when necessary.", 1328 }, 1329 :default_manifest => { 1330 :default => "./manifests", 1331 :type => :string, 1332 :desc => "The default main manifest for directory environments. Any environment that 1333 doesn't set the `manifest` setting in its `environment.conf` file will use 1334 this manifest. 1335 1336 This setting's value can be an absolute or relative path. An absolute path 1337 will make all environments default to the same main manifest; a relative 1338 path will allow each environment to use its own manifest, and Puppet will 1339 resolve the path relative to each environment's main directory. 1340 1341 In either case, the path can point to a single file or to a directory of 1342 manifests to be evaluated in alphabetical order.", 1343 }, 1344 :disable_per_environment_manifest => { 1345 :default => false, 1346 :type => :boolean, 1347 :desc => "Whether to disallow an environment-specific main manifest. When set 1348 to `true`, Puppet will use the manifest specified in the `default_manifest` setting 1349 for all environments. If an environment specifies a different main manifest in its 1350 `environment.conf` file, catalog requests for that environment will fail with an error. 1351 1352 This setting requires `default_manifest` to be set to an absolute path.", 1353 :hook => proc do |value| 1354 if value && !Pathname.new(Puppet[:default_manifest]).absolute? 1355 raise(Puppet::Settings::ValidationError, 1356 "The 'default_manifest' setting must be set to an absolute path when 'disable_per_environment_manifest' is true") 1357 end 1358 end, 1359 }, 1360 :code => { 1361 :default => "", 1362 :desc => "Code to parse directly. This is essentially only used 1363 by `puppet`, and should only be set if you're writing your own Puppet 1364 executable.", 1365 }, 1366 :masterport => { 1367 :default => 8140, 1368 :type => :port, 1369 :desc => "The default port puppet subcommands use to communicate 1370 with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be 1371 overridden by more specific settings (see `ca_port`, `report_port`).", 1372 }, 1373 :serverport => { 1374 :type => :alias, 1375 :alias_for => :masterport 1376 }, 1377 :bucketdir => { 1378 :default => "$vardir/bucket", 1379 :type => :directory, 1380 :mode => "0750", 1381 :owner => "service", 1382 :group => "service", 1383 :desc => "Where FileBucket files are stored." 1384 }, 1385 :trusted_oid_mapping_file => { 1386 :default => "$confdir/custom_trusted_oid_mapping.yaml", 1387 :type => :file, 1388 :desc => "File that provides mapping between custom SSL oids and user-friendly names" 1389 }, 1390 :basemodulepath => { 1391 :default => lambda { default_basemodulepath }, 1392 :type => :path, 1393 :desc => "The search path for **global** modules. Should be specified as a 1394 list of directories separated by the system path separator character. (The 1395 POSIX path separator is ':', and the Windows path separator is ';'.) 1396 1397 These are the modules that will be used by _all_ environments. Note that 1398 the `modules` directory of the active environment will have priority over 1399 any global directories. For more info, see 1400 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1401 }, 1402 :vendormoduledir => { 1403 :default => lambda { default_vendormoduledir }, 1404 :type => :string, 1405 :desc => "The directory containing **vendored** modules. These modules will 1406 be used by _all_ environments like those in the `basemodulepath`. The only 1407 difference is that modules in the `basemodulepath` are pluginsynced, while 1408 vendored modules are not", 1409 }, 1410 :ssl_client_header => { 1411 :default => "HTTP_X_CLIENT_DN", 1412 :desc => "The header containing an authenticated client's SSL DN. 1413 This header must be set by the proxy to the authenticated client's SSL 1414 DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common 1415 Name (CN) from the Distinguished Name (DN) and use the value of the CN 1416 field for authorization. 1417 1418 Note that the name of the HTTP header gets munged by the web server 1419 common gateway interface: an `HTTP_` prefix is added, dashes are converted 1420 to underscores, and all letters are uppercased. Thus, to use the 1421 `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`.", 1422 }, 1423 :ssl_client_verify_header => { 1424 :default => "HTTP_X_CLIENT_VERIFY", 1425 :desc => "The header containing the status message of the client 1426 verification. This header must be set by the proxy to 'SUCCESS' if the 1427 client successfully authenticated, and anything else otherwise. 1428 1429 Note that the name of the HTTP header gets munged by the web server 1430 common gateway interface: an `HTTP_` prefix is added, dashes are converted 1431 to underscores, and all letters are uppercased. Thus, to use the 1432 `X-Client-Verify` header, this setting should be 1433 `HTTP_X_CLIENT_VERIFY`.", 1434 }, 1435 # To make sure this directory is created before we try to use it on the server, we need 1436 # it to be in the server section (#1138). 1437 :yamldir => { 1438 :default => "$vardir/yaml", 1439 :type => :directory, 1440 :owner => "service", 1441 :group => "service", 1442 :mode => "0750", 1443 :desc => "The directory in which YAML data is stored, usually in a subdirectory."}, 1444 :server_datadir => { 1445 :default => "$vardir/server_data", 1446 :type => :directory, 1447 :owner => "service", 1448 :group => "service", 1449 :mode => "0750", 1450 :desc => "The directory in which serialized data is stored, usually in a subdirectory."}, 1451 :reports => { 1452 :default => "store", 1453 :desc => "The list of report handlers to use. When using multiple report handlers, 1454 their names should be comma-separated, with whitespace allowed. (For example, 1455 `reports = http, store`.) 1456 1457 This setting is relevant to puppet server and puppet apply. The primary Puppet 1458 server will call these report handlers with the reports it receives from 1459 agent nodes, and puppet apply will call them with its own report. (In 1460 all cases, the node applying the catalog must have `report = true`.) 1461 1462 See the report reference for information on the built-in report 1463 handlers; custom report handlers can also be loaded from modules. 1464 (Report handlers are loaded from the lib directory, at 1465 `puppet/reports/NAME.rb`.) 1466 1467 To turn off reports entirely, set this to `none`", 1468 }, 1469 :exclude_unchanged_resources => { 1470 :default => true, 1471 :type => :boolean, 1472 :desc => 'When set to true, resources that have had no changes after catalog application 1473 will not have corresponding unchanged resource status updates listed in the report.' 1474 }, 1475 :reportdir => { 1476 :default => "$vardir/reports", 1477 :type => :directory, 1478 :mode => "0750", 1479 :owner => "service", 1480 :group => "service", 1481 :desc => "The directory in which to store reports. Each node gets 1482 a separate subdirectory in this directory. This setting is only 1483 used when the `store` report processor is enabled (see the 1484 `reports` setting)."}, 1485 :reporturl => { 1486 :default => "http://localhost:3000/reports/upload", 1487 :desc => "The URL that reports should be forwarded to. This setting 1488 is only used when the `http` report processor is enabled (see the 1489 `reports` setting).", 1490 }, 1491 :fileserverconfig => { 1492 :default => "$confdir/fileserver.conf", 1493 :type => :file, 1494 :desc => "Where the fileserver configuration is stored.", 1495 }) 1496 1497 settings.define_settings(:device, 1498 :devicedir => { 1499 :default => "$vardir/devices", 1500 :type => :directory, 1501 :mode => "0750", 1502 :owner => "service", 1503 :group => "service", 1504 :desc => "The root directory of devices' $vardir.", 1505 }, 1506 :deviceconfig => { 1507 :default => "$confdir/device.conf", 1508 :desc => "Path to the device config file for puppet device.", 1509 } 1510 ) 1511 1512 settings.define_settings(:agent, 1513 :node_name_value => { 1514 :default => "$certname", 1515 :desc => "The explicit value used for the node name for all requests the agent 1516 makes to the primary server. WARNING: This setting is mutually exclusive with 1517 node_name_fact. Changing this setting also requires changes to 1518 Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html)." 1519 }, 1520 :node_name_fact => { 1521 :default => "", 1522 :desc => "The fact name used to determine the node name used for all requests the agent 1523 makes to the primary server. WARNING: This setting is mutually exclusive with 1524 node_name_value. Changing this setting also requires changes to 1525 Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).", 1526 :hook => proc do |value| 1527 if !value.empty? and Puppet[:node_name_value] != Puppet[:certname] 1528 raise "Cannot specify both the node_name_value and node_name_fact settings" 1529 end 1530 end 1531 }, 1532 :statefile => { 1533 :default => "$statedir/state.yaml", 1534 :type => :file, 1535 :mode => "0640", 1536 :desc => "Where Puppet agent and Puppet Server store state associated 1537 with the running configuration. In the case of Puppet Server, 1538 this file reflects the state discovered through interacting 1539 with clients." 1540 }, 1541 :statettl => { 1542 :default => "32d", 1543 :type => :ttl, 1544 :desc => "How long the Puppet agent should cache when a resource was last checked or synced. 1545 #{AS_DURATION} 1546 A value of `0` or `unlimited` will disable cache pruning. 1547 1548 This setting affects the usage of `schedule` resources, as the information 1549 about when a resource was last checked (and therefore when it needs to be 1550 checked again) is stored in the `statefile`. The `statettl` needs to be 1551 large enough to ensure that a resource will not trigger multiple times 1552 during a schedule due to its entry expiring from the cache." 1553 }, 1554 :transactionstorefile => { 1555 :default => "$statedir/transactionstore.yaml", 1556 :type => :file, 1557 :mode => "0640", 1558 :desc => "Transactional storage file for persisting data between 1559 transactions for the purposes of inferring information (such as 1560 corrective_change) on new data received." 1561 }, 1562 :clientyamldir => { 1563 :default => "$vardir/client_yaml", 1564 :type => :directory, 1565 :mode => "0750", 1566 :desc => "The directory in which client-side YAML data is stored." 1567 }, 1568 :client_datadir => { 1569 :default => "$vardir/client_data", 1570 :type => :directory, 1571 :mode => "0750", 1572 :desc => "The directory in which serialized data is stored on the client." 1573 }, 1574 :write_catalog_summary => { 1575 :default => true, 1576 :type => :boolean, 1577 :desc => "Whether to write the `classfile` and `resourcefile` after applying 1578 the catalog. It is enabled by default, except when running `puppet apply`.", 1579 }, 1580 :classfile => { 1581 :default => "$statedir/classes.txt", 1582 :type => :file, 1583 :owner => "root", 1584 :mode => "0640", 1585 :desc => "The file in which puppet agent stores a list of the classes 1586 associated with the retrieved configuration. Can be loaded in 1587 the separate `puppet` executable using the `--loadclasses` 1588 option."}, 1589 :resourcefile => { 1590 :default => "$statedir/resources.txt", 1591 :type => :file, 1592 :owner => "root", 1593 :mode => "0640", 1594 :desc => "The file in which puppet agent stores a list of the resources 1595 associated with the retrieved configuration." }, 1596 :puppetdlog => { 1597 :default => "$logdir/puppetd.log", 1598 :type => :file, 1599 :owner => "root", 1600 :mode => "0640", 1601 :desc => "The fallback log file. This is only used when the `--logdest` option 1602 is not specified AND Puppet is running on an operating system where both 1603 the POSIX syslog service and the Windows Event Log are unavailable. (Currently, 1604 no supported operating systems match that description.) 1605 1606 Despite the name, both puppet agent and puppet server will use this file 1607 as the fallback logging destination. 1608 1609 For control over logging destinations, see the `--logdest` command line 1610 option in the manual pages for puppet server, puppet agent, and puppet 1611 apply. You can see man pages by running `puppet <SUBCOMMAND> --help`, 1612 or read them online at https://puppet.com/docs/puppet/latest/man/." 1613 }, 1614 :deviceconfdir => { 1615 :default => "$confdir/devices", 1616 :type => :directory, 1617 :mode => "0750", 1618 :owner => "service", 1619 :group => "service", 1620 :desc => "The root directory of devices' $confdir.", 1621 }, 1622 :server => { 1623 :default => "puppet", 1624 :desc => "The primary Puppet server to which the Puppet agent should connect.", 1625 }, 1626 :server_list => { 1627 :default => [], 1628 :type => :server_list, 1629 :desc => "The list of primary Puppet servers to which the Puppet agent should connect, 1630 in the order that they will be tried. Each value should be a fully qualified domain name, followed by an optional ':' and port number. If a port is omitted, Puppet uses masterport for that host.", 1631 }, 1632 :use_srv_records => { 1633 :default => false, 1634 :type => :boolean, 1635 :desc => "Whether the server will search for SRV records in DNS for the current domain.", 1636 }, 1637 :srv_domain => { 1638 :default => lambda { Puppet::Settings.domain_fact }, 1639 :desc => "The domain which will be queried to find the SRV records of servers to use.", 1640 }, 1641 :http_extra_headers => { 1642 :default => [], 1643 :type => :http_extra_headers, 1644 :desc => "The list of extra headers that will be sent with http requests to the primary server. 1645 The header definition consists of a name and a value separated by a colon." 1646 }, 1647 :ignoreschedules => { 1648 :default => false, 1649 :type => :boolean, 1650 :desc => "Boolean; whether puppet agent should ignore schedules. This is useful 1651 for initial puppet agent runs.", 1652 }, 1653 :default_schedules => { 1654 :default => true, 1655 :type => :boolean, 1656 :desc => "Boolean; whether to generate the default schedule resources. Setting this to 1657 false is useful for keeping external report processors clean of skipped schedule resources.", 1658 }, 1659 :noop => { 1660 :default => false, 1661 :type => :boolean, 1662 :desc => "Whether to apply catalogs in noop mode, which allows Puppet to 1663 partially simulate a normal run. This setting affects puppet agent and 1664 puppet apply. 1665 1666 When running in noop mode, Puppet will check whether each resource is in sync, 1667 like it does when running normally. However, if a resource attribute is not in 1668 the desired state (as declared in the catalog), Puppet will take no 1669 action, and will instead report the changes it _would_ have made. These 1670 simulated changes will appear in the report sent to the primary Puppet server, or 1671 be shown on the console if running puppet agent or puppet apply in the 1672 foreground. The simulated changes will not send refresh events to any 1673 subscribing or notified resources, although Puppet will log that a refresh 1674 event _would_ have been sent. 1675 1676 **Important note:** 1677 [The `noop` metaparameter](https://puppet.com/docs/puppet/latest/metaparameter.html#noop) 1678 allows you to apply individual resources in noop mode, and will override 1679 the global value of the `noop` setting. This means a resource with 1680 `noop => false` _will_ be changed if necessary, even when running puppet 1681 agent with `noop = true` or `--noop`. (Conversely, a resource with 1682 `noop => true` will only be simulated, even when noop mode is globally disabled.)", 1683 }, 1684 :runinterval => { 1685 :default => "30m", 1686 :type => :duration, 1687 :desc => "How often puppet agent applies the catalog. 1688 Note that a runinterval of 0 means \"run continuously\" rather than 1689 \"never run.\" #{AS_DURATION}", 1690 }, 1691 :runtimeout => { 1692 :default => "1h", 1693 :type => :duration, 1694 :desc => "The maximum amount of time an agent run is allowed to take. 1695 A Puppet agent run that exceeds this timeout will be aborted. A value 1696 of 0 disables the timeout. Defaults to 1 hour. #{AS_DURATION}", 1697 }, 1698 :ca_server => { 1699 :default => "$server", 1700 :desc => "The server to use for certificate 1701 authority requests. It's a separate server because it cannot 1702 and does not need to horizontally scale.", 1703 }, 1704 :ca_port => { 1705 :default => "$serverport", 1706 :type => :port, 1707 :desc => "The port to use for the certificate authority.", 1708 }, 1709 :preferred_serialization_format => { 1710 :default => "json", 1711 :desc => "The preferred means of serializing 1712 ruby instances for passing over the wire. This won't guarantee that all 1713 instances will be serialized using this method, since not all classes 1714 can be guaranteed to support this format, but it will be used for all 1715 classes that support it.", 1716 :hook => proc { |value| 1717 if value == "pson" && !Puppet.features.pson? 1718 raise(Puppet::Settings::ValidationError, "The 'puppet-pson' gem must be installed to use the PSON serialization format.") 1719 end 1720 } 1721 }, 1722 :allow_pson_serialization => { 1723 :default => false, 1724 :type => :boolean, 1725 :desc => "Whether when unable to serialize to JSON or other formats, 1726 Puppet falls back to PSON. This option affects both puppetserver's 1727 configuration management service responses and when the agent saves its 1728 cached catalog. This option is useful in preventing the loss of data because 1729 rich data cannot be serialized via PSON.", 1730 }, 1731 :agent_catalog_run_lockfile => { 1732 :default => "$statedir/agent_catalog_run.lock", 1733 :type => :string, # (#2888) Ensure this file is not added to the settings catalog. 1734 :desc => "A lock file to indicate that a puppet agent catalog run is currently in progress. 1735 The file contains the pid of the process that holds the lock on the catalog run.", 1736 }, 1737 :agent_disabled_lockfile => { 1738 :default => "$statedir/agent_disabled.lock", 1739 :type => :string, 1740 :desc => "A lock file to indicate that puppet agent runs have been administratively 1741 disabled. File contains a JSON object with state information.", 1742 }, 1743 :usecacheonfailure => { 1744 :default => true, 1745 :type => :boolean, 1746 :desc => "Whether to use the cached configuration when the remote 1747 configuration will not compile. This option is useful for testing 1748 new configurations, where you want to fix the broken configuration 1749 rather than reverting to a known-good one.", 1750 }, 1751 :include_legacy_facts => { 1752 :type => :boolean, 1753 :default => false, 1754 :desc => "Whether to include legacy facts when requesting a catalog. This 1755 option can be set to false provided all puppet manifests, hiera.yaml and hiera 1756 configuration layers no longer access legacy facts, such as `$osfamily`, and 1757 instead access structured facts, such as `$facts['os']['family']`." 1758 }, 1759 :fact_name_length_soft_limit => { 1760 :default => 2560, 1761 :type => :integer, 1762 :desc => "The soft limit for the length of a fact name.", 1763 }, 1764 :fact_value_length_soft_limit => { 1765 :default => 4096, 1766 :type => :integer, 1767 :desc => "The soft limit for the length of a fact value.", 1768 }, 1769 :top_level_facts_soft_limit => { 1770 :default => 512, 1771 :type => :integer, 1772 :desc => "The soft limit for the number of top level facts.", 1773 }, 1774 :number_of_facts_soft_limit => { 1775 :default => 2048, 1776 :type => :integer, 1777 :desc => "The soft limit for the total number of facts.", 1778 }, 1779 :payload_soft_limit => { 1780 :default => 16 * 1024 * 1024, 1781 :type => :integer, 1782 :desc => "The soft limit for the size of the payload.", 1783 }, 1784 :use_cached_catalog => { 1785 :default => false, 1786 :type => :boolean, 1787 :desc => "Whether to only use the cached catalog rather than compiling a new catalog 1788 on every run. Puppet can be run with this enabled by default and then selectively 1789 disabled when a recompile is desired. Because a Puppet agent using cached catalogs 1790 does not contact the primary server for a new catalog, it also does not upload facts at 1791 the beginning of the Puppet run.", 1792 }, 1793 :ignoremissingtypes => { 1794 :default => false, 1795 :type => :boolean, 1796 :desc => "Skip searching for classes and definitions that were missing during a 1797 prior compilation. The list of missing objects is maintained per-environment and 1798 persists until the environment is cleared or the primary server is restarted.", 1799 }, 1800 :splaylimit => { 1801 :default => "$runinterval", 1802 :type => :duration, 1803 :desc => "The maximum time to delay before an agent's first run when 1804 `splay` is enabled. Defaults to the agent's `$runinterval`. The 1805 `splay` interval is random and recalculated each time the agent is started or 1806 restarted. #{AS_DURATION}", 1807 }, 1808 :splay => { 1809 :default => false, 1810 :type => :boolean, 1811 :desc => "Whether to sleep for a random amount of time, ranging from 1812 immediately up to its `$splaylimit`, before performing its first agent run 1813 after a service restart. After this period, the agent runs periodically 1814 on its `$runinterval`. 1815 1816 For example, assume a default 30-minute `$runinterval`, `splay` set to its 1817 default of `false`, and an agent starting at :00 past the hour. The agent 1818 would check in every 30 minutes at :01 and :31 past the hour. 1819 1820 With `splay` enabled, it waits any amount of time up to its `$splaylimit` 1821 before its first run. For example, it might randomly wait 8 minutes, 1822 then start its first run at :08 past the hour. With the `$runinterval` 1823 at its default 30 minutes, its next run will be at :38 past the hour. 1824 1825 If you restart an agent's puppet service with `splay` enabled, it 1826 recalculates its splay period and delays its first agent run after 1827 restarting for this new period. If you simultaneously restart a group of 1828 puppet agents with `splay` enabled, their checkins to your primary servers 1829 can be distributed more evenly.", 1830 }, 1831 :clientbucketdir => { 1832 :default => "$vardir/clientbucket", 1833 :type => :directory, 1834 :mode => "0750", 1835 :desc => "Where FileBucket files are stored locally." 1836 }, 1837 :report_server => { 1838 :default => "$server", 1839 :desc => "The server to send transaction reports to.", 1840 }, 1841 :report_port => { 1842 :default => "$serverport", 1843 :type => :port, 1844 :desc => "The port to communicate with the report_server.", 1845 }, 1846 :report => { 1847 :default => true, 1848 :type => :boolean, 1849 :desc => "Whether to send reports after every transaction.", 1850 }, 1851 :report_include_system_store => { 1852 :default => false, 1853 :type => :boolean, 1854 :desc => "Whether the 'http' report processor should include the system 1855 certificate store when submitting reports to HTTPS URLs. If false, then 1856 the 'http' processor will only trust HTTPS report servers whose certificates 1857 are issued by the puppet CA or one of its intermediate CAs. If true, the 1858 processor will additionally trust CA certificates in the system's 1859 certificate store." 1860 }, 1861 :resubmit_facts => { 1862 :default => false, 1863 :type => :boolean, 1864 :desc => "Whether to send updated facts after every transaction. By default 1865 puppet only submits facts at the beginning of the transaction before applying a 1866 catalog. Since puppet can modify the state of the system, the value of the facts 1867 may change after puppet finishes. Therefore, any facts stored in puppetdb may not 1868 be consistent until the agent next runs, typically in 30 minutes. If this feature 1869 is enabled, puppet will resubmit facts after applying its catalog, ensuring facts 1870 for the node stored in puppetdb are current. However, this will double the fact 1871 submission load on puppetdb, so it is disabled by default.", 1872 }, 1873 :publicdir => { 1874 :default => nil, 1875 :type => :directory, 1876 :mode => "0755", 1877 :desc => "Where Puppet stores public files." 1878 }, 1879 :lastrunfile => { 1880 :default => "$publicdir/last_run_summary.yaml", 1881 :type => :file, 1882 :mode => "0640", 1883 :desc => "Where puppet agent stores the last run report summary in yaml format." 1884 }, 1885 :lastrunreport => { 1886 :default => "$statedir/last_run_report.yaml", 1887 :type => :file, 1888 :mode => "0640", 1889 :desc => "Where Puppet Agent stores the last run report, by default, in yaml format. 1890 The format of the report can be changed by setting the `cache` key of the `report` terminus 1891 in the [routes.yaml](https://puppet.com/docs/puppet/latest/config_file_routes.html) file. 1892 To avoid mismatches between content and file extension, this setting needs to be 1893 manually updated to reflect the terminus changes." 1894 }, 1895 :graph => { 1896 :default => false, 1897 :type => :boolean, 1898 :desc => "Whether to create .dot graph files, which let you visualize the 1899 dependency and containment relationships in Puppet's catalog. You 1900 can load and view these files with tools like 1901 [OmniGraffle](http://www.omnigroup.com/applications/omnigraffle/) (OS X) 1902 or [graphviz](http://www.graphviz.org/) (multi-platform). 1903 1904 Graph files are created when _applying_ a catalog, so this setting 1905 should be used on nodes running `puppet agent` or `puppet apply`. 1906 1907 The `graphdir` setting determines where Puppet will save graphs. Note 1908 that we don't save graphs for historical runs; Puppet will replace the 1909 previous .dot files with new ones every time it applies a catalog. 1910 1911 See your graphing software's documentation for details on opening .dot 1912 files. If you're using GraphViz's `dot` command, you can do a quick PNG 1913 render with `dot -Tpng <DOT FILE> -o <OUTPUT FILE>`.", 1914 }, 1915 :graphdir => { 1916 :default => "$statedir/graphs", 1917 :type => :directory, 1918 :desc => "Where to save .dot-format graphs (when the `graph` setting is enabled).", 1919 }, 1920 :waitforcert => { 1921 :default => "2m", 1922 :type => :duration, 1923 :desc => "How frequently puppet agent should ask for a signed certificate. 1924 1925 When starting for the first time, puppet agent will submit a certificate 1926 signing request (CSR) to the server named in the `ca_server` setting 1927 (usually the primary Puppet server); this may be autosigned, or may need to be 1928 approved by a human, depending on the CA server's configuration. 1929 1930 Puppet agent cannot apply configurations until its approved certificate is 1931 available. Since the certificate may or may not be available immediately, 1932 puppet agent will repeatedly try to fetch it at this interval. You can 1933 turn off waiting for certificates by specifying a time of 0, or a maximum 1934 amount of time to wait in the `maxwaitforcert` setting, in which case 1935 puppet agent will exit if it cannot get a cert. 1936 #{AS_DURATION}", 1937 }, 1938 :maxwaitforcert => { 1939 :default => "unlimited", 1940 :type => :ttl, 1941 :desc => "The maximum amount of time the Puppet agent should wait for its 1942 certificate request to be signed. A value of `unlimited` will cause puppet agent 1943 to ask for a signed certificate indefinitely. 1944 #{AS_DURATION}", 1945 }, 1946 :waitforlock => { 1947 :default => "0", 1948 :type => :duration, 1949 :desc => "How frequently puppet agent should try running when there is an 1950 already ongoing puppet agent instance. 1951 1952 This argument is by default disabled (value set to 0). In this case puppet agent will 1953 immediately exit if it cannot run at that moment. When a value other than 0 is set, this 1954 can also be used in combination with the `maxwaitforlock` argument. 1955 #{AS_DURATION}", 1956 }, 1957 :maxwaitforlock => { 1958 :default => "1m", 1959 :type => :ttl, 1960 :desc => "The maximum amount of time the puppet agent should wait for an 1961 already running puppet agent to finish before starting a new one. This is set by default to 1 minute. 1962 A value of `unlimited` will cause puppet agent to wait indefinitely. 1963 #{AS_DURATION}", 1964 } 1965 ) 1966 1967 # Plugin information. 1968 1969 settings.define_settings( 1970 :main, 1971 :plugindest => { 1972 :type => :directory, 1973 :default => "$libdir", 1974 :desc => "Where Puppet should store plugins that it pulls down from the central 1975 server.", 1976 }, 1977 :pluginsource => { 1978 :default => "puppet:///plugins", 1979 :desc => "From where to retrieve plugins. The standard Puppet `file` type 1980 is used for retrieval, so anything that is a valid file source can 1981 be used here.", 1982 }, 1983 :pluginfactdest => { 1984 :type => :directory, 1985 :default => "$vardir/facts.d", 1986 :desc => "Where Puppet should store external facts that are being handled by pluginsync", 1987 }, 1988 :pluginfactsource => { 1989 :default => "puppet:///pluginfacts", 1990 :desc => "Where to retrieve external facts for pluginsync", 1991 }, 1992 :localedest => { 1993 :type => :directory, 1994 :default => "$vardir/locales", 1995 :desc => "Where Puppet should store translation files that it pulls down from the central 1996 server.", 1997 }, 1998 :localesource => { 1999 :default => "puppet:///locales", 2000 :desc => "From where to retrieve translation files. The standard Puppet `file` type 2001 is used for retrieval, so anything that is a valid file source can 2002 be used here.", 2003 }, 2004 :pluginsync => { 2005 :default => true, 2006 :type => :boolean, 2007 :desc => "Whether plugins should be synced with the central server. This setting is 2008 deprecated.", 2009 :hook => proc { |value| 2010 #TRANSLATORS 'pluginsync' is a setting and should not be translated 2011 Puppet.deprecation_warning(_("Setting 'pluginsync' is deprecated.")) 2012 } 2013 }, 2014 :pluginsignore => { 2015 :default => ".svn CVS .git .hg", 2016 :desc => "What files to ignore when pulling down plugins.", 2017 }, 2018 :ignore_plugin_errors => { 2019 :default => false, 2020 :type => :boolean, 2021 :desc => "Whether the puppet run should ignore errors during pluginsync. If the setting 2022 is false and there are errors during pluginsync, then the agent will abort the run and 2023 submit a report containing information about the failed run." 2024 } 2025 ) 2026 2027 # Central fact information. 2028 2029 settings.define_settings( 2030 :main, 2031 :factpath => { 2032 :type => :path, 2033 :default => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts", 2034 :desc => "Where Puppet should look for facts. Multiple directories should 2035 be separated by the system path separator character. (The POSIX path 2036 separator is ':', and the Windows path separator is ';'.)", 2037 2038 :call_hook => :on_initialize_and_write, # Call our hook with the default value, so we always get the value added to facter. 2039 :hook => proc do |value| 2040 paths = value.split(File::PATH_SEPARATOR) 2041 facter = Puppet.runtime[:facter] 2042 facter.search(*paths) 2043 end 2044 } 2045 ) 2046 2047 settings.define_settings( 2048 :transaction, 2049 :tags => { 2050 :default => "", 2051 :desc => "Tags to use to find resources. If this is set, then 2052 only resources tagged with the specified tags will be applied. 2053 Values must be comma-separated.", 2054 }, 2055 :skip_tags => { 2056 :default => "", 2057 :desc => "Tags to use to filter resources. If this is set, then 2058 only resources not tagged with the specified tags will be applied. 2059 Values must be comma-separated.", 2060 }, 2061 :evaltrace => { 2062 :default => false, 2063 :type => :boolean, 2064 :desc => "Whether each resource should log when it is 2065 being evaluated. This allows you to interactively see exactly 2066 what is being done.", 2067 }, 2068 :preprocess_deferred => { 2069 :default => false, 2070 :type => :boolean, 2071 :desc => "Whether puppet should call deferred functions before applying 2072 the catalog. If set to `true`, then all prerequisites needed for the 2073 deferred function must be satisfied prior to puppet running. If set to 2074 `false`, then deferred functions will follow puppet relationships and 2075 ordering. This allows puppet to install prerequisites needed for a 2076 deferred function and call the deferred function in the same run." 2077 }, 2078 :summarize => { 2079 :default => false, 2080 :type => :boolean, 2081 :desc => "Whether to print a transaction summary.", 2082 } 2083 ) 2084 2085 settings.define_settings( 2086 :main, 2087 :external_nodes => { 2088 :default => "none", 2089 :desc => "The external node classifier (ENC) script to use for node data. 2090 Puppet combines this data with the main manifest to produce node catalogs. 2091 2092 To enable this setting, set the `node_terminus` setting to `exec`. 2093 2094 This setting's value must be the path to an executable command that 2095 can produce node information. The command must: 2096 2097 * Take the name of a node as a command-line argument. 2098 * Return a YAML hash with up to three keys: 2099 * `classes` --- A list of classes, as an array or hash. 2100 * `environment` --- A string. 2101 * `parameters` --- A list of top-scope variables to set, as a hash. 2102 * For unknown nodes, exit with a non-zero exit code. 2103 2104 Generally, an ENC script makes requests to an external data source. 2105 2106 For more info, see [the ENC documentation](https://puppet.com/docs/puppet/latest/nodes_external.html).", 2107 } 2108 ) 2109 2110 settings.define_settings( 2111 :ldap, 2112 :ldapssl => { 2113 :default => false, 2114 :type => :boolean, 2115 :desc => "Whether SSL should be used when searching for nodes. 2116 Defaults to false because SSL usually requires certificates 2117 to be set up on the client side.", 2118 }, 2119 :ldaptls => { 2120 :default => false, 2121 :type => :boolean, 2122 :desc => "Whether TLS should be used when searching for nodes. 2123 Defaults to false because TLS usually requires certificates 2124 to be set up on the client side.", 2125 }, 2126 :ldapserver => { 2127 :default => "ldap", 2128 :desc => "The LDAP server.", 2129 }, 2130 :ldapport => { 2131 :default => 389, 2132 :type => :port, 2133 :desc => "The LDAP port.", 2134 }, 2135 2136 :ldapstring => { 2137 :default => "(&(objectclass=puppetClient)(cn=%s))", 2138 :desc => "The search string used to find an LDAP node.", 2139 }, 2140 :ldapclassattrs => { 2141 :default => "puppetclass", 2142 :desc => "The LDAP attributes to use to define Puppet classes. Values 2143 should be comma-separated.", 2144 }, 2145 :ldapstackedattrs => { 2146 :default => "puppetvar", 2147 :desc => "The LDAP attributes that should be stacked to arrays by adding 2148 the values in all hierarchy elements of the tree. Values 2149 should be comma-separated.", 2150 }, 2151 :ldapattrs => { 2152 :default => "all", 2153 :desc => "The LDAP attributes to include when querying LDAP for nodes. All 2154 returned attributes are set as variables in the top-level scope. 2155 Multiple values should be comma-separated. The value 'all' returns 2156 all attributes.", 2157 }, 2158 :ldapparentattr => { 2159 :default => "parentnode", 2160 :desc => "The attribute to use to define the parent node.", 2161 }, 2162 :ldapuser => { 2163 :default => "", 2164 :desc => "The user to use to connect to LDAP. Must be specified as a 2165 full DN.", 2166 }, 2167 :ldappassword => { 2168 :default => "", 2169 :desc => "The password to use to connect to LDAP.", 2170 }, 2171 :ldapbase => { 2172 :default => "", 2173 :desc => "The search base for LDAP searches. It's impossible to provide 2174 a meaningful default here, although the LDAP libraries might 2175 have one already set. Generally, it should be the 'ou=Hosts' 2176 branch under your main directory.", 2177 } 2178 ) 2179 2180 settings.define_settings(:server, 2181 :storeconfigs => { 2182 :default => false, 2183 :type => :boolean, 2184 :desc => "Whether to store each client's configuration, including catalogs, facts, 2185 and related data. This also enables the import and export of resources in 2186 the Puppet language - a mechanism for exchange resources between nodes. 2187 2188 By default this uses the 'puppetdb' backend. 2189 2190 You can adjust the backend using the storeconfigs_backend setting.", 2191 # Call our hook with the default value, so we always get the libdir set. 2192 :call_hook => :on_initialize_and_write, 2193 :hook => proc do |value| 2194 require_relative '../puppet/node' 2195 require_relative '../puppet/node/facts' 2196 if value 2197 Puppet::Resource::Catalog.indirection.set_global_setting(:cache_class, :store_configs) 2198 settings.override_default(:catalog_cache_terminus, :store_configs) 2199 Puppet::Node::Facts.indirection.set_global_setting(:cache_class, :store_configs) 2200 Puppet::Resource.indirection.set_global_setting(:terminus_class, :store_configs) 2201 end 2202 end 2203 }, 2204 :storeconfigs_backend => { 2205 :type => :terminus, 2206 :default => "puppetdb", 2207 :desc => "Configure the backend terminus used for StoreConfigs. 2208 By default, this uses the PuppetDB store, which must be installed 2209 and configured before turning on StoreConfigs." 2210 } 2211 ) 2212 2213 settings.define_settings(:parser, 2214 :max_errors => { 2215 :default => 10, 2216 :type => :integer, 2217 :desc => <<-'EOT' 2218 Sets the max number of logged/displayed parser validation errors in case 2219 multiple errors have been detected. A value of 0 is the same as a value of 1; a 2220 minimum of one error is always raised. The count is per manifest. 2221 EOT 2222 }, 2223 :max_warnings => { 2224 :default => 10, 2225 :type => :integer, 2226 :desc => <<-'EOT' 2227 Sets the max number of logged/displayed parser validation warnings in 2228 case multiple warnings have been detected. A value of 0 blocks logging of 2229 warnings. The count is per manifest. 2230 EOT 2231 }, 2232 :max_deprecations => { 2233 :default => 10, 2234 :type => :integer, 2235 :desc => <<-'EOT' 2236 Sets the max number of logged/displayed parser validation deprecation 2237 warnings in case multiple deprecation warnings have been detected. A value of 0 2238 blocks the logging of deprecation warnings. The count is per manifest. 2239 EOT 2240 }, 2241 :strict_variables => { 2242 :default => true, 2243 :type => :boolean, 2244 :desc => <<-'EOT' 2245 Causes an evaluation error when referencing unknown variables. (This does not affect 2246 referencing variables that are explicitly set to undef). 2247 EOT 2248 }, 2249 :tasks => { 2250 :default => false, 2251 :type => :boolean, 2252 :desc => <<-'EOT' 2253 Turns on experimental support for tasks and plans in the puppet language. This is for internal API use only. 2254 Do not change this setting. 2255 EOT 2256 } 2257 ) 2258 settings.define_settings(:puppetdoc, 2259 :document_all => { 2260 :default => false, 2261 :type => :boolean, 2262 :desc => "Whether to document all resources when using `puppet doc` to 2263 generate manifest documentation.", 2264 } 2265 ) 2266 2267 settings.define_settings( 2268 :main, 2269 :rich_data => { 2270 :default => true, 2271 :type => :boolean, 2272 :desc => <<-'EOT' 2273 Enables having extended data in the catalog by storing them as a hash with the special key 2274 `__ptype`. When enabled, resource containing values of the data types `Binary`, `Regexp`, 2275 `SemVer`, `SemVerRange`, `Timespan` and `Timestamp`, as well as instances of types derived 2276 from `Object` retain their data type. 2277 EOT 2278 } 2279 ) 2280 end
initialize_facts()
click to toggle source
Initialize puppet's core facts. It should not be called before initialize_settings.
# File lib/puppet.rb 186 def self.initialize_facts 187 # Add the puppetversion fact; this is done before generating the hash so it is 188 # accessible to custom facts. 189 Puppet.runtime[:facter].add(:puppetversion) do 190 setcode { Puppet.version.to_s } 191 end 192 193 Puppet.runtime[:facter].add(:agent_specified_environment) do 194 setcode do 195 Puppet.settings.set_by_cli(:environment) || 196 Puppet.settings.set_in_section(:environment, :agent) || 197 Puppet.settings.set_in_section(:environment, :main) 198 end 199 end 200 end
initialize_settings(args = [], require_config = true, push_settings_globally = true, runtime_implementations = {})
click to toggle source
Initialize puppet's settings. This is intended only for use by external tools that are not
built off of the Faces API or the Puppet::Util::Application class. It may also be used to initialize state so that a Face may be used programatically, rather than as a stand-alone command-line tool.
@api public @param args [Array<String>] the command line arguments to use for initialization @param require_config [Boolean] controls loading of Puppet configuration files @param global_settings [Boolean] controls push to global context after settings object initialization @param runtime_implementations [Hash<Symbol, Object>] runtime implementations to register @return [void]
# File lib/puppet.rb 145 def self.initialize_settings(args = [], require_config = true, push_settings_globally = true, runtime_implementations = {}) 146 do_initialize_settings_for_run_mode(:user, args, require_config, push_settings_globally, runtime_implementations) 147 end
instances()
click to toggle source
# File lib/puppet/type/exec.rb 635 def self.instances 636 [] 637 end
lookup(name, &block)
click to toggle source
Lookup a binding by name or return a default value provided by a passed block (if given). @api private
# File lib/puppet.rb 277 def self.lookup(name, &block) 278 @context.lookup(name, &block) 279 end
mark_context(name)
click to toggle source
@api private
# File lib/puppet.rb 302 def self.mark_context(name) 303 @context.mark(name) 304 end
minor_version()
click to toggle source
@return [String] containing the puppet version to minor specificity, e.g. “3.0”
# File lib/puppet/version.rb 69 def self.minor_version 70 self.version.split('.')[0..1].join('.') 71 end
mkdefaultbucket()
click to toggle source
Create a default filebucket.
# File lib/puppet/type/filebucket.rb 86 def self.mkdefaultbucket 87 new(:name => "puppet", :path => Puppet[:clientbucketdir]) 88 end
mkdefaultschedules()
click to toggle source
# File lib/puppet/type/schedule.rb 393 def self.mkdefaultschedules 394 result = [] 395 unless Puppet[:default_schedules] 396 Puppet.debug "Not creating default schedules: default_schedules is false" 397 return result 398 end 399 400 Puppet.debug "Creating default schedules" 401 402 result << self.new( 403 404 :name => "puppet", 405 :period => :hourly, 406 407 :repeat => "2" 408 ) 409 410 # And then one for every period 411 @parameters.find { |p| p.name == :period }.value_collection.values.each { |value| 412 413 result << self.new( 414 :name => value.to_s, 415 :period => value 416 ) 417 } 418 419 result 420 end
needs_ensure_retrieved()
click to toggle source
# File lib/puppet/type/service.rb 300 def self.needs_ensure_retrieved 301 false 302 end
newcheck(name, options = {}, &block)
click to toggle source
Create a new check mechanism. It's basically a parameter that provides one extra 'check' method.
# File lib/puppet/type/exec.rb 74 def self.newcheck(name, options = {}, &block) 75 @checks ||= {} 76 77 check = newparam(name, options, &block) 78 @checks[name] = check 79 end
normalize(source)
click to toggle source
# File lib/puppet/type/file/source.rb 125 def self.normalize(source) 126 source.sub(/[#{SEPARATOR_REGEX}]+$/, '') 127 end
override(bindings, description = "", &block)
click to toggle source
@param bindings [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @yield [] A block executed in the context of the temporarily pushed bindings. @api private
# File lib/puppet.rb 285 def self.override(bindings, description = "", &block) 286 @context.override(bindings, description, &block) 287 end
parameters_to_include()
click to toggle source
# File lib/puppet/type/package.rb 285 def self.parameters_to_include 286 [:provider] 287 end
pop_context()
click to toggle source
Return to the previous context. @raise [StackUnderflow] if the current context is the root @api private
# File lib/puppet.rb 271 def self.pop_context 272 @context.pop 273 end
push_context(overrides, description = "")
click to toggle source
@param overrides [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @api private
# File lib/puppet.rb 256 def self.push_context(overrides, description = "") 257 @context.push(overrides, description) 258 end
push_context_global(overrides, description = '')
click to toggle source
Push something onto the the context and make it global across threads. This has the potential to convert threadlocal overrides earlier on the stack into global overrides. @api private
# File lib/puppet.rb 264 def self.push_context_global(overrides, description = '') 265 @context.unsafe_push_global(overrides, description) 266 end
replace_settings_object(new_settings)
click to toggle source
The puppetserver project has its own settings class that is thread-aware; this method is here to allow the puppetserver to define its own custom settings class for multithreaded puppet. It is not intended for use outside of the puppetserver implmentation.
# File lib/puppet.rb 66 def self.replace_settings_object(new_settings) 67 @@settings = new_settings 68 end
restore(name)
click to toggle source
@param name The name of a previously ignored context key to restore; intended for test usage. @api private
# File lib/puppet.rb 297 def self.restore(name) 298 @context.restore(name) 299 end
rollback_context(name)
click to toggle source
@api private
# File lib/puppet.rb 307 def self.rollback_context(name) 308 @context.rollback(name) 309 end
run_mode()
click to toggle source
# File lib/puppet.rb 109 def self.run_mode 110 # This sucks (the existence of this method); there are a lot of places in our code that branch based the value of 111 # "run mode", but there used to be some really confusing code paths that made it almost impossible to determine 112 # when during the lifecycle of a puppet application run the value would be set properly. A lot of the lifecycle 113 # stuff has been cleaned up now, but it still seems frightening that we rely so heavily on this value. 114 # 115 # I'd like to see about getting rid of the concept of "run_mode" entirely, but there are just too many places in 116 # the code that call this method at the moment... so I've settled for isolating it inside of the Settings class 117 # (rather than using a global variable, as we did previously...). Would be good to revisit this at some point. 118 # 119 # --cprice 2012-03-16 120 Puppet::Util::RunMode[@@settings.preferred_run_mode] 121 end
runtime()
click to toggle source
# File lib/puppet.rb 311 def self.runtime 312 @runtime 313 end
settings()
click to toggle source
Note: It's important that these accessors (`self.settings`, `self.[]`) are defined before we try to load any “features” (which happens a few lines below), because the implementation of the features loading may examine the values of settings.
# File lib/puppet.rb 58 def self.settings 59 @@settings 60 end
title_patterns()
click to toggle source
We have more than one namevar, so we need title_patterns. However, we cheat and set the patterns to map to name only and completely ignore provider (and command, for targetable providers). So far, the logic that determines uniqueness appears to just “Do The Right Thing™” when provider (and command) are explicitly set.
The following resources will be seen as unique by puppet:
# Uniqueness Key: ['mysql', nil]
package {'mysql': }
# Uniqueness Key: ['mysql', 'gem', nil]
package {'gem-mysql':
name => 'mysql,
provider => gem,
}
# Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem']
package {'gem-mysql-opt':
name => 'mysql,
provider => gem
command => '/opt/ruby/bin/gem',
}
This does not handle the case where providers like 'yum' and 'rpm' should clash. Also, declarations that implicitly use the default provider will clash with those that explicitly use the default.
# File lib/puppet/type/package.rb 343 def self.title_patterns 344 # This is the default title pattern for all types, except hard-wired to 345 # set only name. 346 [ [ /(.*)/m, [ [:name] ] ] ] 347 end
valid_digest_algorithms()
click to toggle source
# File lib/puppet/defaults.rb 18 def self.valid_digest_algorithms 19 Puppet::Util::Platform.fips_enabled? ? 20 %w[sha256 sha384 sha512 sha224] : 21 %w[sha256 sha384 sha512 sha224 md5] 22 end
valid_file_checksum_types()
click to toggle source
# File lib/puppet/defaults.rb 30 def self.valid_file_checksum_types 31 Puppet::Util::Platform.fips_enabled? ? 32 %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite mtime ctime] : 33 %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime] 34 end
version()
click to toggle source
version is a public API method intended to always provide a fast and lightweight way to determine the version of Puppet.
The intent is that software external to Puppet be able to determine the Puppet version with no side-effects. The expected use is:
require 'puppet/version' version = Puppet.version
This function has the following ordering precedence. This precedence list is designed to facilitate automated packaging tasks by simply writing to the VERSION file in the same directory as this source file.
1. If a version has been explicitly assigned using the Puppet.version= method, return that version. 2. If there is a VERSION file, read the contents, trim any trailing whitespace, and return that version string. 3. Return the value of the Puppet::PUPPETVERSION constant hard-coded into the source code.
If there is no VERSION file, the method must return the version string of the nearest parent version that is an officially released version. That is to say, if a branch named 3.1.x contains 25 patches on top of the most recent official release of 3.1.1, then the version method must return the string “3.1.1” if no “VERSION” file is present.
By design the version identifier is not intended to vary during the life a process. There is no guarantee provided that writing to the VERSION file while a Puppet process is running will cause the version string to be updated. On the contrary, the contents of the VERSION are cached to reduce filesystem accesses.
The VERSION file is intended to be used by package maintainers who may be applying patches or otherwise changing the software version in a manner that warrants a different software version identifier. The VERSION file is intended to be managed and owned by the release process and packaging related tasks, and as such should not reside in version control. The PUPPETVERSION constant is intended to be version controlled in history.
Ideally, this behavior will allow package maintainers to precisely specify the version of the software they're packaging as in the following example:
$ git describe --match "3.0.*" > lib/puppet/VERSION $ ruby -r puppet -e 'puts Puppet.version' 3.0.1-260-g9ca4e54
@api public
@return [String] containing the puppet version, e.g. “3.0.1”
# File lib/puppet/version.rb 62 def self.version 63 version_file = File.join(File.dirname(__FILE__), 'VERSION') 64 return @puppet_version if @puppet_version 65 @puppet_version = read_version_file(version_file) || PUPPETVERSION 66 end
version=(version)
click to toggle source
# File lib/puppet/version.rb 73 def self.version=(version) 74 @puppet_version = version 75 end
Private Class Methods
do_initialize_settings_for_run_mode(run_mode, args, require_config, push_settings_globally, runtime_implementations)
click to toggle source
private helper method to provide the implementation details of initializing for a run mode,
but allowing us to control where the deprecation warning is issued
# File lib/puppet.rb 170 def self.do_initialize_settings_for_run_mode(run_mode, args, require_config, push_settings_globally, runtime_implementations) 171 Puppet.settings.initialize_global_settings(args, require_config) 172 run_mode = Puppet::Util::RunMode[run_mode] 173 Puppet.settings.initialize_app_defaults(Puppet::Settings.app_defaults_for_run_mode(run_mode)) 174 if push_settings_globally 175 initialize_load_path 176 push_context_global(Puppet.base_context(Puppet.settings), "Initial context after settings initialization") 177 Puppet::Parser::Functions.reset 178 end 179 runtime_implementations.each_pair do |name, impl| 180 Puppet.runtime[name] = impl 181 end 182 end
initialize_load_path()
click to toggle source
# File lib/puppet.rb 162 def self.initialize_load_path 163 $LOAD_PATH.unshift(Puppet[:libdir]) 164 $LOAD_PATH.concat(vendored_modules) 165 end
read_version_file(path)
click to toggle source
read_version_file reads the content of the “VERSION” file that lives in the same directory as this source code file.
@api private
@return [String] for example: “1.6.14-6-gea42046” or nil if the VERSION
file does not exist.
# File lib/puppet/version.rb 85 def self.read_version_file(path) 86 if File.exist?(path) 87 File.read(path).chomp 88 end 89 end
vendored_modules()
click to toggle source
# File lib/puppet.rb 149 def self.vendored_modules 150 dir = Puppet[:vendormoduledir] 151 if dir && File.directory?(dir) 152 Dir.entries(dir) 153 .reject { |f| f =~ /^\./ } 154 .map { |f| File.join(dir, f, "lib") } 155 .select { |d| FileTest.directory?(d) } 156 else 157 [] 158 end 159 end
Public Instance Methods
actual_should(currentvalue, newvalue)
click to toggle source
Calculates the actual should value given the current and new values. This is only used in should_to_s and change_to_s to fix the change notification issue reported in PUP-6542.
# File lib/puppet/type/group.rb 123 def actual_should(currentvalue, newvalue) 124 currentvalue = munge_members_value(currentvalue) 125 newvalue = munge_members_value(newvalue) 126 127 if @resource[:auth_membership] 128 newvalue.uniq.sort 129 else 130 (currentvalue + newvalue).uniq.sort 131 end 132 end
bucket()
click to toggle source
# File lib/puppet/type/filebucket.rb 90 def bucket 91 mkbucket unless defined?(@bucket) 92 @bucket 93 end
change_to_s(currentvalue, newvalue)
click to toggle source
Make output a bit prettier
# File lib/puppet/type/exec.rb 121 def change_to_s(currentvalue, newvalue) 122 _("executed successfully") 123 end
check(value)
click to toggle source
We always fail this test, because we're only supposed to run on refresh.
# File lib/puppet/type/exec.rb 410 def check(value) 411 # We have to invert the values. 412 if value == :true 413 false 414 else 415 true 416 end 417 end
check_all_attributes(refreshing = false)
click to toggle source
Verify that we pass all of the checks. The argument determines whether we skip the :refreshonly check, which is necessary because we now check within refresh
# File lib/puppet/type/exec.rb 642 def check_all_attributes(refreshing = false) 643 self.class.checks.each { |check| 644 next if refreshing and check == :refreshonly 645 if @parameters.include?(check) 646 val = @parameters[check].value 647 val = [val] unless val.is_a? Array 648 val.each do |value| 649 if !@parameters[check].check(value) 650 # Give a debug message so users can figure out what command would have been 651 # but don't print sensitive commands or parameters in the clear 652 cmdstring = @parameters[:command].sensitive ? "[command redacted]" : @parameters[:command].value 653 654 debug(_("'%{cmd}' won't be executed because of failed check '%{check}'") % { cmd: cmdstring, check: check }) 655 656 return false 657 end 658 end 659 end 660 } 661 662 true 663 end
checksum()
click to toggle source
# File lib/puppet/type/file/source.rb 138 def checksum 139 metadata && metadata.checksum 140 end
chunk_file_from_disk(local_path) { |chunk| ... }
click to toggle source
# File lib/puppet/type/file/source.rb 284 def chunk_file_from_disk(local_path) 285 File.open(local_path, "rb") do |src| 286 while chunk = src.read(8192) #rubocop:disable Lint/AssignmentInCondition 287 yield chunk 288 end 289 end 290 end
chunk_file_from_source(&block)
click to toggle source
# File lib/puppet/type/file/source.rb 324 def chunk_file_from_source(&block) 325 if uri.scheme =~ /^https?/ 326 # Historically puppet has not encoded the http(s) source URL before parsing 327 # it, for example, if the path contains spaces, then it must be URL encoded 328 # as %20 in the manifest. Puppet behaves the same when retrieving file 329 # metadata via http(s), see Puppet::Indirector::FileMetadata::Http#find. 330 url = URI.parse(metadata.source) 331 get_from_http_source(url, &block) 332 elsif metadata.content_uri 333 content_url = URI.parse(Puppet::Util.uri_encode(metadata.content_uri)) 334 get_from_content_uri_source(content_url, &block) 335 else 336 get_from_source_uri_source(uri, &block) 337 end 338 rescue Puppet::HTTP::ResponseError => e 339 handle_response_error(e.response) 340 end
clear()
click to toggle source
This only exists for testing.
# File lib/puppet/type/package.rb 613 def clear 614 obj = @parameters[:ensure] 615 if obj 616 obj.latest = nil 617 end 618 end
content()
click to toggle source
# File lib/puppet/type/file/content.rb 93 def content 94 self.should 95 end
content_is_really_a_checksum?()
click to toggle source
# File lib/puppet/type/file/content.rb 163 def content_is_really_a_checksum? 164 checksum?(should) 165 end
copy_source_value(metadata_method)
click to toggle source
# File lib/puppet/type/file/source.rb 255 def copy_source_value(metadata_method) 256 param_name = (metadata_method == :checksum) ? :content : metadata_method 257 if resource[param_name].nil? or resource[param_name] == :absent 258 if Puppet::Util::Platform.windows? && [:owner, :group, :mode].include?(metadata_method) 259 devfail "Should not have tried to use source owner/mode/group on Windows" 260 end 261 262 value = metadata.send(metadata_method) 263 # Force the mode value in file resources to be a string containing octal. 264 value = value.to_s(8) if param_name == :mode && value.is_a?(Numeric) 265 resource[param_name] = value 266 267 if (metadata_method == :checksum) 268 # If copying checksum, also copy checksum_type 269 resource[:checksum] = metadata.checksum_type 270 end 271 end 272 end
copy_source_values()
click to toggle source
Copy the values from the source to the resource. Yay.
# File lib/puppet/type/file/source.rb 143 def copy_source_values 144 devfail "Somehow got asked to copy source values without any metadata" unless metadata 145 146 # conditionally copy :checksum 147 if metadata.ftype != "directory" && !(metadata.ftype == "link" && metadata.links == :manage) 148 copy_source_value(:checksum) 149 end 150 151 # Take each of the stats and set them as states on the local file 152 # if a value has not already been provided. 153 [:owner, :mode, :group].each do |metadata_method| 154 next if metadata_method == :owner and !Puppet.features.root? 155 next if metadata_method == :group and !Puppet.features.root? 156 157 case resource[:source_permissions] 158 when :ignore, nil 159 next 160 when :use_when_creating 161 next if Puppet::FileSystem.exist?(resource[:path]) 162 end 163 164 copy_source_value(metadata_method) 165 end 166 167 if resource[:ensure] == :absent 168 # We know all we need to 169 elsif metadata.ftype != "link" 170 resource[:ensure] = metadata.ftype 171 elsif resource[:links] == :follow 172 resource[:ensure] = :present 173 else 174 resource[:ensure] = "link" 175 resource[:target] = metadata.destination 176 end 177 end
current_username()
click to toggle source
# File lib/puppet/type/exec.rb 685 def current_username 686 Etc.getpwuid(Process.uid).name 687 end
delimiter()
click to toggle source
# File lib/puppet/type/group.rb 192 def delimiter 193 " " 194 end
desired_mode_from_current(desired, current)
click to toggle source
# File lib/puppet/type/file/mode.rb 103 def desired_mode_from_current(desired, current) 104 current = current.to_i(8) if current.is_a? String 105 is_a_directory = @resource.stat && @resource.stat.directory? 106 symbolic_mode_to_int(desired, current, is_a_directory) 107 end
dirmask(value)
click to toggle source
If we're a directory, we need to be executable for all cases that are readable. This should probably be selectable, but eh.
# File lib/puppet/type/file/mode.rb 111 def dirmask(value) 112 if FileTest.directory?(resource[:path]) and value =~ /^\d+$/ then 113 value = value.to_i(8) 114 value |= 0100 if value & 0400 != 0 115 value |= 010 if value & 040 != 0 116 value |= 01 if value & 04 != 0 117 value = value.to_s(8) 118 end 119 120 value 121 end
each_chunk_from() { |actual_content| ... }
click to toggle source
the content is munged so if it's a checksum source_or_content is nil unless the checksum indirectly comes from source
# File lib/puppet/type/file/content.rb 153 def each_chunk_from 154 if actual_content.is_a?(String) 155 yield actual_content 156 elsif content_is_really_a_checksum? && actual_content.nil? 157 yield read_file_from_filebucket 158 elsif actual_content.nil? 159 yield '' 160 end 161 end
event_name()
click to toggle source
# File lib/puppet/type/exec.rb 91 def event_name 92 :executed_command 93 end
exists?()
click to toggle source
This method has been exposed for puppet to manage users and groups of files in its settings and should not be considered available outside of puppet.
(see Puppet::Settings#service_group_available?)
@return [Boolean] if the group exists on the system @api private
# File lib/puppet/type/group.rb 234 def exists? 235 provider.exists? 236 end
find_unmanaged_keys()
click to toggle source
Generate ssh_authorized_keys resources for purging. The key files are taken from the purge_ssh_keys parameter. The generated resources inherit all metaparameters from the parent user resource.
@return [Array<Puppet::Type::Ssh_authorized_key] a list of resources
representing the found keys
@see generate @api private
# File lib/puppet/type/user.rb 808 def find_unmanaged_keys 809 self[:purge_ssh_keys]. 810 select { |f| File.readable?(f) }. 811 map { |f| unknown_keys_in_file(f) }. 812 flatten.each do |res| 813 res[:ensure] = :absent 814 res[:user] = self[:name] 815 res.copy_metaparams(@parameters) 816 end 817 end
found?()
click to toggle source
# File lib/puppet/type/file/source.rb 251 def found? 252 ! (metadata.nil? or metadata.ftype.nil?) 253 end
full_path()
click to toggle source
# File lib/puppet/type/file/source.rb 216 def full_path 217 Puppet::Util.uri_to_path(uri) if found? 218 end
generate()
click to toggle source
# File lib/puppet/type/user.rb 699 def generate 700 if !self[:purge_ssh_keys].empty? 701 if Puppet::Type.type(:ssh_authorized_key).nil? 702 warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.") 703 else 704 return find_unmanaged_keys 705 end 706 end 707 708 [] 709 end
get_from_content_uri_source(url, &block)
click to toggle source
# File lib/puppet/type/file/source.rb 292 def get_from_content_uri_source(url, &block) 293 session = Puppet.lookup(:http_session) 294 api = session.route_to(:fileserver, url: url) 295 296 api.get_static_file_content( 297 path: Puppet::Util.uri_unescape(url.path), 298 environment: resource.catalog.environment_instance.to_s, 299 code_id: resource.catalog.code_id, 300 &block 301 ) 302 end
get_from_http_source(url, &block)
click to toggle source
# File lib/puppet/type/file/source.rb 315 def get_from_http_source(url, &block) 316 client = Puppet.runtime[:http] 317 client.get(url, options: {include_system_store: true}) do |response| 318 raise Puppet::HTTP::ResponseError.new(response) unless response.success? 319 320 response.read_body(&block) 321 end 322 end
get_from_source_uri_source(url, &block)
click to toggle source
# File lib/puppet/type/file/source.rb 304 def get_from_source_uri_source(url, &block) 305 session = Puppet.lookup(:http_session) 306 api = session.route_to(:fileserver, url: url) 307 308 api.get_file_content( 309 path: Puppet::Util.uri_unescape(url.path), 310 environment: resource.catalog.environment_instance.to_s, 311 &block 312 ) 313 end
handle_response_error(response)
click to toggle source
# File lib/puppet/type/file/source.rb 342 def handle_response_error(response) 343 message = "Error #{response.code} on SERVER: #{response.body.empty? ? response.reason : response.body}" 344 raise Net::HTTPError.new(message, Puppet::HTTP::ResponseConverter.to_ruby_response(response)) 345 end
homedir()
click to toggle source
# File lib/puppet/type/user.rb 769 def homedir 770 resource[:home] || Dir.home(resource[:name]) 771 rescue ArgumentError 772 Puppet.debug("User '#{resource[:name]}' does not exist") 773 nil 774 end
insync?(is)
click to toggle source
Calls superclass method
# File lib/puppet/type/file/checksum_value.rb 15 def insync?(is) 16 # If checksum_value and source are specified, manage the file contents. 17 # Otherwise the content property will manage syncing. 18 if resource.parameter(:source).nil? 19 return true 20 end 21 22 checksum_insync?(resource.parameter(:source), is, true) {|_is| super(_is)} 23 end
is_to_s(currentvalue)
click to toggle source
We want to print names, not numbers
Calls superclass method
# File lib/puppet/type/file/group.rb 41 def is_to_s(currentvalue) 42 super(provider.gid2name(currentvalue) || currentvalue) 43 end
length()
click to toggle source
# File lib/puppet/type/file/content.rb 89 def length 90 (actual_content and actual_content.length) || 0 91 end
local?()
click to toggle source
# File lib/puppet/type/file/source.rb 212 def local? 213 found? and scheme == "file" 214 end
match?(previous, now)
click to toggle source
# File lib/puppet/type/schedule.rb 151 def match?(previous, now) 152 # The lowest-level array is of the hour, minute, second triad 153 # then it's an array of two of those, to present the limits 154 # then it's an array of those ranges 155 @value = [@value] unless @value[0][0].is_a?(Array) 156 @value.any? do |range| 157 limit_start = Time.local(now.year, now.month, now.day, *range[0]) 158 limit_end = Time.local(now.year, now.month, now.day, *range[1]) 159 160 if limit_start < limit_end 161 # The whole range is in one day, simple case 162 now.between?(limit_start, limit_end) && weekday_match?(now.wday) 163 else 164 # The range spans days. We have to test against a range starting 165 # today, and a range that started yesterday. 166 today = Date.new(now.year, now.month, now.day) 167 tomorrow = today.next_day 168 yesterday = today.prev_day 169 170 # First check a range starting today 171 if now.between?(limit_start, Time.local(tomorrow.year, tomorrow.month, tomorrow.day, *range[1])) 172 weekday_match?(today.wday) 173 else 174 # Then check a range starting yesterday 175 now.between?(Time.local(yesterday.year, yesterday.month, yesterday.day, *range[0]), 176 limit_end) && 177 weekday_match?(yesterday.wday) 178 end 179 end 180 end 181 end
membership()
click to toggle source
# File lib/puppet/type/group.rb 188 def membership 189 :attribute_membership 190 end
metadata()
click to toggle source
Provide, and retrieve if necessary, the metadata for this file. Fail if we can't find data about this host, and fail if there are any problems in our query.
# File lib/puppet/type/file/source.rb 184 def metadata 185 @metadata ||= resource.catalog.metadata[resource.title] 186 return @metadata if @metadata 187 188 return nil unless value 189 value.each do |source| 190 begin 191 options = { 192 :environment => resource.catalog.environment_instance, 193 :links => resource[:links], 194 :checksum_type => resource[:checksum], 195 :source_permissions => resource[:source_permissions] 196 } 197 198 data = Puppet::FileServing::Metadata.indirection.find(source, options) 199 if data 200 @metadata = data 201 @metadata.source = source 202 break 203 end 204 rescue => detail 205 self.fail Puppet::Error, "Could not retrieve file metadata for #{source}: #{detail}", detail 206 end 207 end 208 self.fail "Could not retrieve information from environment #{resource.catalog.environment} source(s) #{value.join(", ")}" unless @metadata 209 @metadata 210 end
mkbucket()
click to toggle source
# File lib/puppet/type/filebucket.rb 97 def mkbucket 98 # Default is a local filebucket, if no server is given. 99 # If the default path has been removed, too, then 100 # the puppetmaster is used as default server 101 102 type = "local" 103 args = {} 104 if self[:path] 105 args[:Path] = self[:path] 106 else 107 args[:Server] = self[:server] 108 args[:Port] = self[:port] 109 end 110 111 begin 112 @bucket = Puppet::FileBucket::Dipper.new(args) 113 rescue => detail 114 message = _("Could not create %{type} filebucket: %{detail}") % { type: type, detail: detail } 115 self.log_exception(detail, message) 116 self.fail(message) 117 end 118 119 @bucket.name = self.name 120 end
mklink()
click to toggle source
Create our link.
# File lib/puppet/type/file/target.rb 35 def mklink 36 raise Puppet::Error, "Cannot symlink on this platform version" if !provider.feature?(:manages_symlinks) 37 38 target = self.should 39 40 # Clean up any existing objects. The argument is just for logging, 41 # it doesn't determine what's removed. 42 @resource.remove_existing(target) 43 44 raise Puppet::Error, "Could not remove existing file" if Puppet::FileSystem.exist?(@resource[:path]) 45 46 Dir.chdir(File.dirname(@resource[:path])) do 47 Puppet::Util::SUIDManager.asuser(@resource.asuser) do 48 mode = @resource.should(:mode) 49 if mode 50 Puppet::Util.withumask(000) do 51 Puppet::FileSystem.symlink(target, @resource[:path]) 52 end 53 else 54 Puppet::FileSystem.symlink(target, @resource[:path]) 55 end 56 end 57 58 @resource.send(:property_fix) 59 60 :link_created 61 end 62 end
munge_members_value(value)
click to toggle source
Useful helper to handle the possible property value types that we can both pass-in and return. It munges the value into an array
# File lib/puppet/type/group.rb 136 def munge_members_value(value) 137 return [] if value == :absent 138 return value.split(',') if value.is_a?(String) 139 140 value 141 end
output()
click to toggle source
# File lib/puppet/type/exec.rb 665 def output 666 if self.property(:returns).nil? 667 return nil 668 else 669 return self.property(:returns).output 670 end 671 end
port()
click to toggle source
# File lib/puppet/type/file/source.rb 228 def port 229 (uri and uri.port) or Puppet.settings[:serverport] 230 end
present?(current_values)
click to toggle source
Calls superclass method
# File lib/puppet/type/package.rb 626 def present?(current_values) 627 super && current_values[:ensure] != :purged 628 end
property_matches?(current, desired)
click to toggle source
Calls superclass method
# File lib/puppet/type/file/checksum_value.rb 25 def property_matches?(current, desired) 26 return true if super(current, desired) 27 return date_matches?(resource.parameter(:checksum).value, current, desired) 28 end
read_file_from_filebucket()
click to toggle source
# File lib/puppet/type/file/content.rb 167 def read_file_from_filebucket 168 dipper = resource.bucket 169 raise "Could not get filebucket from file" unless dipper 170 sum = should.sub(/\{\w+\}/, '') 171 172 dipper.getfile(sum) 173 rescue => detail 174 self.fail Puppet::Error, "Could not retrieve content for #{should} from filebucket: #{detail}", detail 175 end
refresh()
click to toggle source
Run the command, or optionally run a separately-specified command.
# File lib/puppet/type/exec.rb 674 def refresh 675 if self.check_all_attributes(true) 676 cmd = self[:refresh] 677 if cmd 678 provider.run(cmd) 679 else 680 self.property(:returns).sync 681 end 682 end 683 end
retrieve()
click to toggle source
First verify that all of our checks pass.
# File lib/puppet/type/exec.rb 126 def retrieve 127 # We need to return :notrun to trigger evaluation; when that isn't 128 # true, we *LIE* about what happened and return a "success" for the 129 # value, which causes us to be treated as in_sync?, which means we 130 # don't actually execute anything. I think. --daniel 2011-03-10 131 if @resource.check_all_attributes 132 return :notrun 133 else 134 return self.should 135 end 136 end
scheme()
click to toggle source
# File lib/puppet/type/file/source.rb 247 def scheme 248 (uri and uri.scheme) 249 end
server()
click to toggle source
# File lib/puppet/type/file/source.rb 224 def server 225 server? ? uri.host : Puppet.settings[:server] 226 end
server?()
click to toggle source
# File lib/puppet/type/file/source.rb 220 def server? 221 uri && uri.host && !uri.host.empty? 222 end
set_sensitive_parameters(sensitive_parameters)
click to toggle source
Calls superclass method
# File lib/puppet/type/exec.rb 690 def set_sensitive_parameters(sensitive_parameters) 691 # If any are sensitive, mark all as sensitive 692 sensitive = false 693 parameters_to_check = [:command, :unless, :onlyif] 694 695 parameters_to_check.each do |p| 696 if sensitive_parameters.include?(p) 697 sensitive_parameters.delete(p) 698 sensitive = true 699 end 700 end 701 702 if sensitive 703 parameters_to_check.each do |p| 704 if parameters.include?(p) 705 parameter(p).sensitive = true 706 end 707 end 708 end 709 710 super(sensitive_parameters) 711 end
should()
click to toggle source
# File lib/puppet/type/package.rb 691 def should 692 @should[0] if @should && @should.is_a?(Array) && @should.size == 1 693 end
should=(value)
click to toggle source
Make sure we're also managing the checksum property.
Calls superclass method
# File lib/puppet/type/file/content.rb 128 def should=(value) 129 # treat the value as a bytestring 130 value = value.b if value.is_a?(String) 131 @resource.newattr(:checksum) unless @resource.parameter(:checksum) 132 super 133 end
should_to_s(newvalue)
click to toggle source
Calls superclass method
# File lib/puppet/type/file/group.rb 45 def should_to_s(newvalue) 46 super(provider.gid2name(newvalue) || newvalue) 47 end
sync()
click to toggle source
Actually execute the command.
# File lib/puppet/type/exec.rb 139 def sync 140 event = :executed_command 141 tries = self.resource[:tries] 142 try_sleep = self.resource[:try_sleep] 143 144 begin 145 tries.times do |try| 146 # Only add debug messages for tries > 1 to reduce log spam. 147 debug("Exec try #{try+1}/#{tries}") if tries > 1 148 @output, @status = provider.run(self.resource[:command]) 149 break if self.should.include?(@status.exitstatus.to_s) 150 if try_sleep > 0 and tries > 1 151 debug("Sleeping for #{try_sleep} seconds between tries") 152 sleep try_sleep 153 end 154 end 155 rescue Timeout::Error 156 self.fail Puppet::Error, _("Command exceeded timeout"), $! 157 end 158 159 log = @resource[:logoutput] 160 if log 161 case log 162 when :true 163 log = @resource[:loglevel] 164 when :on_failure 165 unless self.should.include?(@status.exitstatus.to_s) 166 log = @resource[:loglevel] 167 else 168 log = :false 169 end 170 end 171 unless log == :false 172 if @resource.parameter(:command).sensitive 173 self.send(log, "[output redacted]") 174 else 175 @output.split(/\n/).each { |line| 176 self.send(log, line) 177 } 178 end 179 end 180 end 181 182 unless self.should.include?(@status.exitstatus.to_s) 183 if @resource.parameter(:command).sensitive 184 # Don't print sensitive commands in the clear 185 self.fail(_("[command redacted] returned %{status} instead of one of [%{expected}]") % { status: @status.exitstatus, expected: self.should.join(",") }) 186 else 187 self.fail(_("'%{cmd}' returned %{status} instead of one of [%{expected}]") % { cmd: self.resource[:command], status: @status.exitstatus, expected: self.should.join(",") }) 188 end 189 end 190 191 event 192 end
unknown_keys_in_file(keyfile)
click to toggle source
Parse an ssh authorized keys file superficially, extract the comments on the keys. These are considered names of possible ssh_authorized_keys resources. Keys that are managed by the present catalog are ignored.
@see generate @api private @return [Array<Puppet::Type::Ssh_authorized_key] a list of resources
representing the found keys
# File lib/puppet/type/user.rb 827 def unknown_keys_in_file(keyfile) 828 # The ssh_authorized_key type is distributed as a module on the Forge, 829 # so we shouldn't rely on it being available. 830 return [] unless Puppet::Type.type(:ssh_authorized_key) 831 832 names = [] 833 name_index = 0 834 # RFC 4716 specifies UTF-8 allowed in public key files per https://www.ietf.org/rfc/rfc4716.txt 835 # the authorized_keys file may contain UTF-8 comments 836 Puppet::FileSystem.open(keyfile, nil, 'r:UTF-8').each do |line| 837 next unless line =~ Puppet::Type.type(:ssh_authorized_key).keyline_regex 838 # the name is stored in the 4th capture of the regex 839 name = $4 840 if name.empty? 841 $3.delete("\n") 842 # If no comment is specified for this key, generate a unique internal 843 # name. This uses the same rules as 844 # provider/ssh_authorized_key/parsed (PUP-3357) 845 name = "#{keyfile}:unnamed-#{name_index += 1}" 846 end 847 names << name 848 Puppet.debug "#{self.ref} parsed for purging Ssh_authorized_key[#{name}]" 849 end 850 851 names.map { |keyname| 852 Puppet::Type.type(:ssh_authorized_key).new( 853 :name => keyname, 854 :target => keyfile) 855 }.reject { |res| 856 catalog.resource_refs.include? res.ref 857 } 858 end
uri()
click to toggle source
# File lib/puppet/type/file/source.rb 232 def uri 233 @uri ||= URI.parse(Puppet::Util.uri_encode(metadata.source)) 234 end
value=(*values)
click to toggle source
Support both arrays and colon-separated fields.
# File lib/puppet/type/exec.rb 228 def value=(*values) 229 @value = values.flatten.collect { |val| 230 val.split(File::PATH_SEPARATOR) 231 }.flatten 232 end
weekday_integer?(value)
click to toggle source
# File lib/puppet/type/schedule.rb 341 def weekday_integer?(value) 342 value.is_a?(Integer) && (0..6).cover?(value) 343 end
weekday_match?(day)
click to toggle source
# File lib/puppet/type/schedule.rb 143 def weekday_match?(day) 144 if @resource[:weekday] 145 @resource[:weekday].has_key?(day) 146 else 147 true 148 end 149 end
weekday_string?(value)
click to toggle source
# File lib/puppet/type/schedule.rb 345 def weekday_string?(value) 346 value.is_a?(String) && (value =~ /^[0-6]$/ || value =~ /^(Mon|Tues?|Wed(?:nes)?|Thu(?:rs)?|Fri|Sat(?:ur)?|Sun)(day)?$/i) 347 end
write(file)
click to toggle source
# File lib/puppet/type/file/content.rb 140 def write(file) 141 resource.parameter(:checksum).sum_stream { |sum| 142 each_chunk_from { |chunk| 143 sum << chunk 144 file.print chunk 145 } 146 } 147 end