module Puppet
Defines the `Puppet` module. There are different entry points into Puppet
depending on your use case.
To use puppet as a library, see {Puppet::Pal}.
To create a new application, see {Puppet::Application}.
To create a new function, see {Puppet::Functions}.
To access puppet's REST APIs, see puppet.com/docs/puppet/latest/http_api/http_api_index.html.
@api public
The JsonCatalogEncoder is a wrapper around a catalog produced by the Pal::CatalogCompiler.with_json_encoding
method. It allows encoding the entire catalog or an individual resource as Rich Data Json.
@api public
Generated by Puppet::Pops::Types::RubyGenerator
from TypeSet Puppet::AST on -4712-01-01
see the bottom of the file for the rest of the inclusions
Manage file modes. This state should support different formats for specification (e.g., u+rwx, or -0011), but for now only supports specifying the full mode.
Manage SELinux context of files.
This code actually manages three pieces of data in the context.
[root@delenn files]# ls -dZ / drwxr-xr-x root root system_u:object_r:root_t /
The context of '/' here is 'system_u:object_r:root_t'. This is three separate fields:
system_u is the user context object_r is the role context root_t is the type context
All three of these fields are returned in a single string by the output of the stat command, but set individually with the chcon command. This allows the user to specify a subset of the three values while leaving the others alone.
See www.nsa.gov/selinux/ for complete docs on SELinux.
Simple module for logging messages on the client-side
This is our main way of managing processes right now.
a service is distinct from a process in that services can only be managed through the interface of an init script which is why they have a search path for initscripts and such
A common module for converting between constants and file names.
Puppet::Util::Windows::EventLog
needs to be requirable without having loaded any other parts of Puppet
so it can be leveraged independently by the code that runs Puppet
as a service on Windows.
For this reason we:
-
Define
Puppet::Util::Windows
-
Replicate logic that exists elsewhere in puppet/util/windows
-
Raise generic RuntimeError instead of
Puppet::Util::Windows::Error
if its not defined
The version method and constant are isolated in puppet/version.rb so that a simple `require 'puppet/version'` allows a rubygems gemspec or bundler Gemfile to get the Puppet
version of the gem install.
The version can be set programmatically because we want to allow the Raketasks and such to set the version based on the output of `git describe`
Constants
- AS_DURATION
NOTE: For information about the available values for the “:type” property of settings,
see the docs for Settings.define_settings
- Face
- Log
Pass feedback to the user.
Log
levels are modeled after syslog's, and it is expected that that will be the most common log destination. Supports multiple destinations, one of which is a remote server.- OLDEST_RECOMMENDED_RUBY_VERSION
- PUPPETVERSION
- ResourceType
- SEPARATOR_REGEX
- ScheduleMethods
- ScheduleScales
Attributes
Public Class Methods
Get the value for a setting
@param [Symbol] param the setting to retrieve
@api public
# File lib/puppet.rb 80 def self.[](param) 81 if param == :debug 82 return Puppet::Util::Log.level == :debug 83 else 84 return @@settings[param] 85 end 86 end
setting access and stuff
# File lib/puppet.rb 101 def self.[]=(param,value) 102 @@settings[param] = value 103 end
The bindings used for initialization of puppet
@param settings [Puppet::Settings,Hash<Symbol,String>] either a Puppet::Settings
instance
or a Hash of settings key/value pairs.
@api private
# File lib/puppet.rb 219 def self.base_context(settings) 220 environmentpath = settings[:environmentpath] 221 basemodulepath = Puppet::Node::Environment.split_path(settings[:basemodulepath]) 222 223 if environmentpath.nil? || environmentpath.empty? 224 raise(Puppet::Error, _("The environmentpath setting cannot be empty or nil.")) 225 else 226 loaders = Puppet::Environments::Directories.from_path(environmentpath, basemodulepath) 227 # in case the configured environment (used for the default sometimes) 228 # doesn't exist 229 default_environment = Puppet[:environment].to_sym 230 if default_environment == :production 231 modulepath = settings[:modulepath] 232 modulepath = (modulepath.nil? || '' == modulepath) ? basemodulepath : Puppet::Node::Environment.split_path(modulepath) 233 loaders << Puppet::Environments::StaticPrivate.new( 234 Puppet::Node::Environment.create(default_environment, 235 modulepath, 236 Puppet::Node::Environment::NO_MANIFEST)) 237 end 238 end 239 240 { 241 :environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)), 242 :ssl_context => proc { 243 begin 244 cert = Puppet::X509::CertProvider.new 245 password = cert.load_private_key_password 246 ssl = Puppet::SSL::SSLProvider.new 247 ssl.load_context(certname: Puppet[:certname], password: password) 248 rescue => e 249 # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize 250 Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message }) 251 # TRANSLATORS: `puppet agent -t` is a command and should not be translated 252 Puppet.err(_("Run `puppet agent -t`")) 253 raise e 254 end 255 }, 256 :http_session => proc { Puppet.runtime[:http].create_session }, 257 :plugins => proc { Puppet::Plugins::Configuration.load_plugins }, 258 :rich_data => false 259 } 260 end
A simple set of bindings that is just enough to limp along to initialization where the {base_context} bindings are put in place @api private
# File lib/puppet.rb 265 def self.bootstrap_context 266 root_environment = Puppet::Node::Environment.create(:'*root*', [], Puppet::Node::Environment::NO_MANIFEST) 267 { 268 :current_environment => root_environment, 269 :root_environment => root_environment 270 } 271 end
# File lib/puppet/type/exec.rb 80 def self.checks 81 @checks.keys 82 end
# File lib/puppet.rb 105 def self.clear 106 @@settings.clear 107 end
# File lib/puppet.rb 109 def self.debug=(value) 110 if value 111 Puppet::Util::Log.level=(:debug) 112 else 113 Puppet::Util::Log.level=(:notice) 114 end 115 end
# File lib/puppet/defaults.rb 51 def self.default_basemodulepath 52 if Puppet::Util::Platform.windows? 53 path = ['$codedir/modules'] 54 installdir = ENV["FACTER_env_windows_installdir"] 55 if installdir 56 path << "#{installdir}/puppet/modules" 57 end 58 path.join(File::PATH_SEPARATOR) 59 else 60 '$codedir/modules:/opt/puppetlabs/puppet/modules' 61 end 62 end
# File lib/puppet/defaults.rb 35 def self.default_cadir 36 return "" if Puppet::Util::Platform.windows? 37 old_ca_dir = "#{Puppet[:ssldir]}/ca" 38 new_ca_dir = "/etc/puppetlabs/puppetserver/ca" 39 40 if File.exist?(old_ca_dir) 41 if File.symlink?(old_ca_dir) 42 File.readlink(old_ca_dir) 43 else 44 old_ca_dir 45 end 46 else 47 new_ca_dir 48 end 49 end
# File lib/puppet/defaults.rb 5 def self.default_diffargs 6 if (Facter.value(:kernel) == "AIX" && Facter.value(:kernelmajversion) == "5300") 7 "" 8 else 9 "-u" 10 end 11 end
# File lib/puppet/defaults.rb 13 def self.default_digest_algorithm 14 'sha256' 15 end
# File lib/puppet/defaults.rb 23 def self.default_file_checksum_types 24 Puppet::Util::Platform.fips_enabled? ? 25 %w[sha256 sha384 sha512 sha224] : 26 %w[sha256 sha384 sha512 sha224 md5] 27 end
# File lib/puppet/defaults.rb 64 def self.default_vendormoduledir 65 if Puppet::Util::Platform.windows? 66 installdir = ENV["FACTER_env_windows_installdir"] 67 if installdir 68 "#{installdir}\\puppet\\vendor_modules" 69 else 70 nil 71 end 72 else 73 '/opt/puppetlabs/puppet/vendor_modules' 74 end 75 end
@param name The name of a context key to ignore; intended for test usage. @api private
# File lib/puppet.rb 311 def self.ignore(name) 312 @context.ignore(name) 313 end
@api public @param args [Puppet::Settings] the settings object to define default settings for @return void
# File lib/puppet/defaults.rb 87 def self.initialize_default_settings!(settings) 88 settings.define_settings(:main, 89 :confdir => { 90 :default => nil, 91 :type => :directory, 92 :desc => "The main Puppet configuration directory. The default for this setting 93 is calculated based on the user. If the process is running as root or 94 the user that Puppet is supposed to run as, it defaults to a system 95 directory, but if it's running as any other user, it defaults to being 96 in the user's home directory.", 97 }, 98 :codedir => { 99 :default => nil, 100 :type => :directory, 101 :desc => "The main Puppet code directory. The default for this setting 102 is calculated based on the user. If the process is running as root or 103 the user that Puppet is supposed to run as, it defaults to a system 104 directory, but if it's running as any other user, it defaults to being 105 in the user's home directory.", 106 }, 107 :vardir => { 108 :default => nil, 109 :type => :directory, 110 :owner => "service", 111 :group => "service", 112 :desc => "Where Puppet stores dynamic and growing data. The default for this 113 setting is calculated specially, like `confdir`_.", 114 }, 115 116 ### NOTE: this setting is usually being set to a symbol value. We don't officially have a 117 ### setting type for that yet, but we might want to consider creating one. 118 :name => { 119 :default => nil, 120 :desc => "The name of the application, if we are running as one. The 121 default is essentially $0 without the path or `.rb`.", 122 } 123 ) 124 125 settings.define_settings(:main, 126 :logdir => { 127 :default => nil, 128 :type => :directory, 129 :mode => "0750", 130 :owner => "service", 131 :group => "service", 132 :desc => "The directory in which to store log files", 133 }, 134 :log_level => { 135 :default => 'notice', 136 :type => :enum, 137 :values => ["debug","info","notice","warning","err","alert","emerg","crit"], 138 :desc => "Default logging level for messages from Puppet. Allowed values are: 139 140 * debug 141 * info 142 * notice 143 * warning 144 * err 145 * alert 146 * emerg 147 * crit 148 ", 149 :hook => proc {|value| Puppet::Util::Log.level = value }, 150 :call_hook => :on_initialize_and_write, 151 }, 152 :disable_warnings => { 153 :default => [], 154 :type => :array, 155 :desc => "A comma-separated list of warning types to suppress. If large numbers 156 of warnings are making Puppet's logs too large or difficult to use, you 157 can temporarily silence them with this setting. 158 159 If you are preparing to upgrade Puppet to a new major version, you 160 should re-enable all warnings for a while. 161 162 Valid values for this setting are: 163 164 * `deprecations` --- disables deprecation warnings. 165 * `undefined_variables` --- disables warnings about non existing variables. 166 * `undefined_resources` --- disables warnings about non existing resources.", 167 :hook => proc do |value| 168 values = munge(value) 169 valid = %w[deprecations undefined_variables undefined_resources] 170 invalid = values - (values & valid) 171 if not invalid.empty? 172 raise ArgumentError, _("Cannot disable unrecognized warning types '%{invalid}'.") % { invalid: invalid.join(',') } + 173 ' ' + _("Valid values are '%{values}'.") % { values: valid.join(', ') } 174 end 175 end 176 }, 177 :merge_dependency_warnings => { 178 :default => false, 179 :type => :boolean, 180 :desc => "Whether to merge class-level dependency failure warnings. 181 182 When a class has a failed dependency, every resource in the class 183 generates a notice level message about the dependency failure, 184 and a warning level message about skipping the resource. 185 186 If true, all messages caused by a class dependency failure are merged 187 into one message associated with the class. 188 ", 189 }, 190 :strict => { 191 :default => :warning, 192 :type => :symbolic_enum, 193 :values => [:off, :warning, :error], 194 :desc => "The strictness level of puppet. Allowed values are: 195 196 * off - do not perform extra validation, do not report 197 * warning - perform extra validation, report as warning (default) 198 * error - perform extra validation, fail with error 199 200 The strictness level is for both language semantics and runtime 201 evaluation validation. In addition to controlling the behavior with 202 this primary server switch some individual warnings may also be controlled 203 by the disable_warnings setting. 204 205 No new validations will be added to a micro (x.y.z) release, 206 but may be added in minor releases (x.y.0). In major releases 207 it expected that most (if not all) strictness validation become 208 standard behavior.", 209 :hook => proc do |value| 210 munge(value) 211 value.to_sym 212 end 213 }, 214 :disable_i18n => { 215 :default => true, 216 :type => :boolean, 217 :desc => "If true, turns off all translations of Puppet and module 218 log messages, which affects error, warning, and info log messages, 219 as well as any translations in the report and CLI.", 220 :hook => proc do |value| 221 if value 222 require_relative '../puppet/gettext/stubs' 223 Puppet::GettextConfig.disable_gettext 224 end 225 end 226 } 227 ) 228 229 settings.define_settings(:main, 230 :priority => { 231 :default => nil, 232 :type => :priority, 233 :desc => "The scheduling priority of the process. Valid values are 'high', 234 'normal', 'low', or 'idle', which are mapped to platform-specific 235 values. The priority can also be specified as an integer value and 236 will be passed as is, e.g. -5. Puppet must be running as a privileged 237 user in order to increase scheduling priority.", 238 }, 239 :trace => { 240 :default => false, 241 :type => :boolean, 242 :desc => "Whether to print stack traces on some errors. Will print 243 internal Ruby stack trace interleaved with Puppet function frames.", 244 :hook => proc do |value| 245 # Enable or disable Facter's trace option too 246 Facter.trace(value) if Facter.respond_to? :trace 247 end 248 }, 249 :puppet_trace => { 250 :default => false, 251 :type => :boolean, 252 :desc => "Whether to print the Puppet stack trace on some errors. 253 This is a noop if `trace` is also set.", 254 }, 255 :profile => { 256 :default => false, 257 :type => :boolean, 258 :desc => "Whether to enable experimental performance profiling", 259 }, 260 :versioned_environment_dirs => { 261 :default => false, 262 :type => :boolean, 263 :desc => "Whether or not to look for versioned environment directories, 264 symlinked from `$environmentpath/<environment>`. This is an experimental 265 feature and should be used with caution." 266 }, 267 :static_catalogs => { 268 :default => true, 269 :type => :boolean, 270 :desc => "Whether to compile a [static catalog](https://puppet.com/docs/puppet/latest/static_catalogs.html#enabling-or-disabling-static-catalogs), 271 which occurs only on Puppet Server when the `code-id-command` and 272 `code-content-command` settings are configured in its `puppetserver.conf` file.", 273 }, 274 :settings_catalog => { 275 :default => true, 276 :type => :boolean, 277 :desc => "Whether to compile and apply the settings catalog", 278 }, 279 :strict_environment_mode => { 280 :default => false, 281 :type => :boolean, 282 :desc => "Whether the agent specified environment should be considered authoritative, 283 causing the run to fail if the retrieved catalog does not match it.", 284 }, 285 :autoflush => { 286 :default => true, 287 :type => :boolean, 288 :desc => "Whether log files should always flush to disk.", 289 :hook => proc { |value| Log.autoflush = value } 290 }, 291 :syslogfacility => { 292 :default => "daemon", 293 :desc => "What syslog facility to use when logging to syslog. 294 Syslog has a fixed list of valid facilities, and you must 295 choose one of those; you cannot just make one up." 296 }, 297 :statedir => { 298 :default => "$vardir/state", 299 :type => :directory, 300 :mode => "01755", 301 :desc => "The directory where Puppet state is stored. Generally, 302 this directory can be removed without causing harm (although it 303 might result in spurious service restarts)." 304 }, 305 :rundir => { 306 :default => nil, 307 :type => :directory, 308 :mode => "0755", 309 :owner => "service", 310 :group => "service", 311 :desc => "Where Puppet PID files are kept." 312 }, 313 :genconfig => { 314 :default => false, 315 :type => :boolean, 316 :desc => "When true, causes Puppet applications to print an example config file 317 to stdout and exit. The example will include descriptions of each 318 setting, and the current (or default) value of each setting, 319 incorporating any settings overridden on the CLI (with the exception 320 of `genconfig` itself). This setting only makes sense when specified 321 on the command line as `--genconfig`.", 322 }, 323 :genmanifest => { 324 :default => false, 325 :type => :boolean, 326 :desc => "Whether to just print a manifest to stdout and exit. Only makes 327 sense when specified on the command line as `--genmanifest`. Takes into account arguments specified 328 on the CLI.", 329 }, 330 :configprint => { 331 :default => "", 332 :deprecated => :completely, 333 :desc => "Prints the value of a specific configuration setting. If the name of a 334 setting is provided for this, then the value is printed and puppet 335 exits. Comma-separate multiple values. For a list of all values, 336 specify 'all'. This setting is deprecated, the 'puppet config' command replaces this functionality.", 337 }, 338 :color => { 339 :default => "ansi", 340 :type => :string, 341 :desc => "Whether to use colors when logging to the console. Valid values are 342 `ansi` (equivalent to `true`), `html`, and `false`, which produces no color." 343 }, 344 :mkusers => { 345 :default => false, 346 :type => :boolean, 347 :desc => "Whether to create the necessary user and group that puppet agent will run as.", 348 }, 349 :manage_internal_file_permissions => { 350 :default => ! Puppet::Util::Platform.windows?, 351 :type => :boolean, 352 :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally. 353 **Note**: For Windows agents, the default is `false` for versions 4.10.13 and greater, versions 5.5.6 and greater, and versions 6.0 and greater.", 354 }, 355 :onetime => { 356 :default => false, 357 :type => :boolean, 358 :desc => "Perform one configuration run and exit, rather than spawning a long-running 359 daemon. This is useful for interactively running puppet agent, or 360 running puppet agent from cron.", 361 :short => 'o', 362 }, 363 :path => { 364 :default => "none", 365 :desc => "The shell search path. Defaults to whatever is inherited 366 from the parent process. 367 368 This setting can only be set in the `[main]` section of puppet.conf; it cannot 369 be set in `[server]`, `[agent]`, or an environment config section.", 370 :call_hook => :on_define_and_write, 371 :hook => proc do |value| 372 Puppet::Util.set_env('PATH', '') if Puppet::Util.get_env('PATH').nil? 373 Puppet::Util.set_env('PATH', value) unless value == 'none' 374 paths = Puppet::Util.get_env('PATH').split(File::PATH_SEPARATOR) 375 Puppet::Util::Platform.default_paths.each do |path| 376 Puppet::Util.set_env('PATH', Puppet::Util.get_env('PATH') + File::PATH_SEPARATOR + path) unless paths.include?(path) 377 end 378 value 379 end 380 }, 381 :libdir => { 382 :type => :directory, 383 :default => "$vardir/lib", 384 :desc => "An extra search path for Puppet. This is only useful 385 for those files that Puppet will load on demand, and is only 386 guaranteed to work for those cases. In fact, the autoload 387 mechanism is responsible for making sure this directory 388 is in Ruby's search path\n" 389 }, 390 :environment => { 391 :default => "production", 392 :desc => "The environment in which Puppet is running. For clients, 393 such as `puppet agent`, this determines the environment itself, which 394 Puppet uses to find modules and much more. For servers, such as `puppet server`, 395 this provides the default environment for nodes that Puppet knows nothing about. 396 397 When defining an environment in the `[agent]` section, this refers to the 398 environment that the agent requests from the primary server. The environment doesn't 399 have to exist on the local filesystem because the agent fetches it from the 400 primary server. This definition is used when running `puppet agent`. 401 402 When defined in the `[user]` section, the environment refers to the path that 403 Puppet uses to search for code and modules related to its execution. This 404 requires the environment to exist locally on the filesystem where puppet is 405 being executed. Puppet subcommands, including `puppet module` and 406 `puppet apply`, use this definition. 407 408 Given that the context and effects vary depending on the 409 [config section](https://puppet.com/docs/puppet/latest/config_file_main.html#config-sections) 410 in which the `environment` setting is defined, do not set it globally.", 411 :short => "E" 412 }, 413 :environmentpath => { 414 :default => "$codedir/environments", 415 :desc => "A search path for directory environments, as a list of directories 416 separated by the system path separator character. (The POSIX path separator 417 is ':', and the Windows path separator is ';'.) 418 419 This setting must have a value set to enable **directory environments.** The 420 recommended value is `$codedir/environments`. For more details, see 421 <https://puppet.com/docs/puppet/latest/environments_about.html>", 422 :type => :path, 423 }, 424 :always_retry_plugins => { 425 :type => :boolean, 426 :default => true, 427 :desc => <<-'EOT' 428 Affects how we cache attempts to load Puppet resource types and features. If 429 true, then calls to `Puppet.type.<type>?` `Puppet.feature.<feature>?` 430 will always attempt to load the type or feature (which can be an 431 expensive operation) unless it has already been loaded successfully. 432 This makes it possible for a single agent run to, e.g., install a 433 package that provides the underlying capabilities for a type or feature, 434 and then later load that type or feature during the same run (even if 435 the type or feature had been tested earlier and had not been available). 436 437 If this setting is set to false, then types and features will only be 438 checked once, and if they are not available, the negative result is 439 cached and returned for all subsequent attempts to load the type or 440 feature. This behavior is almost always appropriate for the server, 441 and can result in a significant performance improvement for types and 442 features that are checked frequently. 443 EOT 444 }, 445 :diff_args => { 446 :default => lambda { default_diffargs }, 447 :desc => "Which arguments to pass to the diff command when printing differences between 448 files. The command to use can be chosen with the `diff` setting.", 449 }, 450 :diff => { 451 :default => (Puppet::Util::Platform.windows? ? "" : "diff"), 452 :desc => "Which diff command to use when printing differences between files. This setting 453 has no default value on Windows, as standard `diff` is not available, but Puppet can use many 454 third-party diff tools.", 455 }, 456 :show_diff => { 457 :type => :boolean, 458 :default => false, 459 :desc => "Whether to log and report a contextual diff when files are being replaced. 460 This causes partial file contents to pass through Puppet's normal 461 logging and reporting system, so this setting should be used with 462 caution if you are sending Puppet's reports to an insecure 463 destination. This feature currently requires the `diff/lcs` Ruby 464 library.", 465 }, 466 :daemonize => { 467 :type => :boolean, 468 :default => (Puppet::Util::Platform.windows? ? false : true), 469 :desc => "Whether to send the process into the background. This defaults 470 to true on POSIX systems, and to false on Windows (where Puppet 471 currently cannot daemonize).", 472 :short => "D", 473 :hook => proc do |value| 474 if value and Puppet::Util::Platform.windows? 475 raise "Cannot daemonize on Windows" 476 end 477 end 478 }, 479 :maximum_uid => { 480 :default => 4294967290, 481 :type => :integer, 482 :desc => "The maximum allowed UID. Some platforms use negative UIDs 483 but then ship with tools that do not know how to handle signed ints, 484 so the UIDs show up as huge numbers that can then not be fed back into 485 the system. This is a hackish way to fail in a slightly more useful 486 way when that happens.", 487 }, 488 :route_file => { 489 :default => "$confdir/routes.yaml", 490 :desc => "The YAML file containing indirector route configuration.", 491 }, 492 :node_terminus => { 493 :type => :terminus, 494 :default => "plain", 495 :desc => <<-'EOT', 496 Which node data plugin to use when compiling node catalogs. 497 498 When Puppet compiles a catalog, it combines two primary sources of info: the main manifest, 499 and a node data plugin (often called a "node terminus," for historical reasons). Node data 500 plugins provide three things for a given node name: 501 502 1. A list of classes to add to that node's catalog (and, optionally, values for their 503 parameters). 504 2. Which Puppet environment the node should use. 505 3. A list of additional top-scope variables to set. 506 507 The three main node data plugins are: 508 509 * `plain` --- Returns no data, so that the main manifest controls all node configuration. 510 * `exec` --- Uses an 511 [external node classifier (ENC)](https://puppet.com/docs/puppet/latest/nodes_external.html), 512 configured by the `external_nodes` setting. This lets you pull a list of Puppet classes 513 from any external system, using a small glue script to perform the request and format the 514 result as YAML. 515 * `classifier` (formerly `console`) --- Specific to Puppet Enterprise. Uses the PE console 516 for node data." 517 EOT 518 }, 519 :node_cache_terminus => { 520 :type => :terminus, 521 :default => nil, 522 :desc => "How to store cached nodes. 523 Valid values are (none), 'json', 'msgpack', or 'yaml'.", 524 }, 525 :data_binding_terminus => { 526 :type => :terminus, 527 :default => "hiera", 528 :desc => 529 "This setting has been deprecated. Use of any value other than 'hiera' should instead be configured 530 in a version 5 hiera.yaml. Until this setting is removed, it controls which data binding terminus 531 to use for global automatic data binding (across all environments). By default this value is 'hiera'. 532 A value of 'none' turns off the global binding.", 533 :call_hook => :on_initialize_and_write, 534 :hook => proc do |value| 535 if Puppet[:strict] != :off 536 s_val = value.to_s # because sometimes the value is a symbol 537 unless s_val == 'hiera' || s_val == 'none' || value == '' || value.nil? 538 #TRANSLATORS 'data_binding_terminus' is a setting and should not be translated 539 message = _("Setting 'data_binding_terminus' is deprecated.") 540 #TRANSLATORS 'hiera' should not be translated 541 message += ' ' + _("Convert custom terminus to hiera 5 API.") 542 Puppet.deprecation_warning(message) 543 end 544 end 545 end 546 }, 547 :hiera_config => { 548 :default => lambda do 549 config = nil 550 codedir = settings[:codedir] 551 if codedir.is_a?(String) 552 config = File.expand_path(File.join(codedir, 'hiera.yaml')) 553 config = nil unless Puppet::FileSystem.exist?(config) 554 end 555 config = File.expand_path(File.join(settings[:confdir], 'hiera.yaml')) if config.nil? 556 config 557 end, 558 :desc => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet server every time you edit it.", 559 :type => :file, 560 }, 561 :binder_config => { 562 :default => nil, 563 :desc => "The binder configuration file. Puppet reads this file on each request to configure the bindings system. 564 If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration 565 is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file.", 566 :type => :file, 567 }, 568 :catalog_terminus => { 569 :type => :terminus, 570 :default => "compiler", 571 :desc => "Where to get node catalogs. This is useful to change if, for instance, 572 you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.", 573 }, 574 :catalog_cache_terminus => { 575 :type => :terminus, 576 :default => nil, 577 :desc => "How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'." 578 }, 579 :facts_terminus => { 580 :default => 'facter', 581 :desc => "The node facts terminus.", 582 }, 583 :trusted_external_command => { 584 :default => nil, 585 :type => :file_or_directory, 586 :desc => "The external trusted facts script or directory to use. 587 This setting's value can be set to the path to an executable command that 588 can produce external trusted facts or to a directory containing those 589 executable commands. The command(s) must: 590 591 * Take the name of a node as a command-line argument. 592 * Return a JSON hash with the external trusted facts for this node. 593 * For unknown or invalid nodes, exit with a non-zero exit code. 594 595 If the setting points to an executable command, then the external trusted 596 facts will be stored in the 'external' key of the trusted facts hash. Otherwise 597 for each executable file in the directory, the external trusted facts will be 598 stored in the `<basename>` key of the `trusted['external']` hash. For example, 599 if the files foo.rb and bar.sh are in the directory, then `trusted['external']` 600 will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.", 601 }, 602 :default_file_terminus => { 603 :type => :terminus, 604 :default => "rest", 605 :desc => "The default source for files if no server is given in a 606 uri, e.g. puppet:///file. The default of `rest` causes the file to be 607 retrieved using the `server` setting. When running `apply` the default 608 is `file_server`, causing requests to be filled locally." 609 }, 610 :http_proxy_host => { 611 :default => "none", 612 :desc => "The HTTP proxy host to use for outgoing connections. The proxy will be bypassed if 613 the server's hostname matches the NO_PROXY environment variable or `no_proxy` setting. Note: You 614 may need to use a FQDN for the server hostname when using a proxy. Environment variable 615 http_proxy or HTTP_PROXY will override this value. ", 616 }, 617 :http_proxy_port => { 618 :default => 3128, 619 :type => :port, 620 :desc => "The HTTP proxy port to use for outgoing connections", 621 }, 622 :http_proxy_user => { 623 :default => "none", 624 :desc => "The user name for an authenticated HTTP proxy. Requires the `http_proxy_host` setting.", 625 }, 626 :http_proxy_password =>{ 627 :default => "none", 628 :hook => proc do |value| 629 if value =~ /[@!# \/]/ 630 raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}" 631 end 632 end, 633 :desc => "The password for the user of an authenticated HTTP proxy. 634 Requires the `http_proxy_user` setting. 635 636 Note that passwords must be valid when used as part of a URL. If a password 637 contains any characters with special meanings in URLs (as specified by RFC 3986 638 section 2.2), they must be URL-encoded. (For example, `#` would become `%23`.)", 639 }, 640 :no_proxy => { 641 :default => "localhost, 127.0.0.1", 642 :desc => "List of host or domain names that should not go through `http_proxy_host`. Environment variable no_proxy or NO_PROXY will override this value. Names can be specified as an FQDN `host.example.com`, wildcard `*.example.com`, dotted domain `.example.com`, or suffix `example.com`.", 643 }, 644 :http_keepalive_timeout => { 645 :default => "4s", 646 :type => :duration, 647 :desc => "The maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed. This timeout should be shorter than the keepalive timeout used on the HTTP server, e.g. Apache KeepAliveTimeout directive. 648 #{AS_DURATION}" 649 }, 650 :http_debug => { 651 :default => false, 652 :type => :boolean, 653 :desc => "Whether to write HTTP request and responses to stderr. This should never be used in a production environment." 654 }, 655 :http_connect_timeout => { 656 :default => "2m", 657 :type => :duration, 658 :desc => "The maximum amount of time to wait when establishing an HTTP connection. The default 659 value is 2 minutes. 660 #{AS_DURATION}", 661 }, 662 :http_read_timeout => { 663 :default => "10m", 664 :type => :duration, 665 :desc => "The time to wait for data to be read from an HTTP connection. If nothing is 666 read after the elapsed interval then the connection will be closed. The default value is 10 minutes. 667 #{AS_DURATION}", 668 }, 669 :http_user_agent => { 670 :default => "Puppet/#{Puppet.version} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})", 671 :desc => "The HTTP User-Agent string to send when making network requests." 672 }, 673 :filetimeout => { 674 :default => "15s", 675 :type => :duration, 676 :desc => "The minimum time to wait between checking for updates in 677 configuration files. This timeout determines how quickly Puppet checks whether 678 a file (such as manifests or puppet.conf) has changed on disk. The default will 679 change in a future release to be 'unlimited', requiring a reload of the Puppet 680 service to pick up changes to its internal configuration. Currently we do not 681 accept a value of 'unlimited'. To reparse files within an environment in 682 Puppet Server please use the environment_cache endpoint", 683 :hook => proc do |val| 684 unless [0, 15, '15s'].include?(val) 685 Puppet.deprecation_warning(<<-WARNING) 686 Fine grained control of filetimeouts is deprecated. In future 687 releases this value will only determine if file content is cached. 688 689 Valid values are 0 (never cache) and 15 (15 second minimum wait time). 690 WARNING 691 end 692 end 693 }, 694 :environment_timeout => { 695 :default => "0", 696 :type => :ttl, 697 :desc => "How long the Puppet server should cache data it loads from an 698 environment. 699 700 A value of `0` will disable caching. This setting can also be set to 701 `unlimited`, which will cache environments until the server is restarted 702 or told to refresh the cache. All other values will result in Puppet 703 server evicting environments that haven't been used within the last 704 `environment_timeout` seconds. 705 706 You should change this setting once your Puppet deployment is doing 707 non-trivial work. We chose the default value of `0` because it lets new 708 users update their code without any extra steps, but it lowers the 709 performance of your Puppet server. We recommend either: 710 711 * Setting this to `unlimited` and explicitly refreshing your Puppet server 712 as part of your code deployment process. 713 714 * Setting this to a number that will keep your most actively used 715 environments cached, but allow testing environments to fall out of the 716 cache and reduce memory usage. A value of 3 minutes (3m) is a reasonable 717 value. 718 719 Once you set `environment_timeout` to a non-zero value, you need to tell 720 Puppet server to read new code from disk using the `environment-cache` API 721 endpoint after you deploy new code. See the docs for the Puppet Server 722 [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html). 723 " 724 }, 725 :environment_data_provider => { 726 :desc => "The name of a registered environment data provider used when obtaining environment 727 specific data. The three built in and registered providers are 'none' (no data), 'function' (data 728 obtained by calling the function 'environment::data()') and 'hiera' (data obtained using a data 729 provider configured using a hiera.yaml file in root of the environment). 730 Other environment data providers may be registered in modules on the module path. For such 731 custom data providers see the respective module documentation. This setting is deprecated.", 732 :hook => proc { |value| 733 unless value.nil? || Puppet[:strict] == :off 734 #TRANSLATORS 'environment_data_provider' is a setting and should not be translated 735 Puppet.deprecation_warning(_("Setting 'environment_data_provider' is deprecated.")) 736 end 737 } 738 }, 739 :prerun_command => { 740 :default => "", 741 :desc => "A command to run before every agent run. If this command returns a non-zero 742 return code, the entire Puppet run will fail.", 743 }, 744 :postrun_command => { 745 :default => "", 746 :desc => "A command to run after every agent run. If this command returns a non-zero 747 return code, the entire Puppet run will be considered to have failed, even though it might have 748 performed work during the normal run.", 749 }, 750 :freeze_main => { 751 :default => false, 752 :type => :boolean, 753 :desc => "Freezes the 'main' class, disallowing any code to be added to it. This 754 essentially means that you can't have any code outside of a node, 755 class, or definition other than in the site manifest.", 756 }, 757 :preview_outputdir => { 758 :default => '$vardir/preview', 759 :type => :directory, 760 :mode => "0750", 761 :owner => "service", 762 :group => "service", 763 :desc => "The directory where catalog previews per node are generated." 764 } 765 ) 766 767 settings.define_settings(:module_tool, 768 :module_repository => { 769 :default => 'https://forgeapi.puppet.com', 770 :desc => "The module repository", 771 }, 772 :module_working_dir => { 773 :default => (Puppet::Util::Platform.windows? ? Dir.tmpdir() : '$vardir/puppet-module'), 774 :desc => "The directory into which module tool data is stored", 775 }, 776 :forge_authorization => { 777 :default => nil, 778 :desc => "The authorization key to connect to the Puppet Forge. Leave blank for unauthorized or license based connections", 779 }, 780 :module_groups => { 781 :default => nil, 782 :desc => "Extra module groups to request from the Puppet Forge. This is an internal setting, and users should never change it.", 783 } 784 ) 785 786 settings.define_settings( 787 :main, 788 789 # We have to downcase the fqdn, because the current ssl stuff (as opposed to in master) doesn't have good facilities for 790 # manipulating naming. 791 :certname => { 792 :default => lambda { Puppet::Settings.default_certname.downcase }, 793 :desc => "The name to use when handling certificates. When a node 794 requests a certificate from the CA Puppet Server, it uses the value of the 795 `certname` setting as its requested Subject CN. 796 797 This is the name used when managing a node's permissions in 798 Puppet Server's [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html). 799 In most cases, it is also used as the node's name when matching 800 [node definitions](https://puppet.com/docs/puppet/latest/lang_node_definitions.html) 801 and requesting data from an ENC. (This can be changed with the `node_name_value` 802 and `node_name_fact` settings, although you should only do so if you have 803 a compelling reason.) 804 805 A node's certname is available in Puppet manifests as `$trusted['certname']`. (See 806 [Facts and Built-In Variables](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html) 807 for more details.) 808 809 * For best compatibility, you should limit the value of `certname` to 810 only use lowercase letters, numbers, periods, underscores, and dashes. (That is, 811 it should match `/\A[a-z0-9._-]+\Z/`.) 812 * The special value `ca` is reserved, and can't be used as the certname 813 for a normal node. 814 815 **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors. 816 817 Defaults to the node's fully qualified domain name.", 818 :call_hook => :on_initialize_and_write, 819 :hook => proc { |value| 820 raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase 821 }}, 822 :dns_alt_names => { 823 :default => '', 824 :desc => <<EOT, 825 A comma-separated list of alternate DNS names for Puppet Server. These are extra 826 hostnames (in addition to its `certname`) that the server is allowed to use when 827 serving agents. Puppet checks this setting when automatically creating a 828 certificate for Puppet agent or Puppet Server. These can be either IP or DNS, and the type 829 should be specified and followed with a colon. Untyped inputs will default to DNS. 830 831 In order to handle agent requests at a given hostname (like 832 "puppet.example.com"), Puppet Server needs a certificate that proves it's 833 allowed to use that name; if a server shows a certificate that doesn't include 834 its hostname, Puppet agents will refuse to trust it. If you use a single 835 hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each 836 of those servers needs to include the official hostname in its list of extra 837 names. 838 839 **Note:** The list of alternate names is locked in when the server's 840 certificate is signed. If you need to change the list later, you can't just 841 change this setting; you also need to regenerate the certificate. For more 842 information on that process, see the 843 [cert regen docs](https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html). 844 845 To see all the alternate names your servers are using, log into your CA server 846 and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`. 847 Most agent nodes should NOT have alternate names; the only certs that should 848 have them are Puppet Server nodes that you want other agents to trust. 849 EOT 850 }, 851 :csr_attributes => { 852 :default => "$confdir/csr_attributes.yaml", 853 :type => :file, 854 :desc => <<EOT 855 An optional file containing custom attributes to add to certificate signing 856 requests (CSRs). You should ensure that this file does not exist on your CA 857 Puppet Server; if it does, unwanted certificate extensions may leak into 858 certificates created with the `puppetserver ca generate` command. 859 860 If present, this file must be a YAML hash containing a `custom_attributes` key 861 and/or an `extension_requests` key. The value of each key must be a hash, where 862 each key is a valid OID and each value is an object that can be cast to a string. 863 864 Custom attributes can be used by the CA when deciding whether to sign the 865 certificate, but are then discarded. Attribute OIDs can be any OID value except 866 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). 867 This is useful for embedding a pre-shared key for autosigning policy executables 868 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` 869 ("challenge password") OID. 870 871 Extension requests will be permanently embedded in the final certificate. 872 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`), 873 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`), or 874 "ppAuthCertExt" (`1.3.6.1.4.1.34380.1.3`) OID arcs. The ppRegCertExt arc is 875 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), 876 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) 877 --- in the YAML file, these can be referred to by their short descriptive names 878 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used 879 for site-specific extensions. The ppAuthCert arc is reserved for two pieces of 880 data to embed: `pp_authorization` (`.1`) and `pp_auth_role` (`.13`). As with 881 ppRegCertExt, in the YAML file, these can be referred to by their short 882 descriptive name instead of their full OID. 883 EOT 884 }, 885 :certdir => { 886 :default => "$ssldir/certs", 887 :type => :directory, 888 :mode => "0755", 889 :owner => "service", 890 :group => "service", 891 :desc => "The certificate directory." 892 }, 893 :ssldir => { 894 :default => "$confdir/ssl", 895 :type => :directory, 896 :mode => "0771", 897 :owner => "service", 898 :group => "service", 899 :desc => "Where SSL certificates are kept." 900 }, 901 :ssl_lockfile => { 902 :default => "$ssldir/ssl.lock", 903 :type => :string, 904 :desc => "A lock file to indicate that the ssl bootstrap process is currently in progress.", 905 }, 906 :publickeydir => { 907 :default => "$ssldir/public_keys", 908 :type => :directory, 909 :mode => "0755", 910 :owner => "service", 911 :group => "service", 912 :desc => "The public key directory." 913 }, 914 :requestdir => { 915 :default => "$ssldir/certificate_requests", 916 :type => :directory, 917 :mode => "0755", 918 :owner => "service", 919 :group => "service", 920 :desc => "Where host certificate requests are stored." 921 }, 922 :privatekeydir => { 923 :default => "$ssldir/private_keys", 924 :type => :directory, 925 :mode => "0750", 926 :owner => "service", 927 :group => "service", 928 :desc => "The private key directory." 929 }, 930 :privatedir => { 931 :default => "$ssldir/private", 932 :type => :directory, 933 :mode => "0750", 934 :owner => "service", 935 :group => "service", 936 :desc => "Where the client stores private certificate information." 937 }, 938 :passfile => { 939 :default => "$privatedir/password", 940 :type => :file, 941 :mode => "0640", 942 :owner => "service", 943 :group => "service", 944 :desc => "Where puppet agent stores the password for its private key. 945 Generally unused." 946 }, 947 :hostcsr => { 948 :default => "$requestdir/$certname.pem", 949 :type => :file, 950 :mode => "0644", 951 :owner => "service", 952 :group => "service", 953 :desc => "Where individual hosts store their certificate request (CSR) 954 while waiting for the CA to issue their certificate." 955 }, 956 :hostcert => { 957 :default => "$certdir/$certname.pem", 958 :type => :file, 959 :mode => "0644", 960 :owner => "service", 961 :group => "service", 962 :desc => "Where individual hosts store and look for their certificates." 963 }, 964 :hostprivkey => { 965 :default => "$privatekeydir/$certname.pem", 966 :type => :file, 967 :mode => "0640", 968 :owner => "service", 969 :group => "service", 970 :desc => "Where individual hosts store and look for their private key." 971 }, 972 :hostpubkey => { 973 :default => "$publickeydir/$certname.pem", 974 :type => :file, 975 :mode => "0644", 976 :owner => "service", 977 :group => "service", 978 :desc => "Where individual hosts store and look for their public key." 979 }, 980 :localcacert => { 981 :default => "$certdir/ca.pem", 982 :type => :file, 983 :mode => "0644", 984 :owner => "service", 985 :group => "service", 986 :desc => "Where each client stores the CA certificate." 987 }, 988 :ca_fingerprint => { 989 :default => nil, 990 :type => :string, 991 :desc => "The expected fingerprint of the CA certificate. If specified, the agent 992 will compare the CA certificate fingerprint that it downloads against this value 993 and reject the CA certificate if the values do not match. This only applies 994 during the first download of the CA certificate." 995 }, 996 :ssl_trust_store => { 997 :default => nil, 998 :type => :file, 999 :desc => "A file containing CA certificates in PEM format that puppet should trust 1000 when making HTTPS requests. This **only** applies to https requests to non-puppet 1001 infrastructure, such as retrieving file metadata and content from https file sources, 1002 puppet module tool and the 'http' report processor. This setting is ignored when 1003 making requests to puppet:// URLs such as catalog and report requests.", 1004 }, 1005 :hostcrl => { 1006 :default => "$ssldir/crl.pem", 1007 :type => :file, 1008 :mode => "0644", 1009 :owner => "service", 1010 :group => "service", 1011 :desc => "Where the host's certificate revocation list can be found. 1012 This is distinct from the certificate authority's CRL." 1013 }, 1014 :certificate_revocation => { 1015 :default => 'chain', 1016 :type => :certificate_revocation, 1017 :desc => <<-'EOT' 1018 Whether certificate revocation checking should be enabled, and what level of 1019 checking should be performed. 1020 1021 When certificate revocation is enabled, Puppet expects the contents of its CRL 1022 to be one or more PEM-encoded CRLs concatenated together. When using a cert 1023 bundle, CRLs for all CAs in the chain of trust must be included in the crl file. 1024 The chain should be ordered from least to most authoritative, with the first CRL 1025 listed being for the root of the chain and the last being for the leaf CA. 1026 1027 When certificate_revocation is set to 'true' or 'chain', Puppet ensures 1028 that each CA in the chain of trust has not been revoked by its issuing CA. 1029 1030 When certificate_revocation is set to 'leaf', Puppet verifies certs against 1031 the issuing CA's revocation list, but it does not verify the revocation status 1032 of the issuing CA or any CA above it within the chain of trust. 1033 1034 When certificate_revocation is set to 'false', Puppet disables all 1035 certificate revocation checking and does not attempt to download the CRL. 1036 EOT 1037 }, 1038 :ciphers => { 1039 :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256', 1040 :type => :string, 1041 :desc => "The list of ciphersuites for TLS connections initiated by puppet. The 1042 default value is chosen to support TLS 1.0 and up, but can be made 1043 more restrictive if needed. The ciphersuites must be specified in OpenSSL 1044 format, not IANA." 1045 }, 1046 :key_type => { 1047 :default => 'rsa', 1048 :type => :enum, 1049 :values => %w[rsa ec], 1050 :desc => "The type of private key. Valid values are `rsa` and `ec`. Default is `rsa`." 1051 }, 1052 :named_curve => { 1053 :default => 'prime256v1', 1054 :type => :string, 1055 :desc => "The short name for the EC curve used to generate the EC private key. Valid 1056 values must be one of the curves in `OpenSSL::PKey::EC.builtin_curves`. 1057 Default is `prime256v1`." 1058 }, 1059 :digest_algorithm => { 1060 :default => lambda { default_digest_algorithm }, 1061 :type => :enum, 1062 :values => valid_digest_algorithms, 1063 :desc => "Which digest algorithm to use for file resources and the filebucket. 1064 Valid values are #{valid_digest_algorithms.join(', ')}. Default is 1065 #{default_digest_algorithm}.", 1066 }, 1067 :supported_checksum_types => { 1068 :default => lambda { default_file_checksum_types }, 1069 :type => :array, 1070 :desc => "Checksum types supported by this agent for use in file resources of a 1071 static catalog. Values must be comma-separated. Valid types are 1072 #{valid_file_checksum_types.join(', ')}. Default is 1073 #{default_file_checksum_types.join(', ')}.", 1074 :hook => proc do |value| 1075 values = munge(value) 1076 1077 invalid = values - Puppet.valid_file_checksum_types 1078 if not invalid.empty? 1079 raise ArgumentError, _("Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'") % { 1080 value: invalid.first, name: @name, allowed_values: Puppet.valid_file_checksum_types.join("', '") 1081 } 1082 end 1083 end 1084 }, 1085 :logdest => { 1086 :type => :string, 1087 :desc => "Where to send log messages. Choose between 'syslog' (the POSIX syslog 1088 service), 'eventlog' (the Windows Event Log), 'console', or the path to a log 1089 file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)" 1090 # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook, 1091 # unfortunately we have a large number of tests that rely on the logging not resetting itself when the 1092 # settings are initialized as they test what gets logged during settings initialization. 1093 } 1094 ) 1095 1096 settings.define_settings( 1097 :ca, 1098 :ca_name => { 1099 :default => "Puppet CA: $certname", 1100 :desc => "The name to use the Certificate Authority certificate.", 1101 }, 1102 :cadir => { 1103 :default => lambda { default_cadir }, 1104 :type => :directory, 1105 :desc => "The root directory for the certificate authority.", 1106 }, 1107 :cacert => { 1108 :default => "$cadir/ca_crt.pem", 1109 :type => :file, 1110 :desc => "The CA certificate.", 1111 }, 1112 :cakey => { 1113 :default => "$cadir/ca_key.pem", 1114 :type => :file, 1115 :desc => "The CA private key.", 1116 }, 1117 :capub => { 1118 :default => "$cadir/ca_pub.pem", 1119 :type => :file, 1120 :desc => "The CA public key.", 1121 }, 1122 :cacrl => { 1123 :default => "$cadir/ca_crl.pem", 1124 :type => :file, 1125 :desc => "The certificate revocation list (CRL) for the CA.", 1126 }, 1127 :csrdir => { 1128 :default => "$cadir/requests", 1129 :type => :directory, 1130 :desc => "Where the CA stores certificate requests.", 1131 }, 1132 :signeddir => { 1133 :default => "$cadir/signed", 1134 :type => :directory, 1135 :desc => "Where the CA stores signed certificates.", 1136 }, 1137 :serial => { 1138 :default => "$cadir/serial", 1139 :type => :file, 1140 :desc => "Where the serial number for certificates is stored.", 1141 }, 1142 :autosign => { 1143 :default => "$confdir/autosign.conf", 1144 :type => :autosign, 1145 :desc => "Whether (and how) to autosign certificate requests. This setting 1146 is only relevant on a Puppet Server acting as a certificate authority (CA). 1147 1148 Valid values are true (autosigns all certificate requests; not recommended), 1149 false (disables autosigning certificates), or the absolute path to a file. 1150 1151 The file specified in this setting may be either a **configuration file** 1152 or a **custom policy executable.** Puppet will automatically determine 1153 what it is: If the Puppet user (see the `user` setting) can execute the 1154 file, it will be treated as a policy executable; otherwise, it will be 1155 treated as a config file. 1156 1157 If a custom policy executable is configured, the CA Puppet Server will run it 1158 every time it receives a CSR. The executable will be passed the subject CN of the 1159 request _as a command line argument,_ and the contents of the CSR in PEM format 1160 _on stdin._ It should exit with a status of 0 if the cert should be autosigned 1161 and non-zero if the cert should not be autosigned. 1162 1163 If a certificate request is not autosigned, it will persist for review. An admin 1164 user can use the `puppetserver ca sign` command to manually sign it, or can delete 1165 the request. 1166 1167 For info on autosign configuration files, see 1168 [the guide to Puppet's config files](https://puppet.com/docs/puppet/latest/config_file_autosign.html).", 1169 }, 1170 :allow_duplicate_certs => { 1171 :default => false, 1172 :type => :boolean, 1173 :desc => "Whether to allow a new certificate request to overwrite an existing 1174 certificate request. If true, then the old certificate must be cleaned using 1175 `puppetserver ca clean`, and the new request signed using `puppetserver ca sign`." 1176 }, 1177 :ca_ttl => { 1178 :default => "5y", 1179 :type => :duration, 1180 :desc => "The default TTL for new certificates. 1181 #{AS_DURATION}", 1182 }, 1183 :crl_refresh_interval => { 1184 :type => :duration, 1185 :desc => "How often the Puppet agent refreshes its local CRL. By 1186 default the CRL is only downloaded once, and never refreshed. If a 1187 duration is specified, then the agent will refresh its CRL whenever it 1188 next runs and the elapsed time since the CRL was last refreshed exceeds 1189 the duration. 1190 1191 In general, the duration should be greater than the `runinterval`. 1192 Setting it to an equal or lesser value will cause the CRL to be 1193 refreshed on every run. 1194 1195 If the agent downloads a new CRL, the agent will use it for subsequent 1196 network requests. If the refresh request fails or if the CRL is 1197 unchanged on the server, then the agent run will continue using the 1198 local CRL it already has.#{AS_DURATION}", 1199 }, 1200 :keylength => { 1201 :default => 4096, 1202 :type => :integer, 1203 :desc => "The bit length of keys.", 1204 }, 1205 :cert_inventory => { 1206 :default => "$cadir/inventory.txt", 1207 :type => :file, 1208 :desc => "The inventory file. This is a text file to which the CA writes a 1209 complete listing of all certificates.", 1210 } 1211 ) 1212 1213 # Define the config default. 1214 1215 settings.define_settings(:application, 1216 :config_file_name => { 1217 :type => :string, 1218 :default => Puppet::Settings.default_config_file_name, 1219 :desc => "The name of the puppet config file.", 1220 }, 1221 :config => { 1222 :type => :file, 1223 :default => "$confdir/${config_file_name}", 1224 :desc => "The configuration file for the current puppet application.", 1225 }, 1226 :pidfile => { 1227 :type => :file, 1228 :default => "$rundir/${run_mode}.pid", 1229 :desc => "The file containing the PID of a running process. 1230 This file is intended to be used by service management frameworks 1231 and monitoring systems to determine if a puppet process is still in 1232 the process table.", 1233 }, 1234 :sourceaddress => { 1235 :default => nil, 1236 :desc => "The address the agent should use to initiate requests.", 1237 }, 1238 ) 1239 1240 settings.define_settings(:environment, 1241 :manifest => { 1242 :default => nil, 1243 :type => :file_or_directory, 1244 :desc => "The entry-point manifest for the primary server. This can be one file 1245 or a directory of manifests to be evaluated in alphabetical order. Puppet manages 1246 this path as a directory if one exists or if the path ends with a / or \\. 1247 1248 Setting a global value for `manifest` in puppet.conf is not allowed 1249 (but it can be overridden from the commandline). Please use 1250 directory environments instead. If you need to use something other than the 1251 environment's `manifests` directory as the main manifest, you can set 1252 `manifest` in environment.conf. For more info, see 1253 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1254 }, 1255 :modulepath => { 1256 :default => "", 1257 :type => :path, 1258 :desc => "The search path for modules, as a list of directories separated by the system 1259 path separator character. (The POSIX path separator is ':', and the 1260 Windows path separator is ';'.) 1261 1262 Setting a global value for `modulepath` in puppet.conf is not allowed 1263 (but it can be overridden from the commandline). Please use 1264 directory environments instead. If you need to use something other than the 1265 default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`, 1266 you can set `modulepath` in environment.conf. For more info, see 1267 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1268 }, 1269 :config_version => { 1270 :default => "", 1271 :desc => "How to determine the configuration version. By default, it will be the 1272 time that the configuration is parsed, but you can provide a shell script to override how the 1273 version is determined. The output of this script will be added to every log message in the 1274 reports, allowing you to correlate changes on your hosts to the source version on the server. 1275 1276 Setting a global value for config_version in puppet.conf is not allowed 1277 (but it can be overridden from the commandline). Please set a 1278 per-environment value in environment.conf instead. For more info, see 1279 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1280 } 1281 ) 1282 1283 settings.define_settings(:server, 1284 :user => { 1285 :default => "puppet", 1286 :desc => "The user Puppet Server will run as. Used to ensure 1287 the agent side processes (agent, apply, etc) create files and 1288 directories readable by Puppet Server when necessary.", 1289 }, 1290 :group => { 1291 :default => "puppet", 1292 :desc => "The group Puppet Server will run as. Used to ensure 1293 the agent side processes (agent, apply, etc) create files and 1294 directories readable by Puppet Server when necessary.", 1295 }, 1296 :default_manifest => { 1297 :default => "./manifests", 1298 :type => :string, 1299 :desc => "The default main manifest for directory environments. Any environment that 1300 doesn't set the `manifest` setting in its `environment.conf` file will use 1301 this manifest. 1302 1303 This setting's value can be an absolute or relative path. An absolute path 1304 will make all environments default to the same main manifest; a relative 1305 path will allow each environment to use its own manifest, and Puppet will 1306 resolve the path relative to each environment's main directory. 1307 1308 In either case, the path can point to a single file or to a directory of 1309 manifests to be evaluated in alphabetical order.", 1310 }, 1311 :disable_per_environment_manifest => { 1312 :default => false, 1313 :type => :boolean, 1314 :desc => "Whether to disallow an environment-specific main manifest. When set 1315 to `true`, Puppet will use the manifest specified in the `default_manifest` setting 1316 for all environments. If an environment specifies a different main manifest in its 1317 `environment.conf` file, catalog requests for that environment will fail with an error. 1318 1319 This setting requires `default_manifest` to be set to an absolute path.", 1320 :hook => proc do |value| 1321 if value && !Pathname.new(Puppet[:default_manifest]).absolute? 1322 raise(Puppet::Settings::ValidationError, 1323 "The 'default_manifest' setting must be set to an absolute path when 'disable_per_environment_manifest' is true") 1324 end 1325 end, 1326 }, 1327 :code => { 1328 :default => "", 1329 :desc => "Code to parse directly. This is essentially only used 1330 by `puppet`, and should only be set if you're writing your own Puppet 1331 executable.", 1332 }, 1333 :masterport => { 1334 :default => 8140, 1335 :type => :port, 1336 :desc => "The default port puppet subcommands use to communicate 1337 with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be 1338 overridden by more specific settings (see `ca_port`, `report_port`).", 1339 }, 1340 :serverport => { 1341 :type => :alias, 1342 :alias_for => :masterport 1343 }, 1344 :bucketdir => { 1345 :default => "$vardir/bucket", 1346 :type => :directory, 1347 :mode => "0750", 1348 :owner => "service", 1349 :group => "service", 1350 :desc => "Where FileBucket files are stored." 1351 }, 1352 :trusted_oid_mapping_file => { 1353 :default => "$confdir/custom_trusted_oid_mapping.yaml", 1354 :type => :file, 1355 :desc => "File that provides mapping between custom SSL oids and user-friendly names" 1356 }, 1357 :basemodulepath => { 1358 :default => lambda { default_basemodulepath }, 1359 :type => :path, 1360 :desc => "The search path for **global** modules. Should be specified as a 1361 list of directories separated by the system path separator character. (The 1362 POSIX path separator is ':', and the Windows path separator is ';'.) 1363 1364 These are the modules that will be used by _all_ environments. Note that 1365 the `modules` directory of the active environment will have priority over 1366 any global directories. For more info, see 1367 <https://puppet.com/docs/puppet/latest/environments_about.html>", 1368 }, 1369 :vendormoduledir => { 1370 :default => lambda { default_vendormoduledir }, 1371 :type => :string, 1372 :desc => "The directory containing **vendored** modules. These modules will 1373 be used by _all_ environments like those in the `basemodulepath`. The only 1374 difference is that modules in the `basemodulepath` are pluginsynced, while 1375 vendored modules are not", 1376 }, 1377 :ssl_client_header => { 1378 :default => "HTTP_X_CLIENT_DN", 1379 :desc => "The header containing an authenticated client's SSL DN. 1380 This header must be set by the proxy to the authenticated client's SSL 1381 DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common 1382 Name (CN) from the Distinguished Name (DN) and use the value of the CN 1383 field for authorization. 1384 1385 Note that the name of the HTTP header gets munged by the web server 1386 common gateway interface: an `HTTP_` prefix is added, dashes are converted 1387 to underscores, and all letters are uppercased. Thus, to use the 1388 `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`.", 1389 }, 1390 :ssl_client_verify_header => { 1391 :default => "HTTP_X_CLIENT_VERIFY", 1392 :desc => "The header containing the status message of the client 1393 verification. This header must be set by the proxy to 'SUCCESS' if the 1394 client successfully authenticated, and anything else otherwise. 1395 1396 Note that the name of the HTTP header gets munged by the web server 1397 common gateway interface: an `HTTP_` prefix is added, dashes are converted 1398 to underscores, and all letters are uppercased. Thus, to use the 1399 `X-Client-Verify` header, this setting should be 1400 `HTTP_X_CLIENT_VERIFY`.", 1401 }, 1402 # To make sure this directory is created before we try to use it on the server, we need 1403 # it to be in the server section (#1138). 1404 :yamldir => { 1405 :default => "$vardir/yaml", 1406 :type => :directory, 1407 :owner => "service", 1408 :group => "service", 1409 :mode => "0750", 1410 :desc => "The directory in which YAML data is stored, usually in a subdirectory."}, 1411 :server_datadir => { 1412 :default => "$vardir/server_data", 1413 :type => :directory, 1414 :owner => "service", 1415 :group => "service", 1416 :mode => "0750", 1417 :desc => "The directory in which serialized data is stored, usually in a subdirectory."}, 1418 :reports => { 1419 :default => "store", 1420 :desc => "The list of report handlers to use. When using multiple report handlers, 1421 their names should be comma-separated, with whitespace allowed. (For example, 1422 `reports = http, store`.) 1423 1424 This setting is relevant to puppet server and puppet apply. The primary Puppet 1425 server will call these report handlers with the reports it receives from 1426 agent nodes, and puppet apply will call them with its own report. (In 1427 all cases, the node applying the catalog must have `report = true`.) 1428 1429 See the report reference for information on the built-in report 1430 handlers; custom report handlers can also be loaded from modules. 1431 (Report handlers are loaded from the lib directory, at 1432 `puppet/reports/NAME.rb`.) 1433 1434 To turn off reports entirely, set this to `none`", 1435 }, 1436 :reportdir => { 1437 :default => "$vardir/reports", 1438 :type => :directory, 1439 :mode => "0750", 1440 :owner => "service", 1441 :group => "service", 1442 :desc => "The directory in which to store reports. Each node gets 1443 a separate subdirectory in this directory. This setting is only 1444 used when the `store` report processor is enabled (see the 1445 `reports` setting)."}, 1446 :reporturl => { 1447 :default => "http://localhost:3000/reports/upload", 1448 :desc => "The URL that reports should be forwarded to. This setting 1449 is only used when the `http` report processor is enabled (see the 1450 `reports` setting).", 1451 }, 1452 :fileserverconfig => { 1453 :default => "$confdir/fileserver.conf", 1454 :type => :file, 1455 :desc => "Where the fileserver configuration is stored.", 1456 }) 1457 1458 settings.define_settings(:device, 1459 :devicedir => { 1460 :default => "$vardir/devices", 1461 :type => :directory, 1462 :mode => "0750", 1463 :owner => "service", 1464 :group => "service", 1465 :desc => "The root directory of devices' $vardir.", 1466 }, 1467 :deviceconfig => { 1468 :default => "$confdir/device.conf", 1469 :desc => "Path to the device config file for puppet device.", 1470 } 1471 ) 1472 1473 settings.define_settings(:agent, 1474 :node_name_value => { 1475 :default => "$certname", 1476 :desc => "The explicit value used for the node name for all requests the agent 1477 makes to the primary server. WARNING: This setting is mutually exclusive with 1478 node_name_fact. Changing this setting also requires changes to 1479 Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html)." 1480 }, 1481 :node_name_fact => { 1482 :default => "", 1483 :desc => "The fact name used to determine the node name used for all requests the agent 1484 makes to the primary server. WARNING: This setting is mutually exclusive with 1485 node_name_value. Changing this setting also requires changes to 1486 Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).", 1487 :hook => proc do |value| 1488 if !value.empty? and Puppet[:node_name_value] != Puppet[:certname] 1489 raise "Cannot specify both the node_name_value and node_name_fact settings" 1490 end 1491 end 1492 }, 1493 :statefile => { 1494 :default => "$statedir/state.yaml", 1495 :type => :file, 1496 :mode => "0640", 1497 :desc => "Where Puppet agent and Puppet Server store state associated 1498 with the running configuration. In the case of Puppet Server, 1499 this file reflects the state discovered through interacting 1500 with clients." 1501 }, 1502 :statettl => { 1503 :default => "32d", 1504 :type => :ttl, 1505 :desc => "How long the Puppet agent should cache when a resource was last checked or synced. 1506 #{AS_DURATION} 1507 A value of `0` or `unlimited` will disable cache pruning. 1508 1509 This setting affects the usage of `schedule` resources, as the information 1510 about when a resource was last checked (and therefore when it needs to be 1511 checked again) is stored in the `statefile`. The `statettl` needs to be 1512 large enough to ensure that a resource will not trigger multiple times 1513 during a schedule due to its entry expiring from the cache." 1514 }, 1515 :transactionstorefile => { 1516 :default => "$statedir/transactionstore.yaml", 1517 :type => :file, 1518 :mode => "0640", 1519 :desc => "Transactional storage file for persisting data between 1520 transactions for the purposes of infering information (such as 1521 corrective_change) on new data received." 1522 }, 1523 :clientyamldir => { 1524 :default => "$vardir/client_yaml", 1525 :type => :directory, 1526 :mode => "0750", 1527 :desc => "The directory in which client-side YAML data is stored." 1528 }, 1529 :client_datadir => { 1530 :default => "$vardir/client_data", 1531 :type => :directory, 1532 :mode => "0750", 1533 :desc => "The directory in which serialized data is stored on the client." 1534 }, 1535 :classfile => { 1536 :default => "$statedir/classes.txt", 1537 :type => :file, 1538 :owner => "root", 1539 :mode => "0640", 1540 :desc => "The file in which puppet agent stores a list of the classes 1541 associated with the retrieved configuration. Can be loaded in 1542 the separate `puppet` executable using the `--loadclasses` 1543 option."}, 1544 :resourcefile => { 1545 :default => "$statedir/resources.txt", 1546 :type => :file, 1547 :owner => "root", 1548 :mode => "0640", 1549 :desc => "The file in which puppet agent stores a list of the resources 1550 associated with the retrieved configuration." }, 1551 :puppetdlog => { 1552 :default => "$logdir/puppetd.log", 1553 :type => :file, 1554 :owner => "root", 1555 :mode => "0640", 1556 :desc => "The fallback log file. This is only used when the `--logdest` option 1557 is not specified AND Puppet is running on an operating system where both 1558 the POSIX syslog service and the Windows Event Log are unavailable. (Currently, 1559 no supported operating systems match that description.) 1560 1561 Despite the name, both puppet agent and puppet server will use this file 1562 as the fallback logging destination. 1563 1564 For control over logging destinations, see the `--logdest` command line 1565 option in the manual pages for puppet server, puppet agent, and puppet 1566 apply. You can see man pages by running `puppet <SUBCOMMAND> --help`, 1567 or read them online at https://puppet.com/docs/puppet/latest/man/." 1568 }, 1569 :deviceconfdir => { 1570 :default => "$confdir/devices", 1571 :type => :directory, 1572 :mode => "0750", 1573 :owner => "service", 1574 :group => "service", 1575 :desc => "The root directory of devices' $confdir.", 1576 }, 1577 :server => { 1578 :default => "puppet", 1579 :desc => "The primary Puppet server to which the Puppet agent should connect.", 1580 }, 1581 :server_list => { 1582 :default => [], 1583 :type => :server_list, 1584 :desc => "The list of primary Puppet servers to which the Puppet agent should connect, 1585 in the order that they will be tried. Each value should be a fully qualified domain name, followed by an optional ':' and port number. If a port is omitted, Puppet uses masterport for that host.", 1586 }, 1587 :use_srv_records => { 1588 :default => false, 1589 :type => :boolean, 1590 :desc => "Whether the server will search for SRV records in DNS for the current domain.", 1591 }, 1592 :srv_domain => { 1593 :default => lambda { Puppet::Settings.domain_fact }, 1594 :desc => "The domain which will be queried to find the SRV records of servers to use.", 1595 }, 1596 :http_extra_headers => { 1597 :default => [], 1598 :type => :http_extra_headers, 1599 :desc => "The list of extra headers that will be sent with http requests to the primary server. 1600 The header definition consists of a name and a value separated by a colon." 1601 }, 1602 :ignoreschedules => { 1603 :default => false, 1604 :type => :boolean, 1605 :desc => "Boolean; whether puppet agent should ignore schedules. This is useful 1606 for initial puppet agent runs.", 1607 }, 1608 :default_schedules => { 1609 :default => true, 1610 :type => :boolean, 1611 :desc => "Boolean; whether to generate the default schedule resources. Setting this to 1612 false is useful for keeping external report processors clean of skipped schedule resources.", 1613 }, 1614 :noop => { 1615 :default => false, 1616 :type => :boolean, 1617 :desc => "Whether to apply catalogs in noop mode, which allows Puppet to 1618 partially simulate a normal run. This setting affects puppet agent and 1619 puppet apply. 1620 1621 When running in noop mode, Puppet will check whether each resource is in sync, 1622 like it does when running normally. However, if a resource attribute is not in 1623 the desired state (as declared in the catalog), Puppet will take no 1624 action, and will instead report the changes it _would_ have made. These 1625 simulated changes will appear in the report sent to the primary Puppet server, or 1626 be shown on the console if running puppet agent or puppet apply in the 1627 foreground. The simulated changes will not send refresh events to any 1628 subscribing or notified resources, although Puppet will log that a refresh 1629 event _would_ have been sent. 1630 1631 **Important note:** 1632 [The `noop` metaparameter](https://puppet.com/docs/puppet/latest/metaparameter.html#noop) 1633 allows you to apply individual resources in noop mode, and will override 1634 the global value of the `noop` setting. This means a resource with 1635 `noop => false` _will_ be changed if necessary, even when running puppet 1636 agent with `noop = true` or `--noop`. (Conversely, a resource with 1637 `noop => true` will only be simulated, even when noop mode is globally disabled.)", 1638 }, 1639 :runinterval => { 1640 :default => "30m", 1641 :type => :duration, 1642 :desc => "How often puppet agent applies the catalog. 1643 Note that a runinterval of 0 means \"run continuously\" rather than 1644 \"never run.\" #{AS_DURATION}", 1645 }, 1646 :runtimeout => { 1647 :default => "1h", 1648 :type => :duration, 1649 :desc => "The maximum amount of time an agent run is allowed to take. 1650 A Puppet agent run that exceeds this timeout will be aborted. A value 1651 of 0 disables the timeout. Defaults to 1 hour. #{AS_DURATION}", 1652 }, 1653 :ca_server => { 1654 :default => "$server", 1655 :desc => "The server to use for certificate 1656 authority requests. It's a separate server because it cannot 1657 and does not need to horizontally scale.", 1658 }, 1659 :ca_port => { 1660 :default => "$serverport", 1661 :type => :port, 1662 :desc => "The port to use for the certificate authority.", 1663 }, 1664 :preferred_serialization_format => { 1665 :default => "json", 1666 :desc => "The preferred means of serializing 1667 ruby instances for passing over the wire. This won't guarantee that all 1668 instances will be serialized using this method, since not all classes 1669 can be guaranteed to support this format, but it will be used for all 1670 classes that support it.", 1671 }, 1672 :agent_catalog_run_lockfile => { 1673 :default => "$statedir/agent_catalog_run.lock", 1674 :type => :string, # (#2888) Ensure this file is not added to the settings catalog. 1675 :desc => "A lock file to indicate that a puppet agent catalog run is currently in progress. 1676 The file contains the pid of the process that holds the lock on the catalog run.", 1677 }, 1678 :agent_disabled_lockfile => { 1679 :default => "$statedir/agent_disabled.lock", 1680 :type => :string, 1681 :desc => "A lock file to indicate that puppet agent runs have been administratively 1682 disabled. File contains a JSON object with state information.", 1683 }, 1684 :usecacheonfailure => { 1685 :default => true, 1686 :type => :boolean, 1687 :desc => "Whether to use the cached configuration when the remote 1688 configuration will not compile. This option is useful for testing 1689 new configurations, where you want to fix the broken configuration 1690 rather than reverting to a known-good one.", 1691 }, 1692 :fact_name_length_soft_limit => { 1693 :default => 2560, 1694 :type => :integer, 1695 :desc => "The soft limit for the length of a fact name.", 1696 }, 1697 :fact_value_length_soft_limit => { 1698 :default => 4096, 1699 :type => :integer, 1700 :desc => "The soft limit for the length of a fact value.", 1701 }, 1702 :top_level_facts_soft_limit => { 1703 :default => 512, 1704 :type => :integer, 1705 :desc => "The soft limit for the number of top level facts.", 1706 }, 1707 :number_of_facts_soft_limit => { 1708 :default => 2048, 1709 :type => :integer, 1710 :desc => "The soft limit for the total number of facts.", 1711 }, 1712 :payload_soft_limit => { 1713 :default => 16 * 1024 * 1024, 1714 :type => :integer, 1715 :desc => "The soft limit for the size of the payload.", 1716 }, 1717 :use_cached_catalog => { 1718 :default => false, 1719 :type => :boolean, 1720 :desc => "Whether to only use the cached catalog rather than compiling a new catalog 1721 on every run. Puppet can be run with this enabled by default and then selectively 1722 disabled when a recompile is desired. Because a Puppet agent using cached catalogs 1723 does not contact the primary server for a new catalog, it also does not upload facts at 1724 the beginning of the Puppet run.", 1725 }, 1726 :ignoremissingtypes => { 1727 :default => false, 1728 :type => :boolean, 1729 :desc => "Skip searching for classes and definitions that were missing during a 1730 prior compilation. The list of missing objects is maintained per-environment and 1731 persists until the environment is cleared or the primary server is restarted.", 1732 }, 1733 :splaylimit => { 1734 :default => "$runinterval", 1735 :type => :duration, 1736 :desc => "The maximum time to delay before an agent's first run when 1737 `splay` is enabled. Defaults to the agent's `$runinterval`. The 1738 `splay` interval is random and recalculated each time the agent is started or 1739 restarted. #{AS_DURATION}", 1740 }, 1741 :splay => { 1742 :default => false, 1743 :type => :boolean, 1744 :desc => "Whether to sleep for a random amount of time, ranging from 1745 immediately up to its `$splaylimit`, before performing its first agent run 1746 after a service restart. After this period, the agent runs periodically 1747 on its `$runinterval`. 1748 1749 For example, assume a default 30-minute `$runinterval`, `splay` set to its 1750 default of `false`, and an agent starting at :00 past the hour. The agent 1751 would check in every 30 minutes at :01 and :31 past the hour. 1752 1753 With `splay` enabled, it waits any amount of time up to its `$splaylimit` 1754 before its first run. For example, it might randomly wait 8 minutes, 1755 then start its first run at :08 past the hour. With the `$runinterval` 1756 at its default 30 minutes, its next run will be at :38 past the hour. 1757 1758 If you restart an agent's puppet service with `splay` enabled, it 1759 recalculates its splay period and delays its first agent run after 1760 restarting for this new period. If you simultaneously restart a group of 1761 puppet agents with `splay` enabled, their checkins to your primary servers 1762 can be distributed more evenly.", 1763 }, 1764 :clientbucketdir => { 1765 :default => "$vardir/clientbucket", 1766 :type => :directory, 1767 :mode => "0750", 1768 :desc => "Where FileBucket files are stored locally." 1769 }, 1770 :report_server => { 1771 :default => "$server", 1772 :desc => "The server to send transaction reports to.", 1773 }, 1774 :report_port => { 1775 :default => "$serverport", 1776 :type => :port, 1777 :desc => "The port to communicate with the report_server.", 1778 }, 1779 :report => { 1780 :default => true, 1781 :type => :boolean, 1782 :desc => "Whether to send reports after every transaction.", 1783 }, 1784 :report_include_system_store => { 1785 :default => false, 1786 :type => :boolean, 1787 :desc => "Whether the 'http' report processor should include the system 1788 certificate store when submitting reports to HTTPS URLs. If false, then 1789 the 'http' processor will only trust HTTPS report servers whose certificates 1790 are issued by the puppet CA or one of its intermediate CAs. If true, the 1791 processor will additionally trust CA certificates in the system's 1792 certificate store." 1793 }, 1794 :resubmit_facts => { 1795 :default => false, 1796 :type => :boolean, 1797 :desc => "Whether to send updated facts after every transaction. By default 1798 puppet only submits facts at the beginning of the transaction before applying a 1799 catalog. Since puppet can modify the state of the system, the value of the facts 1800 may change after puppet finishes. Therefore, any facts stored in puppetdb may not 1801 be consistent until the agent next runs, typically in 30 minutes. If this feature 1802 is enabled, puppet will resubmit facts after applying its catalog, ensuring facts 1803 for the node stored in puppetdb are current. However, this will double the fact 1804 submission load on puppetdb, so it is disabled by default.", 1805 }, 1806 :publicdir => { 1807 :default => nil, 1808 :type => :directory, 1809 :mode => "0755", 1810 :desc => "Where Puppet stores public files." 1811 }, 1812 :lastrunfile => { 1813 :default => "$publicdir/last_run_summary.yaml", 1814 :type => :file, 1815 :mode => "0640", 1816 :desc => "Where puppet agent stores the last run report summary in yaml format." 1817 }, 1818 :lastrunreport => { 1819 :default => "$statedir/last_run_report.yaml", 1820 :type => :file, 1821 :mode => "0640", 1822 :desc => "Where Puppet Agent stores the last run report, by default, in yaml format. 1823 The format of the report can be changed by setting the `cache` key of the `report` terminus 1824 in the [routes.yaml](https://puppet.com/docs/puppet/latest/config_file_routes.html) file. 1825 To avoid mismatches between content and file extension, this setting needs to be 1826 manually updated to reflect the terminus changes." 1827 }, 1828 :graph => { 1829 :default => false, 1830 :type => :boolean, 1831 :desc => "Whether to create .dot graph files, which let you visualize the 1832 dependency and containment relationships in Puppet's catalog. You 1833 can load and view these files with tools like 1834 [OmniGraffle](http://www.omnigroup.com/applications/omnigraffle/) (OS X) 1835 or [graphviz](http://www.graphviz.org/) (multi-platform). 1836 1837 Graph files are created when _applying_ a catalog, so this setting 1838 should be used on nodes running `puppet agent` or `puppet apply`. 1839 1840 The `graphdir` setting determines where Puppet will save graphs. Note 1841 that we don't save graphs for historical runs; Puppet will replace the 1842 previous .dot files with new ones every time it applies a catalog. 1843 1844 See your graphing software's documentation for details on opening .dot 1845 files. If you're using GraphViz's `dot` command, you can do a quick PNG 1846 render with `dot -Tpng <DOT FILE> -o <OUTPUT FILE>`.", 1847 }, 1848 :graphdir => { 1849 :default => "$statedir/graphs", 1850 :type => :directory, 1851 :desc => "Where to save .dot-format graphs (when the `graph` setting is enabled).", 1852 }, 1853 :waitforcert => { 1854 :default => "2m", 1855 :type => :duration, 1856 :desc => "How frequently puppet agent should ask for a signed certificate. 1857 1858 When starting for the first time, puppet agent will submit a certificate 1859 signing request (CSR) to the server named in the `ca_server` setting 1860 (usually the primary Puppet server); this may be autosigned, or may need to be 1861 approved by a human, depending on the CA server's configuration. 1862 1863 Puppet agent cannot apply configurations until its approved certificate is 1864 available. Since the certificate may or may not be available immediately, 1865 puppet agent will repeatedly try to fetch it at this interval. You can 1866 turn off waiting for certificates by specifying a time of 0, or a maximum 1867 amount of time to wait in the `maxwaitforcert` setting, in which case 1868 puppet agent will exit if it cannot get a cert. 1869 #{AS_DURATION}", 1870 }, 1871 :maxwaitforcert => { 1872 :default => "unlimited", 1873 :type => :ttl, 1874 :desc => "The maximum amount of time the Puppet agent should wait for its 1875 certificate request to be signed. A value of `unlimited` will cause puppet agent 1876 to ask for a signed certificate indefinitely. 1877 #{AS_DURATION}", 1878 }, 1879 :waitforlock => { 1880 :default => "0", 1881 :type => :duration, 1882 :desc => "How frequently puppet agent should try running when there is an 1883 already ongoing puppet agent instance. 1884 1885 This argument is by default disabled (value set to 0). In this case puppet agent will 1886 immediately exit if it cannot run at that moment. When a value other than 0 is set, this 1887 can also be used in combination with the `maxwaitforlock` argument. 1888 #{AS_DURATION}", 1889 }, 1890 :maxwaitforlock => { 1891 :default => "1m", 1892 :type => :ttl, 1893 :desc => "The maximum amount of time the puppet agent should wait for an 1894 already running puppet agent to finish before starting a new one. This is set by default to 1 minute. 1895 A value of `unlimited` will cause puppet agent to wait indefinitely. 1896 #{AS_DURATION}", 1897 } 1898 ) 1899 1900 # Plugin information. 1901 1902 settings.define_settings( 1903 :main, 1904 :plugindest => { 1905 :type => :directory, 1906 :default => "$libdir", 1907 :desc => "Where Puppet should store plugins that it pulls down from the central 1908 server.", 1909 }, 1910 :pluginsource => { 1911 :default => "puppet:///plugins", 1912 :desc => "From where to retrieve plugins. The standard Puppet `file` type 1913 is used for retrieval, so anything that is a valid file source can 1914 be used here.", 1915 }, 1916 :pluginfactdest => { 1917 :type => :directory, 1918 :default => "$vardir/facts.d", 1919 :desc => "Where Puppet should store external facts that are being handled by pluginsync", 1920 }, 1921 :pluginfactsource => { 1922 :default => "puppet:///pluginfacts", 1923 :desc => "Where to retrieve external facts for pluginsync", 1924 }, 1925 :localedest => { 1926 :type => :directory, 1927 :default => "$vardir/locales", 1928 :desc => "Where Puppet should store translation files that it pulls down from the central 1929 server.", 1930 }, 1931 :localesource => { 1932 :default => "puppet:///locales", 1933 :desc => "From where to retrieve translation files. The standard Puppet `file` type 1934 is used for retrieval, so anything that is a valid file source can 1935 be used here.", 1936 }, 1937 :pluginsync => { 1938 :default => true, 1939 :type => :boolean, 1940 :desc => "Whether plugins should be synced with the central server. This setting is 1941 deprecated.", 1942 :hook => proc { |value| 1943 #TRANSLATORS 'pluginsync' is a setting and should not be translated 1944 Puppet.deprecation_warning(_("Setting 'pluginsync' is deprecated.")) 1945 } 1946 }, 1947 :pluginsignore => { 1948 :default => ".svn CVS .git .hg", 1949 :desc => "What files to ignore when pulling down plugins.", 1950 }, 1951 :ignore_plugin_errors => { 1952 :default => false, 1953 :type => :boolean, 1954 :desc => "Whether the puppet run should ignore errors during pluginsync. If the setting 1955 is false and there are errors during pluginsync, then the agent will abort the run and 1956 submit a report containing information about the failed run." 1957 } 1958 ) 1959 1960 # Central fact information. 1961 1962 settings.define_settings( 1963 :main, 1964 :factpath => { 1965 :type => :path, 1966 :default => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts", 1967 :desc => "Where Puppet should look for facts. Multiple directories should 1968 be separated by the system path separator character. (The POSIX path 1969 separator is ':', and the Windows path separator is ';'.)", 1970 1971 :call_hook => :on_initialize_and_write, # Call our hook with the default value, so we always get the value added to facter. 1972 :hook => proc do |value| 1973 paths = value.split(File::PATH_SEPARATOR) 1974 Facter.search(*paths) 1975 end 1976 } 1977 ) 1978 1979 settings.define_settings( 1980 :transaction, 1981 :tags => { 1982 :default => "", 1983 :desc => "Tags to use to find resources. If this is set, then 1984 only resources tagged with the specified tags will be applied. 1985 Values must be comma-separated.", 1986 }, 1987 :skip_tags => { 1988 :default => "", 1989 :desc => "Tags to use to filter resources. If this is set, then 1990 only resources not tagged with the specified tags will be applied. 1991 Values must be comma-separated.", 1992 }, 1993 :evaltrace => { 1994 :default => false, 1995 :type => :boolean, 1996 :desc => "Whether each resource should log when it is 1997 being evaluated. This allows you to interactively see exactly 1998 what is being done.", 1999 }, 2000 :summarize => { 2001 :default => false, 2002 :type => :boolean, 2003 :desc => "Whether to print a transaction summary.", 2004 } 2005 ) 2006 2007 settings.define_settings( 2008 :main, 2009 :external_nodes => { 2010 :default => "none", 2011 :desc => "The external node classifier (ENC) script to use for node data. 2012 Puppet combines this data with the main manifest to produce node catalogs. 2013 2014 To enable this setting, set the `node_terminus` setting to `exec`. 2015 2016 This setting's value must be the path to an executable command that 2017 can produce node information. The command must: 2018 2019 * Take the name of a node as a command-line argument. 2020 * Return a YAML hash with up to three keys: 2021 * `classes` --- A list of classes, as an array or hash. 2022 * `environment` --- A string. 2023 * `parameters` --- A list of top-scope variables to set, as a hash. 2024 * For unknown nodes, exit with a non-zero exit code. 2025 2026 Generally, an ENC script makes requests to an external data source. 2027 2028 For more info, see [the ENC documentation](https://puppet.com/docs/puppet/latest/nodes_external.html).", 2029 } 2030 ) 2031 2032 settings.define_settings( 2033 :ldap, 2034 :ldapssl => { 2035 :default => false, 2036 :type => :boolean, 2037 :desc => "Whether SSL should be used when searching for nodes. 2038 Defaults to false because SSL usually requires certificates 2039 to be set up on the client side.", 2040 }, 2041 :ldaptls => { 2042 :default => false, 2043 :type => :boolean, 2044 :desc => "Whether TLS should be used when searching for nodes. 2045 Defaults to false because TLS usually requires certificates 2046 to be set up on the client side.", 2047 }, 2048 :ldapserver => { 2049 :default => "ldap", 2050 :desc => "The LDAP server.", 2051 }, 2052 :ldapport => { 2053 :default => 389, 2054 :type => :port, 2055 :desc => "The LDAP port.", 2056 }, 2057 2058 :ldapstring => { 2059 :default => "(&(objectclass=puppetClient)(cn=%s))", 2060 :desc => "The search string used to find an LDAP node.", 2061 }, 2062 :ldapclassattrs => { 2063 :default => "puppetclass", 2064 :desc => "The LDAP attributes to use to define Puppet classes. Values 2065 should be comma-separated.", 2066 }, 2067 :ldapstackedattrs => { 2068 :default => "puppetvar", 2069 :desc => "The LDAP attributes that should be stacked to arrays by adding 2070 the values in all hierarchy elements of the tree. Values 2071 should be comma-separated.", 2072 }, 2073 :ldapattrs => { 2074 :default => "all", 2075 :desc => "The LDAP attributes to include when querying LDAP for nodes. All 2076 returned attributes are set as variables in the top-level scope. 2077 Multiple values should be comma-separated. The value 'all' returns 2078 all attributes.", 2079 }, 2080 :ldapparentattr => { 2081 :default => "parentnode", 2082 :desc => "The attribute to use to define the parent node.", 2083 }, 2084 :ldapuser => { 2085 :default => "", 2086 :desc => "The user to use to connect to LDAP. Must be specified as a 2087 full DN.", 2088 }, 2089 :ldappassword => { 2090 :default => "", 2091 :desc => "The password to use to connect to LDAP.", 2092 }, 2093 :ldapbase => { 2094 :default => "", 2095 :desc => "The search base for LDAP searches. It's impossible to provide 2096 a meaningful default here, although the LDAP libraries might 2097 have one already set. Generally, it should be the 'ou=Hosts' 2098 branch under your main directory.", 2099 } 2100 ) 2101 2102 settings.define_settings(:server, 2103 :storeconfigs => { 2104 :default => false, 2105 :type => :boolean, 2106 :desc => "Whether to store each client's configuration, including catalogs, facts, 2107 and related data. This also enables the import and export of resources in 2108 the Puppet language - a mechanism for exchange resources between nodes. 2109 2110 By default this uses the 'puppetdb' backend. 2111 2112 You can adjust the backend using the storeconfigs_backend setting.", 2113 # Call our hook with the default value, so we always get the libdir set. 2114 :call_hook => :on_initialize_and_write, 2115 :hook => proc do |value| 2116 require_relative '../puppet/node' 2117 require_relative '../puppet/node/facts' 2118 if value 2119 Puppet::Resource::Catalog.indirection.set_global_setting(:cache_class, :store_configs) 2120 settings.override_default(:catalog_cache_terminus, :store_configs) 2121 Puppet::Node::Facts.indirection.set_global_setting(:cache_class, :store_configs) 2122 Puppet::Resource.indirection.set_global_setting(:terminus_class, :store_configs) 2123 end 2124 end 2125 }, 2126 :storeconfigs_backend => { 2127 :type => :terminus, 2128 :default => "puppetdb", 2129 :desc => "Configure the backend terminus used for StoreConfigs. 2130 By default, this uses the PuppetDB store, which must be installed 2131 and configured before turning on StoreConfigs." 2132 } 2133 ) 2134 2135 settings.define_settings(:parser, 2136 :max_errors => { 2137 :default => 10, 2138 :type => :integer, 2139 :desc => <<-'EOT' 2140 Sets the max number of logged/displayed parser validation errors in case 2141 multiple errors have been detected. A value of 0 is the same as a value of 1; a 2142 minimum of one error is always raised. The count is per manifest. 2143 EOT 2144 }, 2145 :max_warnings => { 2146 :default => 10, 2147 :type => :integer, 2148 :desc => <<-'EOT' 2149 Sets the max number of logged/displayed parser validation warnings in 2150 case multiple warnings have been detected. A value of 0 blocks logging of 2151 warnings. The count is per manifest. 2152 EOT 2153 }, 2154 :max_deprecations => { 2155 :default => 10, 2156 :type => :integer, 2157 :desc => <<-'EOT' 2158 Sets the max number of logged/displayed parser validation deprecation 2159 warnings in case multiple deprecation warnings have been detected. A value of 0 2160 blocks the logging of deprecation warnings. The count is per manifest. 2161 EOT 2162 }, 2163 :strict_variables => { 2164 :default => false, 2165 :type => :boolean, 2166 :desc => <<-'EOT' 2167 Causes an evaluation error when referencing unknown variables. (This does not affect 2168 referencing variables that are explicitly set to undef). 2169 EOT 2170 }, 2171 :tasks => { 2172 :default => false, 2173 :type => :boolean, 2174 :desc => <<-'EOT' 2175 Turns on experimental support for tasks and plans in the puppet language. This is for internal API use only. 2176 Do not change this setting. 2177 EOT 2178 } 2179 ) 2180 settings.define_settings(:puppetdoc, 2181 :document_all => { 2182 :default => false, 2183 :type => :boolean, 2184 :desc => "Whether to document all resources when using `puppet doc` to 2185 generate manifest documentation.", 2186 } 2187 ) 2188 2189 settings.define_settings( 2190 :main, 2191 :rich_data => { 2192 :default => true, 2193 :type => :boolean, 2194 :desc => <<-'EOT' 2195 Enables having extended data in the catalog by storing them as a hash with the special key 2196 `__ptype`. When enabled, resource containing values of the data types `Binary`, `Regexp`, 2197 `SemVer`, `SemVerRange`, `Timespan` and `Timestamp`, as well as instances of types derived 2198 from `Object` retain their data type. 2199 EOT 2200 } 2201 ) 2202 end
Initialize puppet's core facts. It should not be called before initialize_settings.
# File lib/puppet.rb 193 def self.initialize_facts 194 # Add the puppetversion fact; this is done before generating the hash so it is 195 # accessible to custom facts. 196 Facter.add(:puppetversion) do 197 setcode { Puppet.version.to_s } 198 end 199 200 Facter.add(:agent_specified_environment) do 201 setcode do 202 Puppet.settings.set_by_cli(:environment) || 203 Puppet.settings.set_in_section(:environment, :agent) || 204 Puppet.settings.set_in_section(:environment, :main) 205 end 206 end 207 end
Initialize puppet's settings. This is intended only for use by external tools that are not
built off of the Faces API or the Puppet::Util::Application class. It may also be used to initialize state so that a Face may be used programatically, rather than as a stand-alone command-line tool.
@api public @param args [Array<String>] the command line arguments to use for initialization @param require_config [Boolean] controls loading of Puppet
configuration files @param global_settings [Boolean] controls push to global context after settings object initialization @param runtime_implementations [Hash<Symbol, Object>] runtime implementations to register @return [void]
# File lib/puppet.rb 152 def self.initialize_settings(args = [], require_config = true, push_settings_globally = true, runtime_implementations = {}) 153 do_initialize_settings_for_run_mode(:user, args, require_config, push_settings_globally, runtime_implementations) 154 end
# File lib/puppet/type/exec.rb 626 def self.instances 627 [] 628 end
Lookup a binding by name or return a default value provided by a passed block (if given). @api private
# File lib/puppet.rb 297 def self.lookup(name, &block) 298 @context.lookup(name, &block) 299 end
@api private
# File lib/puppet.rb 322 def self.mark_context(name) 323 @context.mark(name) 324 end
@return [String] containing the puppet version to minor specificity, e.g. “3.0”
# File lib/puppet/version.rb 68 def self.minor_version 69 self.version.split('.')[0..1].join('.') 70 end
Create a default filebucket.
# File lib/puppet/type/filebucket.rb 85 def self.mkdefaultbucket 86 new(:name => "puppet", :path => Puppet[:clientbucketdir]) 87 end
# File lib/puppet/type/schedule.rb 392 def self.mkdefaultschedules 393 result = [] 394 unless Puppet[:default_schedules] 395 Puppet.debug "Not creating default schedules: default_schedules is false" 396 return result 397 end 398 399 Puppet.debug "Creating default schedules" 400 401 result << self.new( 402 403 :name => "puppet", 404 :period => :hourly, 405 406 :repeat => "2" 407 ) 408 409 # And then one for every period 410 @parameters.find { |p| p.name == :period }.value_collection.values.each { |value| 411 412 result << self.new( 413 :name => value.to_s, 414 :period => value 415 ) 416 } 417 418 result 419 end
# File lib/puppet/type/service.rb 294 def self.needs_ensure_retrieved 295 false 296 end
Create a new check mechanism. It's basically a parameter that provides one extra 'check' method.
# File lib/puppet/type/exec.rb 73 def self.newcheck(name, options = {}, &block) 74 @checks ||= {} 75 76 check = newparam(name, options, &block) 77 @checks[name] = check 78 end
# File lib/puppet/type/file/source.rb 124 def self.normalize(source) 125 source.sub(/[#{SEPARATOR_REGEX}]+$/, '') 126 end
@param bindings [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @yield [] A block executed in the context of the temporarily pushed bindings. @api private
# File lib/puppet.rb 305 def self.override(bindings, description = "", &block) 306 @context.override(bindings, description, &block) 307 end
# File lib/puppet/type/package.rb 284 def self.parameters_to_include 285 [:provider] 286 end
Return to the previous context. @raise [StackUnderflow] if the current context is the root @api private
# File lib/puppet.rb 291 def self.pop_context 292 @context.pop 293 end
@param overrides [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @api private
# File lib/puppet.rb 276 def self.push_context(overrides, description = "") 277 @context.push(overrides, description) 278 end
Push something onto the the context and make it global across threads. This has the potential to convert threadlocal overrides earlier on the stack into global overrides. @api private
# File lib/puppet.rb 284 def self.push_context_global(overrides, description = '') 285 @context.unsafe_push_global(overrides, description) 286 end
The puppetserver project has its own settings class that is thread-aware; this method is here to allow the puppetserver to define its own custom settings class for multithreaded puppet. It is not intended for use outside of the puppetserver implmentation.
# File lib/puppet.rb 71 def self.replace_settings_object(new_settings) 72 @@settings = new_settings 73 end
@param name The name of a previously ignored context key to restore; intended for test usage. @api private
# File lib/puppet.rb 317 def self.restore(name) 318 @context.restore(name) 319 end
@api private
# File lib/puppet.rb 327 def self.rollback_context(name) 328 @context.rollback(name) 329 end
# File lib/puppet.rb 117 def self.run_mode 118 # This sucks (the existence of this method); there are a lot of places in our code that branch based the value of 119 # "run mode", but there used to be some really confusing code paths that made it almost impossible to determine 120 # when during the lifecycle of a puppet application run the value would be set properly. A lot of the lifecycle 121 # stuff has been cleaned up now, but it still seems frightening that we rely so heavily on this value. 122 # 123 # I'd like to see about getting rid of the concept of "run_mode" entirely, but there are just too many places in 124 # the code that call this method at the moment... so I've settled for isolating it inside of the Settings class 125 # (rather than using a global variable, as we did previously...). Would be good to revisit this at some point. 126 # 127 # --cprice 2012-03-16 128 Puppet::Util::RunMode[@@settings.preferred_run_mode] 129 end
# File lib/puppet.rb 331 def self.runtime 332 @runtime 333 end
Note: It's important that these accessors (`self.settings`, `self.[]`) are defined before we try to load any “features” (which happens a few lines below), because the implementation of the features loading may examine the values of settings.
# File lib/puppet.rb 63 def self.settings 64 @@settings 65 end
We have more than one namevar, so we need title_patterns. However, we cheat and set the patterns to map to name only and completely ignore provider (and command, for targetable providers). So far, the logic that determines uniqueness appears to just “Do The Right Thing™” when provider (and command) are explicitly set.
The following resources will be seen as unique by puppet:
# Uniqueness Key: ['mysql', nil] package {'mysql': } # Uniqueness Key: ['mysql', 'gem', nil] package {'gem-mysql': name => 'mysql, provider => gem, } # Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem'] package {'gem-mysql-opt': name => 'mysql, provider => gem command => '/opt/ruby/bin/gem', }
This does not handle the case where providers like 'yum' and 'rpm' should clash. Also, declarations that implicitly use the default provider will clash with those that explicitly use the default.
# File lib/puppet/type/package.rb 342 def self.title_patterns 343 # This is the default title pattern for all types, except hard-wired to 344 # set only name. 345 [ [ /(.*)/m, [ [:name] ] ] ] 346 end
# File lib/puppet/defaults.rb 17 def self.valid_digest_algorithms 18 Puppet::Util::Platform.fips_enabled? ? 19 %w[sha256 sha384 sha512 sha224] : 20 %w[sha256 sha384 sha512 sha224 md5] 21 end
# File lib/puppet/defaults.rb 29 def self.valid_file_checksum_types 30 Puppet::Util::Platform.fips_enabled? ? 31 %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite mtime ctime] : 32 %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime] 33 end
version is a public API method intended to always provide a fast and lightweight way to determine the version of Puppet
.
The intent is that software external to Puppet
be able to determine the Puppet
version with no side-effects. The expected use is:
require 'puppet/version' version = Puppet.version
This function has the following ordering precedence. This precedence list is designed to facilitate automated packaging tasks by simply writing to the VERSION file in the same directory as this source file.
1. If a version has been explicitly assigned using the Puppet.version= method, return that version. 2. If there is a VERSION file, read the contents, trim any trailing whitespace, and return that version string. 3. Return the value of the Puppet::PUPPETVERSION constant hard-coded into the source code.
If there is no VERSION file, the method must return the version string of the nearest parent version that is an officially released version. That is to say, if a branch named 3.1.x contains 25 patches on top of the most recent official release of 3.1.1, then the version method must return the string “3.1.1” if no “VERSION” file is present.
By design the version identifier is not intended to vary during the life a process. There is no guarantee provided that writing to the VERSION file while a Puppet
process is running will cause the version string to be updated. On the contrary, the contents of the VERSION are cached to reduce filesystem accesses.
The VERSION file is intended to be used by package maintainers who may be applying patches or otherwise changing the software version in a manner that warrants a different software version identifier. The VERSION file is intended to be managed and owned by the release process and packaging related tasks, and as such should not reside in version control. The PUPPETVERSION
constant is intended to be version controlled in history.
Ideally, this behavior will allow package maintainers to precisely specify the version of the software they're packaging as in the following example:
$ git describe --match "3.0.*" > lib/puppet/VERSION $ ruby -r puppet -e 'puts Puppet.version' 3.0.1-260-g9ca4e54
@api public
@return [String] containing the puppet version, e.g. “3.0.1”
# File lib/puppet/version.rb 61 def self.version 62 version_file = File.join(File.dirname(__FILE__), 'VERSION') 63 return @puppet_version if @puppet_version 64 @puppet_version = read_version_file(version_file) || PUPPETVERSION 65 end
# File lib/puppet/version.rb 72 def self.version=(version) 73 @puppet_version = version 74 end
Private Class Methods
private helper method to provide the implementation details of initializing for a run mode,
but allowing us to control where the deprecation warning is issued
# File lib/puppet.rb 177 def self.do_initialize_settings_for_run_mode(run_mode, args, require_config, push_settings_globally, runtime_implementations) 178 Puppet.settings.initialize_global_settings(args, require_config) 179 run_mode = Puppet::Util::RunMode[run_mode] 180 Puppet.settings.initialize_app_defaults(Puppet::Settings.app_defaults_for_run_mode(run_mode)) 181 if push_settings_globally 182 initialize_load_path 183 push_context_global(Puppet.base_context(Puppet.settings), "Initial context after settings initialization") 184 Puppet::Parser::Functions.reset 185 end 186 runtime_implementations.each_pair do |name, impl| 187 Puppet.runtime[name] = impl 188 end 189 end
# File lib/puppet.rb 169 def self.initialize_load_path 170 $LOAD_PATH.unshift(Puppet[:libdir]) 171 $LOAD_PATH.concat(vendored_modules) 172 end
read_version_file
reads the content of the “VERSION” file that lives in the same directory as this source code file.
@api private
@return [String] for example: “1.6.14-6-gea42046” or nil if the VERSION
file does not exist.
# File lib/puppet/version.rb 84 def self.read_version_file(path) 85 if File.exist?(path) 86 File.read(path).chomp 87 end 88 end
# File lib/puppet.rb 156 def self.vendored_modules 157 dir = Puppet[:vendormoduledir] 158 if dir && File.directory?(dir) 159 Dir.entries(dir) 160 .reject { |f| f =~ /^\./ } 161 .map { |f| File.join(dir, f, "lib") } 162 .select { |d| FileTest.directory?(d) } 163 else 164 [] 165 end 166 end
Public Instance Methods
Calculates the actual should value given the current and new values. This is only used in should_to_s
and change_to_s
to fix the change notification issue reported in PUP-6542.
# File lib/puppet/type/group.rb 123 def actual_should(currentvalue, newvalue) 124 currentvalue = munge_members_value(currentvalue) 125 newvalue = munge_members_value(newvalue) 126 127 if @resource[:auth_membership] 128 newvalue.uniq.sort 129 else 130 (currentvalue + newvalue).uniq.sort 131 end 132 end
# File lib/puppet/type/filebucket.rb 89 def bucket 90 mkbucket unless defined?(@bucket) 91 @bucket 92 end
Make output a bit prettier
# File lib/puppet/type/exec.rb 120 def change_to_s(currentvalue, newvalue) 121 _("executed successfully") 122 end
We always fail this test, because we're only supposed to run on refresh.
# File lib/puppet/type/exec.rb 401 def check(value) 402 # We have to invert the values. 403 if value == :true 404 false 405 else 406 true 407 end 408 end
Verify that we pass all of the checks. The argument determines whether we skip the :refreshonly check, which is necessary because we now check within refresh
# File lib/puppet/type/exec.rb 633 def check_all_attributes(refreshing = false) 634 self.class.checks.each { |check| 635 next if refreshing and check == :refreshonly 636 if @parameters.include?(check) 637 val = @parameters[check].value 638 val = [val] unless val.is_a? Array 639 val.each do |value| 640 if !@parameters[check].check(value) 641 # Give a debug message so users can figure out what command would have been 642 # but don't print sensitive commands or parameters in the clear 643 cmdstring = @parameters[:command].sensitive ? "[command redacted]" : @parameters[:command].value 644 645 debug(_("'%{cmd}' won't be executed because of failed check '%{check}'") % { cmd: cmdstring, check: check }) 646 647 return false 648 end 649 end 650 end 651 } 652 653 true 654 end
# File lib/puppet/type/file/source.rb 137 def checksum 138 metadata && metadata.checksum 139 end
# File lib/puppet/type/file/source.rb 283 def chunk_file_from_disk(local_path) 284 File.open(local_path, "rb") do |src| 285 while chunk = src.read(8192) #rubocop:disable Lint/AssignmentInCondition 286 yield chunk 287 end 288 end 289 end
# File lib/puppet/type/file/source.rb 323 def chunk_file_from_source(&block) 324 if uri.scheme =~ /^https?/ 325 # Historically puppet has not encoded the http(s) source URL before parsing 326 # it, for example, if the path contains spaces, then it must be URL encoded 327 # as %20 in the manifest. Puppet behaves the same when retrieving file 328 # metadata via http(s), see Puppet::Indirector::FileMetadata::Http#find. 329 url = URI.parse(metadata.source) 330 get_from_http_source(url, &block) 331 elsif metadata.content_uri 332 content_url = URI.parse(Puppet::Util.uri_encode(metadata.content_uri)) 333 get_from_content_uri_source(content_url, &block) 334 else 335 get_from_source_uri_source(uri, &block) 336 end 337 rescue Puppet::HTTP::ResponseError => e 338 handle_response_error(e.response) 339 end
This only exists for testing.
# File lib/puppet/type/package.rb 612 def clear 613 obj = @parameters[:ensure] 614 if obj 615 obj.latest = nil 616 end 617 end
# File lib/puppet/type/file/content.rb 92 def content 93 self.should 94 end
# File lib/puppet/type/file/content.rb 162 def content_is_really_a_checksum? 163 checksum?(should) 164 end
# File lib/puppet/type/file/source.rb 254 def copy_source_value(metadata_method) 255 param_name = (metadata_method == :checksum) ? :content : metadata_method 256 if resource[param_name].nil? or resource[param_name] == :absent 257 if Puppet::Util::Platform.windows? && [:owner, :group, :mode].include?(metadata_method) 258 devfail "Should not have tried to use source owner/mode/group on Windows" 259 end 260 261 value = metadata.send(metadata_method) 262 # Force the mode value in file resources to be a string containing octal. 263 value = value.to_s(8) if param_name == :mode && value.is_a?(Numeric) 264 resource[param_name] = value 265 266 if (metadata_method == :checksum) 267 # If copying checksum, also copy checksum_type 268 resource[:checksum] = metadata.checksum_type 269 end 270 end 271 end
Copy the values from the source to the resource. Yay.
# File lib/puppet/type/file/source.rb 142 def copy_source_values 143 devfail "Somehow got asked to copy source values without any metadata" unless metadata 144 145 # conditionally copy :checksum 146 if metadata.ftype != "directory" && !(metadata.ftype == "link" && metadata.links == :manage) 147 copy_source_value(:checksum) 148 end 149 150 # Take each of the stats and set them as states on the local file 151 # if a value has not already been provided. 152 [:owner, :mode, :group].each do |metadata_method| 153 next if metadata_method == :owner and !Puppet.features.root? 154 next if metadata_method == :group and !Puppet.features.root? 155 156 case resource[:source_permissions] 157 when :ignore, nil 158 next 159 when :use_when_creating 160 next if Puppet::FileSystem.exist?(resource[:path]) 161 end 162 163 copy_source_value(metadata_method) 164 end 165 166 if resource[:ensure] == :absent 167 # We know all we need to 168 elsif metadata.ftype != "link" 169 resource[:ensure] = metadata.ftype 170 elsif resource[:links] == :follow 171 resource[:ensure] = :present 172 else 173 resource[:ensure] = "link" 174 resource[:target] = metadata.destination 175 end 176 end
# File lib/puppet/type/exec.rb 676 def current_username 677 Etc.getpwuid(Process.uid).name 678 end
# File lib/puppet/type/group.rb 192 def delimiter 193 " " 194 end
# File lib/puppet/type/file/mode.rb 102 def desired_mode_from_current(desired, current) 103 current = current.to_i(8) if current.is_a? String 104 is_a_directory = @resource.stat && @resource.stat.directory? 105 symbolic_mode_to_int(desired, current, is_a_directory) 106 end
If we're a directory, we need to be executable for all cases that are readable. This should probably be selectable, but eh.
# File lib/puppet/type/file/mode.rb 110 def dirmask(value) 111 if FileTest.directory?(resource[:path]) and value =~ /^\d+$/ then 112 value = value.to_i(8) 113 value |= 0100 if value & 0400 != 0 114 value |= 010 if value & 040 != 0 115 value |= 01 if value & 04 != 0 116 value = value.to_s(8) 117 end 118 119 value 120 end
the content is munged so if it's a checksum source_or_content is nil unless the checksum indirectly comes from source
# File lib/puppet/type/file/content.rb 152 def each_chunk_from 153 if actual_content.is_a?(String) 154 yield actual_content 155 elsif content_is_really_a_checksum? && actual_content.nil? 156 yield read_file_from_filebucket 157 elsif actual_content.nil? 158 yield '' 159 end 160 end
# File lib/puppet/type/exec.rb 90 def event_name 91 :executed_command 92 end
This method has been exposed for puppet to manage users and groups of files in its settings and should not be considered available outside of puppet.
(see Puppet::Settings#service_group_available?
)
@return [Boolean] if the group exists on the system @api private
# File lib/puppet/type/group.rb 234 def exists? 235 provider.exists? 236 end
Generate
ssh_authorized_keys resources for purging. The key files are taken from the purge_ssh_keys parameter. The generated resources inherit all metaparameters from the parent user resource.
@return [Array<Puppet::Type::Ssh_authorized_key] a list of resources
representing the found keys
@see generate @api private
# File lib/puppet/type/user.rb 768 def find_unmanaged_keys 769 munged_unmanaged_keys. 770 select { |f| File.readable?(f) }. 771 map { |f| unknown_keys_in_file(f) }. 772 flatten.each do |res| 773 res[:ensure] = :absent 774 res[:user] = self[:name] 775 @parameters.each do |name, param| 776 res[name] = param.value if param.metaparam? 777 end 778 end 779 end
# File lib/puppet/type/file/source.rb 250 def found? 251 ! (metadata.nil? or metadata.ftype.nil?) 252 end
# File lib/puppet/type/file/source.rb 215 def full_path 216 Puppet::Util.uri_to_path(uri) if found? 217 end
# File lib/puppet/type/user.rb 697 def generate 698 if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false 699 return [] if self[:ensure] == :present && !provider.exists? 700 if Puppet::Type.type(:ssh_authorized_key).nil? 701 warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.") 702 else 703 return find_unmanaged_keys 704 end 705 end 706 707 [] 708 end
# File lib/puppet/type/file/source.rb 291 def get_from_content_uri_source(url, &block) 292 session = Puppet.lookup(:http_session) 293 api = session.route_to(:fileserver, url: url) 294 295 api.get_static_file_content( 296 path: Puppet::Util.uri_unescape(url.path), 297 environment: resource.catalog.environment_instance.to_s, 298 code_id: resource.catalog.code_id, 299 &block 300 ) 301 end
# File lib/puppet/type/file/source.rb 314 def get_from_http_source(url, &block) 315 client = Puppet.runtime[:http] 316 client.get(url, options: {include_system_store: true}) do |response| 317 raise Puppet::HTTP::ResponseError.new(response) unless response.success? 318 319 response.read_body(&block) 320 end 321 end
# File lib/puppet/type/file/source.rb 303 def get_from_source_uri_source(url, &block) 304 session = Puppet.lookup(:http_session) 305 api = session.route_to(:fileserver, url: url) 306 307 api.get_file_content( 308 path: Puppet::Util.uri_unescape(url.path), 309 environment: resource.catalog.environment_instance.to_s, 310 &block 311 ) 312 end
# File lib/puppet/type/file/source.rb 341 def handle_response_error(response) 342 message = "Error #{response.code} on SERVER: #{response.body.empty? ? response.reason : response.body}" 343 raise Net::HTTPError.new(message, Puppet::HTTP::ResponseConverter.to_ruby_response(response)) 344 end
# File lib/puppet/type/file/checksum_value.rb 14 def insync?(is) 15 # If checksum_value and source are specified, manage the file contents. 16 # Otherwise the content property will manage syncing. 17 if resource.parameter(:source).nil? 18 return true 19 end 20 21 checksum_insync?(resource.parameter(:source), is, true) {|_is| super(_is)} 22 end
We want to print names, not numbers
# File lib/puppet/type/file/group.rb 33 def is_to_s(currentvalue) 34 super(provider.gid2name(currentvalue) || currentvalue) 35 end
# File lib/puppet/type/file/content.rb 88 def length 89 (actual_content and actual_content.length) || 0 90 end
# File lib/puppet/type/file/source.rb 211 def local? 212 found? and scheme == "file" 213 end
# File lib/puppet/type/schedule.rb 150 def match?(previous, now) 151 # The lowest-level array is of the hour, minute, second triad 152 # then it's an array of two of those, to present the limits 153 # then it's an array of those ranges 154 @value = [@value] unless @value[0][0].is_a?(Array) 155 @value.any? do |range| 156 limit_start = Time.local(now.year, now.month, now.day, *range[0]) 157 limit_end = Time.local(now.year, now.month, now.day, *range[1]) 158 159 if limit_start < limit_end 160 # The whole range is in one day, simple case 161 now.between?(limit_start, limit_end) && weekday_match?(now.wday) 162 else 163 # The range spans days. We have to test against a range starting 164 # today, and a range that started yesterday. 165 today = Date.new(now.year, now.month, now.day) 166 tomorrow = today.next_day 167 yesterday = today.prev_day 168 169 # First check a range starting today 170 if now.between?(limit_start, Time.local(tomorrow.year, tomorrow.month, tomorrow.day, *range[1])) 171 weekday_match?(today.wday) 172 else 173 # Then check a range starting yesterday 174 now.between?(Time.local(yesterday.year, yesterday.month, yesterday.day, *range[0]), 175 limit_end) && 176 weekday_match?(yesterday.wday) 177 end 178 end 179 end 180 end
# File lib/puppet/type/group.rb 188 def membership 189 :attribute_membership 190 end
Provide, and retrieve if necessary, the metadata for this file. Fail if we can't find data about this host, and fail if there are any problems in our query.
# File lib/puppet/type/file/source.rb 183 def metadata 184 @metadata ||= resource.catalog.metadata[resource.title] 185 return @metadata if @metadata 186 187 return nil unless value 188 value.each do |source| 189 begin 190 options = { 191 :environment => resource.catalog.environment_instance, 192 :links => resource[:links], 193 :checksum_type => resource[:checksum], 194 :source_permissions => resource[:source_permissions] 195 } 196 197 data = Puppet::FileServing::Metadata.indirection.find(source, options) 198 if data 199 @metadata = data 200 @metadata.source = source 201 break 202 end 203 rescue => detail 204 self.fail Puppet::Error, "Could not retrieve file metadata for #{source}: #{detail}", detail 205 end 206 end 207 self.fail "Could not retrieve information from environment #{resource.catalog.environment} source(s) #{value.join(", ")}" unless @metadata 208 @metadata 209 end
# File lib/puppet/type/filebucket.rb 96 def mkbucket 97 # Default is a local filebucket, if no server is given. 98 # If the default path has been removed, too, then 99 # the puppetmaster is used as default server 100 101 type = "local" 102 args = {} 103 if self[:path] 104 args[:Path] = self[:path] 105 else 106 args[:Server] = self[:server] 107 args[:Port] = self[:port] 108 end 109 110 begin 111 @bucket = Puppet::FileBucket::Dipper.new(args) 112 rescue => detail 113 message = _("Could not create %{type} filebucket: %{detail}") % { type: type, detail: detail } 114 self.log_exception(detail, message) 115 self.fail(message) 116 end 117 118 @bucket.name = self.name 119 end
Create our link.
# File lib/puppet/type/file/target.rb 34 def mklink 35 raise Puppet::Error, "Cannot symlink on this platform version" if !provider.feature?(:manages_symlinks) 36 37 target = self.should 38 39 # Clean up any existing objects. The argument is just for logging, 40 # it doesn't determine what's removed. 41 @resource.remove_existing(target) 42 43 raise Puppet::Error, "Could not remove existing file" if Puppet::FileSystem.exist?(@resource[:path]) 44 45 Dir.chdir(File.dirname(@resource[:path])) do 46 Puppet::Util::SUIDManager.asuser(@resource.asuser) do 47 mode = @resource.should(:mode) 48 if mode 49 Puppet::Util.withumask(000) do 50 Puppet::FileSystem.symlink(target, @resource[:path]) 51 end 52 else 53 Puppet::FileSystem.symlink(target, @resource[:path]) 54 end 55 end 56 57 @resource.send(:property_fix) 58 59 :link_created 60 end 61 end
Useful helper to handle the possible property value types that we can both pass-in and return. It munges the value into an array
# File lib/puppet/type/group.rb 136 def munge_members_value(value) 137 return [] if value == :absent 138 return value.split(',') if value.is_a?(String) 139 140 value 141 end
# File lib/puppet/type/user.rb 781 def munged_unmanaged_keys 782 value = self[:purge_ssh_keys] 783 784 # Resolve string, boolean and symbol forms of true and false to a 785 # single representation. 786 test_sym = value.to_s.intern 787 value = test_sym if [:true, :false].include? test_sym 788 789 return [] if value == :false 790 791 home = self[:home] 792 begin 793 home ||= provider.home 794 rescue 795 Puppet.debug("User '#{self[:name]}' does not exist") 796 end 797 798 if home.to_s.empty? || !Dir.exist?(home.to_s) 799 if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') } 800 Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.") 801 return [] 802 end 803 end 804 805 return [ "#{home}/.ssh/authorized_keys" ] if value == :true 806 807 # value is an array - munge each value 808 [ value ].flatten.map do |entry| 809 # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok 810 entry = entry.gsub(/^~\//, "#{home}/") 811 entry.gsub!(/^%h\//, "#{home}/") 812 entry 813 end 814 end
# File lib/puppet/type/exec.rb 656 def output 657 if self.property(:returns).nil? 658 return nil 659 else 660 return self.property(:returns).output 661 end 662 end
# File lib/puppet/type/file/source.rb 227 def port 228 (uri and uri.port) or Puppet.settings[:serverport] 229 end
# File lib/puppet/type/package.rb 625 def present?(current_values) 626 super && current_values[:ensure] != :purged 627 end
# File lib/puppet/type/file/checksum_value.rb 24 def property_matches?(current, desired) 25 return true if super(current, desired) 26 return date_matches?(resource.parameter(:checksum).value, current, desired) 27 end
# File lib/puppet/type/file/content.rb 166 def read_file_from_filebucket 167 dipper = resource.bucket 168 raise "Could not get filebucket from file" unless dipper 169 sum = should.sub(/\{\w+\}/, '') 170 171 dipper.getfile(sum) 172 rescue => detail 173 self.fail Puppet::Error, "Could not retrieve content for #{should} from filebucket: #{detail}", detail 174 end
Run the command, or optionally run a separately-specified command.
# File lib/puppet/type/exec.rb 665 def refresh 666 if self.check_all_attributes(true) 667 cmd = self[:refresh] 668 if cmd 669 provider.run(cmd) 670 else 671 self.property(:returns).sync 672 end 673 end 674 end
First verify that all of our checks pass.
# File lib/puppet/type/exec.rb 125 def retrieve 126 # We need to return :notrun to trigger evaluation; when that isn't 127 # true, we *LIE* about what happened and return a "success" for the 128 # value, which causes us to be treated as in_sync?, which means we 129 # don't actually execute anything. I think. --daniel 2011-03-10 130 if @resource.check_all_attributes 131 return :notrun 132 else 133 return self.should 134 end 135 end
# File lib/puppet/type/file/source.rb 246 def scheme 247 (uri and uri.scheme) 248 end
# File lib/puppet/type/file/source.rb 223 def server 224 server? ? uri.host : Puppet.settings[:server] 225 end
# File lib/puppet/type/file/source.rb 219 def server? 220 uri && uri.host && !uri.host.empty? 221 end
# File lib/puppet/type/exec.rb 681 def set_sensitive_parameters(sensitive_parameters) 682 # If any are sensitive, mark all as sensitive 683 sensitive = false 684 parameters_to_check = [:command, :unless, :onlyif] 685 686 parameters_to_check.each do |p| 687 if sensitive_parameters.include?(p) 688 sensitive_parameters.delete(p) 689 sensitive = true 690 end 691 end 692 693 if sensitive 694 parameters_to_check.each do |p| 695 if parameters.include?(p) 696 parameter(p).sensitive = true 697 end 698 end 699 end 700 701 super(sensitive_parameters) 702 end
# File lib/puppet/type/package.rb 690 def should 691 @should[0] if @should && @should.is_a?(Array) && @should.size == 1 692 end
Make sure we're also managing the checksum property.
# File lib/puppet/type/file/content.rb 127 def should=(value) 128 # treat the value as a bytestring 129 value = value.b if value.is_a?(String) 130 @resource.newattr(:checksum) unless @resource.parameter(:checksum) 131 super 132 end
# File lib/puppet/type/file/group.rb 37 def should_to_s(newvalue) 38 super(provider.gid2name(newvalue) || newvalue) 39 end
Actually execute the command.
# File lib/puppet/type/exec.rb 138 def sync 139 event = :executed_command 140 tries = self.resource[:tries] 141 try_sleep = self.resource[:try_sleep] 142 143 begin 144 tries.times do |try| 145 # Only add debug messages for tries > 1 to reduce log spam. 146 debug("Exec try #{try+1}/#{tries}") if tries > 1 147 @output, @status = provider.run(self.resource[:command]) 148 break if self.should.include?(@status.exitstatus.to_s) 149 if try_sleep > 0 and tries > 1 150 debug("Sleeping for #{try_sleep} seconds between tries") 151 sleep try_sleep 152 end 153 end 154 rescue Timeout::Error 155 self.fail Puppet::Error, _("Command exceeded timeout"), $! 156 end 157 158 log = @resource[:logoutput] 159 if log 160 case log 161 when :true 162 log = @resource[:loglevel] 163 when :on_failure 164 unless self.should.include?(@status.exitstatus.to_s) 165 log = @resource[:loglevel] 166 else 167 log = :false 168 end 169 end 170 unless log == :false 171 if @resource.parameter(:command).sensitive 172 self.send(log, "[output redacted]") 173 else 174 @output.split(/\n/).each { |line| 175 self.send(log, line) 176 } 177 end 178 end 179 end 180 181 unless self.should.include?(@status.exitstatus.to_s) 182 if @resource.parameter(:command).sensitive 183 # Don't print sensitive commands in the clear 184 self.fail(_("[command redacted] returned %{status} instead of one of [%{expected}]") % { status: @status.exitstatus, expected: self.should.join(",") }) 185 else 186 self.fail(_("'%{cmd}' returned %{status} instead of one of [%{expected}]") % { cmd: self.resource[:command], status: @status.exitstatus, expected: self.should.join(",") }) 187 end 188 end 189 190 event 191 end
Parse an ssh authorized keys file superficially, extract the comments on the keys. These are considered names of possible ssh_authorized_keys resources. Keys that are managed by the present catalog are ignored.
@see generate @api private @return [Array<Puppet::Type::Ssh_authorized_key] a list of resources
representing the found keys
# File lib/puppet/type/user.rb 824 def unknown_keys_in_file(keyfile) 825 # The ssh_authorized_key type is distributed as a module on the Forge, 826 # so we shouldn't rely on it being available. 827 return [] unless Puppet::Type.type(:ssh_authorized_key) 828 829 names = [] 830 name_index = 0 831 # RFC 4716 specifies UTF-8 allowed in public key files per https://www.ietf.org/rfc/rfc4716.txt 832 # the authorized_keys file may contain UTF-8 comments 833 Puppet::FileSystem.open(keyfile, nil, 'r:UTF-8').each do |line| 834 next unless line =~ Puppet::Type.type(:ssh_authorized_key).keyline_regex 835 # the name is stored in the 4th capture of the regex 836 name = $4 837 if name.empty? 838 $3.delete("\n") 839 # If no comment is specified for this key, generate a unique internal 840 # name. This uses the same rules as 841 # provider/ssh_authorized_key/parsed (PUP-3357) 842 name = "#{keyfile}:unnamed-#{name_index += 1}" 843 end 844 names << name 845 Puppet.debug "#{self.ref} parsed for purging Ssh_authorized_key[#{name}]" 846 end 847 848 names.map { |keyname| 849 Puppet::Type.type(:ssh_authorized_key).new( 850 :name => keyname, 851 :target => keyfile) 852 }.reject { |res| 853 catalog.resource_refs.include? res.ref 854 } 855 end
# File lib/puppet/type/file/source.rb 231 def uri 232 @uri ||= URI.parse(Puppet::Util.uri_encode(metadata.source)) 233 end
Support both arrays and colon-separated fields.
# File lib/puppet/type/exec.rb 219 def value=(*values) 220 @value = values.flatten.collect { |val| 221 val.split(File::PATH_SEPARATOR) 222 }.flatten 223 end
# File lib/puppet/type/schedule.rb 340 def weekday_integer?(value) 341 value.is_a?(Integer) && (0..6).cover?(value) 342 end
# File lib/puppet/type/schedule.rb 142 def weekday_match?(day) 143 if @resource[:weekday] 144 @resource[:weekday].has_key?(day) 145 else 146 true 147 end 148 end
# File lib/puppet/type/schedule.rb 344 def weekday_string?(value) 345 value.is_a?(String) && (value =~ /^[0-6]$/ || value =~ /^(Mon|Tues?|Wed(?:nes)?|Thu(?:rs)?|Fri|Sat(?:ur)?|Sun)(day)?$/i) 346 end
# File lib/puppet/type/file/content.rb 139 def write(file) 140 resource.parameter(:checksum).sum_stream { |sum| 141 each_chunk_from { |chunk| 142 sum << chunk 143 file.print chunk 144 } 145 } 146 end