module Puppet

Defines the `Puppet` module. There are different entry points into Puppet depending on your use case.

To use puppet as a library, see {Puppet::Pal}.

To create a new application, see {Puppet::Application}.

To create a new function, see {Puppet::Functions}.

To access puppet's REST APIs, see puppet.com/docs/puppet/latest/http_api/http_api_index.html.

@api public

The JsonCatalogEncoder is a wrapper around a catalog produced by the Pal::CatalogCompiler.with_json_encoding method. It allows encoding the entire catalog or an individual resource as Rich Data Json.

@api public

Generated by Puppet::Pops::Types::RubyGenerator from TypeSet Puppet::AST on -4712-01-01

see the bottom of the file for the rest of the inclusions

Manage file modes. This state should support different formats for specification (e.g., u+rwx, or -0011), but for now only supports specifying the full mode.

Manage SELinux context of files.

This code actually manages three pieces of data in the context.

[root@delenn files]# ls -dZ / drwxr-xr-x root root system_u:object_r:root_t /

The context of '/' here is 'system_u:object_r:root_t'. This is three separate fields:

system_u is the user context object_r is the role context root_t is the type context

All three of these fields are returned in a single string by the output of the stat command, but set individually with the chcon command. This allows the user to specify a subset of the three values while leaving the others alone.

See www.nsa.gov/selinux/ for complete docs on SELinux.

Simple module for logging messages on the client-side

This is our main way of managing processes right now.

a service is distinct from a process in that services can only be managed through the interface of an init script which is why they have a search path for initscripts and such

A common module for converting between constants and file names.

Puppet::Util::Windows::EventLog needs to be requirable without having loaded any other parts of Puppet so it can be leveraged independently by the code that runs Puppet as a service on Windows.

For this reason we:

The version method and constant are isolated in puppet/version.rb so that a simple `require 'puppet/version'` allows a rubygems gemspec or bundler Gemfile to get the Puppet version of the gem install.

The version can be set programmatically because we want to allow the Raketasks and such to set the version based on the output of `git describe`

Constants

AS_DURATION

NOTE: For information about the available values for the “:type” property of settings,

see the docs for Settings.define_settings
Face
Log

Pass feedback to the user. Log levels are modeled after syslog's, and it is expected that that will be the most common log destination. Supports multiple destinations, one of which is a remote server.

PUPPETVERSION
ResourceType
SEPARATOR_REGEX
ScheduleMethods
ScheduleScales

Attributes

features[R]

Public Class Methods

[](param) click to toggle source

Get the value for a setting

@param [Symbol] param the setting to retrieve

@api public

   # File lib/puppet.rb
80 def self.[](param)
81   if param == :debug
82     return Puppet::Util::Log.level == :debug
83   else
84     return @@settings[param]
85   end
86 end
[]=(param,value) click to toggle source

setting access and stuff

    # File lib/puppet.rb
101 def self.[]=(param,value)
102   @@settings[param] = value
103 end
base_context(settings) click to toggle source

The bindings used for initialization of puppet

@param settings [Puppet::Settings,Hash<Symbol,String>] either a Puppet::Settings instance

or a Hash of settings key/value pairs.

@api private

    # File lib/puppet.rb
219 def self.base_context(settings)
220   environmentpath = settings[:environmentpath]
221   basemodulepath = Puppet::Node::Environment.split_path(settings[:basemodulepath])
222 
223   if environmentpath.nil? || environmentpath.empty?
224     raise(Puppet::Error, _("The environmentpath setting cannot be empty or nil."))
225   else
226     loaders = Puppet::Environments::Directories.from_path(environmentpath, basemodulepath)
227     # in case the configured environment (used for the default sometimes)
228     # doesn't exist
229     default_environment = Puppet[:environment].to_sym
230     if default_environment == :production
231       modulepath = settings[:modulepath]
232       modulepath = (modulepath.nil? || '' == modulepath) ? basemodulepath : Puppet::Node::Environment.split_path(modulepath)
233       loaders << Puppet::Environments::StaticPrivate.new(
234         Puppet::Node::Environment.create(default_environment,
235                                          modulepath,
236                                          Puppet::Node::Environment::NO_MANIFEST))
237     end
238   end
239 
240   {
241     :environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)),
242     :ssl_context => proc {
243       begin
244         cert = Puppet::X509::CertProvider.new
245         password = cert.load_private_key_password
246         ssl = Puppet::SSL::SSLProvider.new
247         ssl.load_context(certname: Puppet[:certname], password: password)
248       rescue => e
249         # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
250         Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
251         # TRANSLATORS: `puppet agent -t` is a command and should not be translated
252         Puppet.err(_("Run `puppet agent -t`"))
253         raise e
254       end
255     },
256     :http_session => proc { Puppet.runtime[:http].create_session },
257     :plugins => proc { Puppet::Plugins::Configuration.load_plugins },
258     :rich_data => false
259   }
260 end
bootstrap_context() click to toggle source

A simple set of bindings that is just enough to limp along to initialization where the {base_context} bindings are put in place @api private

    # File lib/puppet.rb
265 def self.bootstrap_context
266   root_environment = Puppet::Node::Environment.create(:'*root*', [], Puppet::Node::Environment::NO_MANIFEST)
267   {
268     :current_environment => root_environment,
269     :root_environment => root_environment
270   }
271 end
checks() click to toggle source
   # File lib/puppet/type/exec.rb
80 def self.checks
81   @checks.keys
82 end
clear() click to toggle source
    # File lib/puppet.rb
105 def self.clear
106   @@settings.clear
107 end
debug=(value) click to toggle source
    # File lib/puppet.rb
109 def self.debug=(value)
110   if value
111     Puppet::Util::Log.level=(:debug)
112   else
113     Puppet::Util::Log.level=(:notice)
114   end
115 end
default_basemodulepath() click to toggle source
   # File lib/puppet/defaults.rb
51 def self.default_basemodulepath
52   if Puppet::Util::Platform.windows?
53     path = ['$codedir/modules']
54     installdir = ENV["FACTER_env_windows_installdir"]
55     if installdir
56       path << "#{installdir}/puppet/modules"
57     end
58     path.join(File::PATH_SEPARATOR)
59   else
60     '$codedir/modules:/opt/puppetlabs/puppet/modules'
61   end
62 end
default_cadir() click to toggle source
   # File lib/puppet/defaults.rb
35 def self.default_cadir
36   return "" if Puppet::Util::Platform.windows?
37   old_ca_dir = "#{Puppet[:ssldir]}/ca"
38   new_ca_dir = "/etc/puppetlabs/puppetserver/ca"
39 
40   if File.exist?(old_ca_dir)
41     if File.symlink?(old_ca_dir)
42       File.readlink(old_ca_dir)
43     else
44       old_ca_dir
45     end
46   else
47     new_ca_dir
48   end
49 end
default_diffargs() click to toggle source
   # File lib/puppet/defaults.rb
 5 def self.default_diffargs
 6   if (Facter.value(:kernel) == "AIX" && Facter.value(:kernelmajversion) == "5300")
 7     ""
 8   else
 9     "-u"
10   end
11 end
default_digest_algorithm() click to toggle source
   # File lib/puppet/defaults.rb
13 def self.default_digest_algorithm
14   'sha256'
15 end
default_file_checksum_types() click to toggle source
   # File lib/puppet/defaults.rb
23 def self.default_file_checksum_types
24   Puppet::Util::Platform.fips_enabled? ?
25     %w[sha256 sha384 sha512 sha224] :
26     %w[sha256 sha384 sha512 sha224 md5]
27 end
default_vendormoduledir() click to toggle source
   # File lib/puppet/defaults.rb
64 def self.default_vendormoduledir
65   if Puppet::Util::Platform.windows?
66     installdir = ENV["FACTER_env_windows_installdir"]
67     if installdir
68       "#{installdir}\\puppet\\vendor_modules"
69     else
70       nil
71     end
72   else
73     '/opt/puppetlabs/puppet/vendor_modules'
74   end
75 end
ignore(name) click to toggle source

@param name The name of a context key to ignore; intended for test usage. @api private

    # File lib/puppet.rb
311 def self.ignore(name)
312   @context.ignore(name)
313 end
initialize_default_settings!(settings) click to toggle source

@api public @param args [Puppet::Settings] the settings object to define default settings for @return void

     # File lib/puppet/defaults.rb
  87   def self.initialize_default_settings!(settings)
  88     settings.define_settings(:main,
  89     :confdir  => {
  90         :default  => nil,
  91         :type     => :directory,
  92         :desc     => "The main Puppet configuration directory.  The default for this setting
  93           is calculated based on the user.  If the process is running as root or
  94           the user that Puppet is supposed to run as, it defaults to a system
  95           directory, but if it's running as any other user, it defaults to being
  96           in the user's home directory.",
  97     },
  98     :codedir  => {
  99         :default  => nil,
 100         :type     => :directory,
 101         :desc     => "The main Puppet code directory.  The default for this setting
 102           is calculated based on the user.  If the process is running as root or
 103           the user that Puppet is supposed to run as, it defaults to a system
 104           directory, but if it's running as any other user, it defaults to being
 105           in the user's home directory.",
 106     },
 107     :vardir   => {
 108         :default  => nil,
 109         :type     => :directory,
 110         :owner    => "service",
 111         :group    => "service",
 112         :desc     => "Where Puppet stores dynamic and growing data.  The default for this
 113           setting is calculated specially, like `confdir`_.",
 114     },
 115 
 116     ### NOTE: this setting is usually being set to a symbol value.  We don't officially have a
 117     ###     setting type for that yet, but we might want to consider creating one.
 118     :name     => {
 119         :default  => nil,
 120         :desc     => "The name of the application, if we are running as one.  The
 121           default is essentially $0 without the path or `.rb`.",
 122     }
 123   )
 124 
 125   settings.define_settings(:main,
 126     :logdir => {
 127         :default  => nil,
 128         :type     => :directory,
 129         :mode     => "0750",
 130         :owner    => "service",
 131         :group    => "service",
 132         :desc     => "The directory in which to store log files",
 133     },
 134     :log_level => {
 135       :default    => 'notice',
 136       :type       => :enum,
 137       :values     => ["debug","info","notice","warning","err","alert","emerg","crit"],
 138       :desc       => "Default logging level for messages from Puppet. Allowed values are:
 139 
 140         * debug
 141         * info
 142         * notice
 143         * warning
 144         * err
 145         * alert
 146         * emerg
 147         * crit
 148         ",
 149       :hook => proc {|value| Puppet::Util::Log.level = value },
 150       :call_hook => :on_initialize_and_write,
 151     },
 152     :disable_warnings => {
 153       :default => [],
 154       :type    => :array,
 155       :desc    => "A comma-separated list of warning types to suppress. If large numbers
 156         of warnings are making Puppet's logs too large or difficult to use, you
 157         can temporarily silence them with this setting.
 158 
 159         If you are preparing to upgrade Puppet to a new major version, you
 160         should re-enable all warnings for a while.
 161 
 162         Valid values for this setting are:
 163 
 164         * `deprecations` --- disables deprecation warnings.
 165         * `undefined_variables` --- disables warnings about non existing variables.
 166         * `undefined_resources` --- disables warnings about non existing resources.",
 167       :hook      => proc do |value|
 168         values = munge(value)
 169         valid   = %w[deprecations undefined_variables undefined_resources]
 170         invalid = values - (values & valid)
 171         if not invalid.empty?
 172           raise ArgumentError, _("Cannot disable unrecognized warning types '%{invalid}'.") % { invalid: invalid.join(',') } +
 173               ' ' + _("Valid values are '%{values}'.") % { values: valid.join(', ') }
 174         end
 175       end
 176     },
 177     :merge_dependency_warnings => {
 178       :default => false,
 179       :type    => :boolean,
 180       :desc    => "Whether to merge class-level dependency failure warnings.
 181 
 182         When a class has a failed dependency, every resource in the class
 183         generates a notice level message about the dependency failure,
 184         and a warning level message about skipping the resource.
 185 
 186         If true, all messages caused by a class dependency failure are merged
 187         into one message associated with the class.
 188         ",
 189     },
 190     :strict => {
 191       :default    => :warning,
 192       :type       => :symbolic_enum,
 193       :values     => [:off, :warning, :error],
 194       :desc       => "The strictness level of puppet. Allowed values are:
 195 
 196         * off     - do not perform extra validation, do not report
 197         * warning - perform extra validation, report as warning (default)
 198         * error   - perform extra validation, fail with error
 199 
 200         The strictness level is for both language semantics and runtime
 201         evaluation validation. In addition to controlling the behavior with
 202         this primary server switch some individual warnings may also be controlled
 203         by the disable_warnings setting.
 204 
 205         No new validations will be added to a micro (x.y.z) release,
 206         but may be added in minor releases (x.y.0). In major releases
 207         it expected that most (if not all) strictness validation become
 208         standard behavior.",
 209       :hook    => proc do |value|
 210         munge(value)
 211         value.to_sym
 212       end
 213     },
 214     :disable_i18n => {
 215       :default => true,
 216       :type    => :boolean,
 217       :desc    => "If true, turns off all translations of Puppet and module
 218         log messages, which affects error, warning, and info log messages,
 219         as well as any translations in the report and CLI.",
 220       :hook    => proc do |value|
 221         if value
 222           require_relative '../puppet/gettext/stubs'
 223           Puppet::GettextConfig.disable_gettext
 224         end
 225       end
 226     }
 227   )
 228 
 229   settings.define_settings(:main,
 230     :priority => {
 231       :default => nil,
 232       :type    => :priority,
 233       :desc    => "The scheduling priority of the process.  Valid values are 'high',
 234         'normal', 'low', or 'idle', which are mapped to platform-specific
 235         values.  The priority can also be specified as an integer value and
 236         will be passed as is, e.g. -5.  Puppet must be running as a privileged
 237         user in order to increase scheduling priority.",
 238     },
 239     :trace => {
 240         :default  => false,
 241         :type     => :boolean,
 242         :desc     => "Whether to print stack traces on some errors. Will print
 243           internal Ruby stack trace interleaved with Puppet function frames.",
 244         :hook     => proc do |value|
 245           # Enable or disable Facter's trace option too
 246           Facter.trace(value) if Facter.respond_to? :trace
 247         end
 248     },
 249     :puppet_trace => {
 250         :default  => false,
 251         :type     => :boolean,
 252         :desc     => "Whether to print the Puppet stack trace on some errors.
 253           This is a noop if `trace` is also set.",
 254     },
 255     :profile => {
 256         :default  => false,
 257         :type     => :boolean,
 258         :desc     => "Whether to enable experimental performance profiling",
 259     },
 260     :versioned_environment_dirs => {
 261       :default => false,
 262       :type => :boolean,
 263       :desc => "Whether or not to look for versioned environment directories,
 264       symlinked from `$environmentpath/<environment>`. This is an experimental
 265       feature and should be used with caution."
 266     },
 267     :static_catalogs => {
 268       :default    => true,
 269       :type       => :boolean,
 270       :desc       => "Whether to compile a [static catalog](https://puppet.com/docs/puppet/latest/static_catalogs.html#enabling-or-disabling-static-catalogs),
 271         which occurs only on Puppet Server when the `code-id-command` and
 272         `code-content-command` settings are configured in its `puppetserver.conf` file.",
 273     },
 274     :settings_catalog => {
 275       :default    => true,
 276       :type       => :boolean,
 277       :desc       => "Whether to compile and apply the settings catalog",
 278     },
 279     :strict_environment_mode => {
 280       :default    => false,
 281       :type       => :boolean,
 282       :desc       => "Whether the agent specified environment should be considered authoritative,
 283         causing the run to fail if the retrieved catalog does not match it.",
 284     },
 285     :autoflush => {
 286       :default => true,
 287       :type       => :boolean,
 288       :desc       => "Whether log files should always flush to disk.",
 289       :hook       => proc { |value| Log.autoflush = value }
 290     },
 291     :syslogfacility => {
 292         :default  => "daemon",
 293         :desc     => "What syslog facility to use when logging to syslog.
 294           Syslog has a fixed list of valid facilities, and you must
 295           choose one of those; you cannot just make one up."
 296     },
 297     :statedir => {
 298         :default  => "$vardir/state",
 299         :type     => :directory,
 300         :mode     => "01755",
 301         :desc     => "The directory where Puppet state is stored.  Generally,
 302           this directory can be removed without causing harm (although it
 303           might result in spurious service restarts)."
 304     },
 305     :rundir => {
 306       :default  => nil,
 307       :type     => :directory,
 308       :mode     => "0755",
 309       :owner    => "service",
 310       :group    => "service",
 311       :desc     => "Where Puppet PID files are kept."
 312     },
 313     :genconfig => {
 314         :default  => false,
 315         :type     => :boolean,
 316         :desc     => "When true, causes Puppet applications to print an example config file
 317           to stdout and exit. The example will include descriptions of each
 318           setting, and the current (or default) value of each setting,
 319           incorporating any settings overridden on the CLI (with the exception
 320           of `genconfig` itself). This setting only makes sense when specified
 321           on the command line as `--genconfig`.",
 322     },
 323     :genmanifest => {
 324         :default  => false,
 325         :type     => :boolean,
 326         :desc     => "Whether to just print a manifest to stdout and exit.  Only makes
 327           sense when specified on the command line as `--genmanifest`.  Takes into account arguments specified
 328           on the CLI.",
 329     },
 330     :configprint => {
 331         :default    => "",
 332         :deprecated => :completely,
 333         :desc       => "Prints the value of a specific configuration setting.  If the name of a
 334           setting is provided for this, then the value is printed and puppet
 335           exits.  Comma-separate multiple values.  For a list of all values,
 336           specify 'all'. This setting is deprecated, the 'puppet config' command replaces this functionality.",
 337     },
 338     :color => {
 339       :default => "ansi",
 340       :type    => :string,
 341       :desc    => "Whether to use colors when logging to the console.  Valid values are
 342         `ansi` (equivalent to `true`), `html`, and `false`, which produces no color."
 343     },
 344     :mkusers => {
 345         :default  => false,
 346         :type     => :boolean,
 347         :desc     => "Whether to create the necessary user and group that puppet agent will run as.",
 348     },
 349     :manage_internal_file_permissions => {
 350         :default  => ! Puppet::Util::Platform.windows?,
 351         :type     => :boolean,
 352         :desc     => "Whether Puppet should manage the owner, group, and mode of files it uses internally.
 353           **Note**: For Windows agents, the default is `false` for versions 4.10.13 and greater, versions 5.5.6 and greater, and versions 6.0 and greater.",
 354     },
 355     :onetime => {
 356         :default  => false,
 357         :type     => :boolean,
 358         :desc     => "Perform one configuration run and exit, rather than spawning a long-running
 359           daemon. This is useful for interactively running puppet agent, or
 360           running puppet agent from cron.",
 361         :short    => 'o',
 362     },
 363     :path => {
 364         :default          => "none",
 365         :desc             => "The shell search path.  Defaults to whatever is inherited
 366           from the parent process.
 367 
 368           This setting can only be set in the `[main]` section of puppet.conf; it cannot
 369           be set in `[server]`, `[agent]`, or an environment config section.",
 370         :call_hook => :on_define_and_write,
 371         :hook             => proc do |value|
 372           Puppet::Util.set_env('PATH', '') if Puppet::Util.get_env('PATH').nil?
 373           Puppet::Util.set_env('PATH', value) unless value == 'none'
 374           paths = Puppet::Util.get_env('PATH').split(File::PATH_SEPARATOR)
 375           Puppet::Util::Platform.default_paths.each do |path|
 376             Puppet::Util.set_env('PATH', Puppet::Util.get_env('PATH') + File::PATH_SEPARATOR + path) unless paths.include?(path)
 377           end
 378           value
 379         end
 380     },
 381     :libdir => {
 382         :type           => :directory,
 383         :default        => "$vardir/lib",
 384         :desc           => "An extra search path for Puppet.  This is only useful
 385           for those files that Puppet will load on demand, and is only
 386           guaranteed to work for those cases.  In fact, the autoload
 387           mechanism is responsible for making sure this directory
 388           is in Ruby's search path\n"
 389     },
 390     :environment => {
 391         :default  => "production",
 392         :desc     => "The environment in which Puppet is running. For clients,
 393           such as `puppet agent`, this determines the environment itself, which
 394           Puppet uses to find modules and much more. For servers, such as `puppet server`,
 395           this provides the default environment for nodes that Puppet knows nothing about.
 396 
 397           When defining an environment in the `[agent]` section, this refers to the
 398           environment that the agent requests from the primary server. The environment doesn't
 399           have to exist on the local filesystem because the agent fetches it from the
 400           primary server. This definition is used when running `puppet agent`.
 401 
 402           When defined in the `[user]` section, the environment refers to the path that
 403           Puppet uses to search for code and modules related to its execution. This
 404           requires the environment to exist locally on the filesystem where puppet is
 405           being executed. Puppet subcommands, including `puppet module` and
 406           `puppet apply`, use this definition.
 407 
 408           Given that the context and effects vary depending on the
 409           [config section](https://puppet.com/docs/puppet/latest/config_file_main.html#config-sections)
 410           in which the `environment` setting is defined, do not set it globally.",
 411         :short    => "E"
 412     },
 413     :environmentpath => {
 414       :default => "$codedir/environments",
 415       :desc    => "A search path for directory environments, as a list of directories
 416         separated by the system path separator character. (The POSIX path separator
 417         is ':', and the Windows path separator is ';'.)
 418 
 419         This setting must have a value set to enable **directory environments.** The
 420         recommended value is `$codedir/environments`. For more details, see
 421         <https://puppet.com/docs/puppet/latest/environments_about.html>",
 422       :type    => :path,
 423     },
 424     :always_retry_plugins => {
 425         :type     => :boolean,
 426         :default  => true,
 427         :desc     => <<-'EOT'
 428         Affects how we cache attempts to load Puppet resource types and features.  If
 429         true, then calls to `Puppet.type.<type>?` `Puppet.feature.<feature>?`
 430         will always attempt to load the type or feature (which can be an
 431         expensive operation) unless it has already been loaded successfully.
 432         This makes it possible for a single agent run to, e.g., install a
 433         package that provides the underlying capabilities for a type or feature,
 434         and then later load that type or feature during the same run (even if
 435         the type or feature had been tested earlier and had not been available).
 436 
 437         If this setting is set to false, then types and features will only be
 438         checked once, and if they are not available, the negative result is
 439         cached and returned for all subsequent attempts to load the type or
 440         feature.  This behavior is almost always appropriate for the server,
 441         and can result in a significant performance improvement for types and
 442         features that are checked frequently.
 443       EOT
 444     },
 445     :diff_args => {
 446         :default  => lambda { default_diffargs },
 447         :desc     => "Which arguments to pass to the diff command when printing differences between
 448           files. The command to use can be chosen with the `diff` setting.",
 449     },
 450     :diff => {
 451       :default => (Puppet::Util::Platform.windows? ? "" : "diff"),
 452       :desc    => "Which diff command to use when printing differences between files. This setting
 453           has no default value on Windows, as standard `diff` is not available, but Puppet can use many
 454           third-party diff tools.",
 455     },
 456     :show_diff => {
 457         :type     => :boolean,
 458         :default  => false,
 459         :desc     => "Whether to log and report a contextual diff when files are being replaced.
 460           This causes partial file contents to pass through Puppet's normal
 461           logging and reporting system, so this setting should be used with
 462           caution if you are sending Puppet's reports to an insecure
 463           destination. This feature currently requires the `diff/lcs` Ruby
 464           library.",
 465     },
 466     :daemonize => {
 467         :type     => :boolean,
 468         :default  => (Puppet::Util::Platform.windows? ? false : true),
 469         :desc     => "Whether to send the process into the background.  This defaults
 470           to true on POSIX systems, and to false on Windows (where Puppet
 471           currently cannot daemonize).",
 472         :short    => "D",
 473         :hook     => proc do |value|
 474           if value and Puppet::Util::Platform.windows?
 475             raise "Cannot daemonize on Windows"
 476           end
 477       end
 478     },
 479     :maximum_uid => {
 480         :default  => 4294967290,
 481         :type     => :integer,
 482         :desc     => "The maximum allowed UID.  Some platforms use negative UIDs
 483           but then ship with tools that do not know how to handle signed ints,
 484           so the UIDs show up as huge numbers that can then not be fed back into
 485           the system.  This is a hackish way to fail in a slightly more useful
 486           way when that happens.",
 487     },
 488     :route_file => {
 489       :default    => "$confdir/routes.yaml",
 490       :desc       => "The YAML file containing indirector route configuration.",
 491     },
 492     :node_terminus => {
 493       :type       => :terminus,
 494       :default    => "plain",
 495       :desc       => <<-'EOT',
 496         Which node data plugin to use when compiling node catalogs.
 497 
 498         When Puppet compiles a catalog, it combines two primary sources of info: the main manifest,
 499         and a node data plugin (often called a "node terminus," for historical reasons). Node data
 500         plugins provide three things for a given node name:
 501 
 502         1. A list of classes to add to that node's catalog (and, optionally, values for their
 503            parameters).
 504         2. Which Puppet environment the node should use.
 505         3. A list of additional top-scope variables to set.
 506 
 507         The three main node data plugins are:
 508 
 509         * `plain` --- Returns no data, so that the main manifest controls all node configuration.
 510         * `exec` --- Uses an
 511           [external node classifier (ENC)](https://puppet.com/docs/puppet/latest/nodes_external.html),
 512           configured by the `external_nodes` setting. This lets you pull a list of Puppet classes
 513           from any external system, using a small glue script to perform the request and format the
 514           result as YAML.
 515         * `classifier` (formerly `console`) --- Specific to Puppet Enterprise. Uses the PE console
 516           for node data."
 517       EOT
 518     },
 519     :node_cache_terminus => {
 520       :type       => :terminus,
 521       :default    => nil,
 522       :desc       => "How to store cached nodes.
 523       Valid values are (none), 'json', 'msgpack', or 'yaml'.",
 524     },
 525     :data_binding_terminus => {
 526       :type    => :terminus,
 527       :default => "hiera",
 528       :desc    =>
 529         "This setting has been deprecated. Use of any value other than 'hiera' should instead be configured
 530          in a version 5 hiera.yaml. Until this setting is removed, it controls which data binding terminus
 531          to use for global automatic data binding (across all environments). By default this value is 'hiera'.
 532          A value of 'none' turns off the global binding.",
 533       :call_hook => :on_initialize_and_write,
 534       :hook => proc do |value|
 535         if Puppet[:strict] != :off
 536           s_val = value.to_s # because sometimes the value is a symbol
 537           unless s_val == 'hiera' || s_val == 'none' || value == '' || value.nil?
 538             #TRANSLATORS 'data_binding_terminus' is a setting and should not be translated
 539             message = _("Setting 'data_binding_terminus' is deprecated.")
 540             #TRANSLATORS 'hiera' should not be translated
 541             message += ' ' + _("Convert custom terminus to hiera 5 API.")
 542             Puppet.deprecation_warning(message)
 543           end
 544         end
 545       end
 546     },
 547     :hiera_config => {
 548       :default => lambda do
 549         config = nil
 550         codedir = settings[:codedir]
 551         if codedir.is_a?(String)
 552           config = File.expand_path(File.join(codedir, 'hiera.yaml'))
 553           config = nil unless Puppet::FileSystem.exist?(config)
 554         end
 555         config = File.expand_path(File.join(settings[:confdir], 'hiera.yaml')) if config.nil?
 556         config
 557       end,
 558       :desc    => "The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet server every time you edit it.",
 559       :type    => :file,
 560     },
 561     :binder_config => {
 562       :default => nil,
 563       :desc    => "The binder configuration file. Puppet reads this file on each request to configure the bindings system.
 564       If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration
 565       is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file.",
 566       :type    => :file,
 567     },
 568     :catalog_terminus => {
 569       :type       => :terminus,
 570       :default    => "compiler",
 571       :desc       => "Where to get node catalogs.  This is useful to change if, for instance,
 572       you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.",
 573     },
 574     :catalog_cache_terminus => {
 575       :type       => :terminus,
 576       :default    => nil,
 577       :desc       => "How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'."
 578     },
 579     :facts_terminus => {
 580       :default => 'facter',
 581       :desc => "The node facts terminus.",
 582     },
 583     :trusted_external_command => {
 584       :default  => nil,
 585       :type     => :file_or_directory,
 586       :desc     => "The external trusted facts script or directory to use.
 587         This setting's value can be set to the path to an executable command that
 588         can produce external trusted facts or to a directory containing those
 589         executable commands. The command(s) must:
 590 
 591         * Take the name of a node as a command-line argument.
 592         * Return a JSON hash with the external trusted facts for this node.
 593         * For unknown or invalid nodes, exit with a non-zero exit code.
 594 
 595         If the setting points to an executable command, then the external trusted
 596         facts will be stored in the 'external' key of the trusted facts hash. Otherwise
 597         for each executable file in the directory, the external trusted facts will be
 598         stored in the `<basename>` key of the `trusted['external']` hash. For example,
 599         if the files foo.rb and bar.sh are in the directory, then `trusted['external']`
 600         will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.",
 601     },
 602     :default_file_terminus => {
 603       :type       => :terminus,
 604       :default    => "rest",
 605       :desc       => "The default source for files if no server is given in a
 606       uri, e.g. puppet:///file. The default of `rest` causes the file to be
 607       retrieved using the `server` setting. When running `apply` the default
 608       is `file_server`, causing requests to be filled locally."
 609     },
 610     :http_proxy_host => {
 611       :default    => "none",
 612       :desc       => "The HTTP proxy host to use for outgoing connections. The proxy will be bypassed if
 613       the server's hostname matches the NO_PROXY environment variable or `no_proxy` setting. Note: You
 614       may need to use a FQDN for the server hostname when using a proxy. Environment variable
 615       http_proxy or HTTP_PROXY will override this value. ",
 616     },
 617     :http_proxy_port => {
 618       :default    => 3128,
 619       :type       => :port,
 620       :desc       => "The HTTP proxy port to use for outgoing connections",
 621     },
 622     :http_proxy_user => {
 623       :default    => "none",
 624       :desc       => "The user name for an authenticated HTTP proxy. Requires the `http_proxy_host` setting.",
 625     },
 626     :http_proxy_password =>{
 627       :default    => "none",
 628       :hook       => proc do |value|
 629         if value =~ /[@!# \/]/
 630           raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}"
 631         end
 632       end,
 633       :desc       => "The password for the user of an authenticated HTTP proxy.
 634         Requires the `http_proxy_user` setting.
 635 
 636         Note that passwords must be valid when used as part of a URL. If a password
 637         contains any characters with special meanings in URLs (as specified by RFC 3986
 638         section 2.2), they must be URL-encoded. (For example, `#` would become `%23`.)",
 639     },
 640     :no_proxy => {
 641       :default    => "localhost, 127.0.0.1",
 642       :desc       => "List of host or domain names that should not go through `http_proxy_host`. Environment variable no_proxy or NO_PROXY will override this value. Names can be specified as an FQDN `host.example.com`, wildcard `*.example.com`, dotted domain `.example.com`, or suffix `example.com`.",
 643     },
 644     :http_keepalive_timeout => {
 645       :default    => "4s",
 646       :type       => :duration,
 647       :desc       => "The maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed.  This timeout should be shorter than the keepalive timeout used on the HTTP server, e.g. Apache KeepAliveTimeout directive.
 648       #{AS_DURATION}"
 649     },
 650     :http_debug => {
 651       :default    => false,
 652       :type       => :boolean,
 653       :desc       => "Whether to write HTTP request and responses to stderr. This should never be used in a production environment."
 654     },
 655     :http_connect_timeout => {
 656       :default => "2m",
 657       :type    => :duration,
 658       :desc    => "The maximum amount of time to wait when establishing an HTTP connection. The default
 659       value is 2 minutes.
 660       #{AS_DURATION}",
 661     },
 662     :http_read_timeout => {
 663       :default => "10m",
 664       :type    => :duration,
 665       :desc    => "The time to wait for data to be read from an HTTP connection. If nothing is
 666       read after the elapsed interval then the connection will be closed. The default value is 10 minutes.
 667       #{AS_DURATION}",
 668     },
 669     :http_user_agent => {
 670       :default => "Puppet/#{Puppet.version} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})",
 671       :desc    => "The HTTP User-Agent string to send when making network requests."
 672     },
 673     :filetimeout => {
 674       :default    => "15s",
 675       :type       => :duration,
 676       :desc       => "The minimum time to wait between checking for updates in
 677       configuration files.  This timeout determines how quickly Puppet checks whether
 678       a file (such as manifests or puppet.conf) has changed on disk. The default will
 679       change in a future release to be 'unlimited', requiring a reload of the Puppet
 680       service to pick up changes to its internal configuration. Currently we do not
 681       accept a value of 'unlimited'. To reparse files within an environment in
 682       Puppet Server please use the environment_cache endpoint",
 683       :hook => proc do |val|
 684         unless [0, 15, '15s'].include?(val)
 685           Puppet.deprecation_warning(<<-WARNING)
 686 Fine grained control of filetimeouts is deprecated. In future
 687 releases this value will only determine if file content is cached.
 688 
 689 Valid values are 0 (never cache) and 15 (15 second minimum wait time).
 690             WARNING
 691         end
 692       end
 693     },
 694     :environment_timeout => {
 695       :default    => "0",
 696       :type       => :ttl,
 697       :desc       => "How long the Puppet server should cache data it loads from an
 698       environment.
 699 
 700       A value of `0` will disable caching. This setting can also be set to
 701       `unlimited`, which will cache environments until the server is restarted
 702       or told to refresh the cache. All other values will result in Puppet
 703       server evicting environments that haven't been used within the last
 704       `environment_timeout` seconds.
 705 
 706       You should change this setting once your Puppet deployment is doing
 707       non-trivial work. We chose the default value of `0` because it lets new
 708       users update their code without any extra steps, but it lowers the
 709       performance of your Puppet server. We recommend either:
 710 
 711       * Setting this to `unlimited` and explicitly refreshing your Puppet server
 712         as part of your code deployment process.
 713 
 714       * Setting this to a number that will keep your most actively used
 715         environments cached, but allow testing environments to fall out of the
 716         cache and reduce memory usage. A value of 3 minutes (3m) is a reasonable
 717         value.
 718 
 719       Once you set `environment_timeout` to a non-zero value, you need to tell
 720       Puppet server to read new code from disk using the `environment-cache` API
 721       endpoint after you deploy new code. See the docs for the Puppet Server
 722       [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html).
 723       "
 724     },
 725     :environment_data_provider => {
 726       :desc       => "The name of a registered environment data provider used when obtaining environment
 727       specific data. The three built in and registered providers are 'none' (no data), 'function' (data
 728       obtained by calling the function 'environment::data()') and 'hiera' (data obtained using a data
 729       provider configured using a hiera.yaml file in root of the environment).
 730       Other environment data providers may be registered in modules on the module path. For such
 731       custom data providers see the respective module documentation. This setting is deprecated.",
 732       :hook => proc { |value|
 733         unless value.nil? || Puppet[:strict] == :off
 734           #TRANSLATORS 'environment_data_provider' is a setting and should not be translated
 735           Puppet.deprecation_warning(_("Setting 'environment_data_provider' is deprecated."))
 736         end
 737       }
 738     },
 739     :prerun_command => {
 740       :default    => "",
 741       :desc       => "A command to run before every agent run.  If this command returns a non-zero
 742       return code, the entire Puppet run will fail.",
 743     },
 744     :postrun_command => {
 745       :default    => "",
 746       :desc       => "A command to run after every agent run.  If this command returns a non-zero
 747       return code, the entire Puppet run will be considered to have failed, even though it might have
 748       performed work during the normal run.",
 749     },
 750     :freeze_main => {
 751         :default  => false,
 752         :type     => :boolean,
 753         :desc     => "Freezes the 'main' class, disallowing any code to be added to it.  This
 754           essentially means that you can't have any code outside of a node,
 755           class, or definition other than in the site manifest.",
 756     },
 757     :preview_outputdir => {
 758       :default => '$vardir/preview',
 759       :type     => :directory,
 760       :mode     => "0750",
 761       :owner    => "service",
 762       :group    => "service",
 763       :desc    => "The directory where catalog previews per node are generated."
 764     }
 765   )
 766 
 767   settings.define_settings(:module_tool,
 768     :module_repository  => {
 769       :default  => 'https://forgeapi.puppet.com',
 770       :desc     => "The module repository",
 771     },
 772     :module_working_dir => {
 773         :default  => (Puppet::Util::Platform.windows? ? Dir.tmpdir() : '$vardir/puppet-module'),
 774         :desc     => "The directory into which module tool data is stored",
 775     },
 776     :forge_authorization => {
 777         :default  => nil,
 778         :desc     => "The authorization key to connect to the Puppet Forge. Leave blank for unauthorized or license based connections",
 779     },
 780     :module_groups => {
 781         :default  => nil,
 782         :desc     => "Extra module groups to request from the Puppet Forge. This is an internal setting, and users should never change it.",
 783     }
 784   )
 785 
 786     settings.define_settings(
 787     :main,
 788 
 789     # We have to downcase the fqdn, because the current ssl stuff (as opposed to in master) doesn't have good facilities for
 790     # manipulating naming.
 791     :certname => {
 792       :default => lambda { Puppet::Settings.default_certname.downcase },
 793       :desc => "The name to use when handling certificates. When a node
 794         requests a certificate from the CA Puppet Server, it uses the value of the
 795         `certname` setting as its requested Subject CN.
 796 
 797         This is the name used when managing a node's permissions in
 798         Puppet Server's [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).
 799         In most cases, it is also used as the node's name when matching
 800         [node definitions](https://puppet.com/docs/puppet/latest/lang_node_definitions.html)
 801         and requesting data from an ENC. (This can be changed with the `node_name_value`
 802         and `node_name_fact` settings, although you should only do so if you have
 803         a compelling reason.)
 804 
 805         A node's certname is available in Puppet manifests as `$trusted['certname']`. (See
 806         [Facts and Built-In Variables](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html)
 807         for more details.)
 808 
 809         * For best compatibility, you should limit the value of `certname` to
 810           only use lowercase letters, numbers, periods, underscores, and dashes. (That is,
 811           it should match `/\A[a-z0-9._-]+\Z/`.)
 812         * The special value `ca` is reserved, and can't be used as the certname
 813           for a normal node.
 814 
 815           **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors.
 816 
 817         Defaults to the node's fully qualified domain name.",
 818       :call_hook => :on_initialize_and_write,
 819       :hook => proc { |value|
 820         raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase
 821       }},
 822     :dns_alt_names => {
 823       :default => '',
 824       :desc    => <<EOT,
 825 A comma-separated list of alternate DNS names for Puppet Server. These are extra
 826 hostnames (in addition to its `certname`) that the server is allowed to use when
 827 serving agents. Puppet checks this setting when automatically creating a
 828 certificate for Puppet agent or Puppet Server. These can be either IP or DNS, and the type
 829 should be specified and followed with a colon. Untyped inputs will default to DNS.
 830 
 831 In order to handle agent requests at a given hostname (like
 832 "puppet.example.com"), Puppet Server needs a certificate that proves it's
 833 allowed to use that name; if a server shows a certificate that doesn't include
 834 its hostname, Puppet agents will refuse to trust it. If you use a single
 835 hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each
 836 of those servers needs to include the official hostname in its list of extra
 837 names.
 838 
 839 **Note:** The list of alternate names is locked in when the server's
 840 certificate is signed. If you need to change the list later, you can't just
 841 change this setting; you also need to regenerate the certificate. For more
 842 information on that process, see the 
 843 [cert regen docs](https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html).
 844 
 845 To see all the alternate names your servers are using, log into your CA server
 846 and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`.
 847 Most agent nodes should NOT have alternate names; the only certs that should
 848 have them are Puppet Server nodes that you want other agents to trust.
 849 EOT
 850     },
 851     :csr_attributes => {
 852       :default => "$confdir/csr_attributes.yaml",
 853       :type => :file,
 854       :desc => <<EOT
 855 An optional file containing custom attributes to add to certificate signing
 856 requests (CSRs). You should ensure that this file does not exist on your CA
 857 Puppet Server; if it does, unwanted certificate extensions may leak into
 858 certificates created with the `puppetserver ca generate` command.
 859 
 860 If present, this file must be a YAML hash containing a `custom_attributes` key
 861 and/or an `extension_requests` key. The value of each key must be a hash, where
 862 each key is a valid OID and each value is an object that can be cast to a string.
 863 
 864 Custom attributes can be used by the CA when deciding whether to sign the
 865 certificate, but are then discarded. Attribute OIDs can be any OID value except
 866 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4).
 867 This is useful for embedding a pre-shared key for autosigning policy executables
 868 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7`
 869 ("challenge password") OID.
 870 
 871 Extension requests will be permanently embedded in the final certificate.
 872 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`),
 873 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`), or
 874 "ppAuthCertExt" (`1.3.6.1.4.1.34380.1.3`) OID arcs. The ppRegCertExt arc is
 875 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`),
 876 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`)
 877 --- in the YAML file, these can be referred to by their short descriptive names
 878 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used
 879 for site-specific extensions. The ppAuthCert arc is reserved for two pieces of
 880 data to embed: `pp_authorization` (`.1`) and `pp_auth_role` (`.13`). As with
 881 ppRegCertExt, in the YAML file, these can be referred to by their short
 882 descriptive name instead of their full OID.
 883 EOT
 884     },
 885     :certdir => {
 886       :default => "$ssldir/certs",
 887       :type   => :directory,
 888       :mode => "0755",
 889       :owner => "service",
 890       :group => "service",
 891       :desc => "The certificate directory."
 892     },
 893     :ssldir => {
 894       :default => "$confdir/ssl",
 895       :type   => :directory,
 896       :mode => "0771",
 897       :owner => "service",
 898       :group => "service",
 899       :desc => "Where SSL certificates are kept."
 900     },
 901     :ssl_lockfile => {
 902       :default => "$ssldir/ssl.lock",
 903       :type    => :string,
 904       :desc    => "A lock file to indicate that the ssl bootstrap process is currently in progress.",
 905     },
 906     :publickeydir => {
 907       :default => "$ssldir/public_keys",
 908       :type   => :directory,
 909       :mode => "0755",
 910       :owner => "service",
 911       :group => "service",
 912       :desc => "The public key directory."
 913     },
 914     :requestdir => {
 915       :default => "$ssldir/certificate_requests",
 916       :type => :directory,
 917       :mode => "0755",
 918       :owner => "service",
 919       :group => "service",
 920       :desc => "Where host certificate requests are stored."
 921     },
 922     :privatekeydir => {
 923       :default => "$ssldir/private_keys",
 924       :type   => :directory,
 925       :mode => "0750",
 926       :owner => "service",
 927       :group => "service",
 928       :desc => "The private key directory."
 929     },
 930     :privatedir => {
 931       :default => "$ssldir/private",
 932       :type   => :directory,
 933       :mode => "0750",
 934       :owner => "service",
 935       :group => "service",
 936       :desc => "Where the client stores private certificate information."
 937     },
 938     :passfile => {
 939       :default => "$privatedir/password",
 940       :type   => :file,
 941       :mode => "0640",
 942       :owner => "service",
 943       :group => "service",
 944       :desc => "Where puppet agent stores the password for its private key.
 945         Generally unused."
 946     },
 947     :hostcsr => {
 948       :default => "$requestdir/$certname.pem",
 949       :type   => :file,
 950       :mode => "0644",
 951       :owner => "service",
 952       :group => "service",
 953       :desc => "Where individual hosts store their certificate request (CSR)
 954          while waiting for the CA to issue their certificate."
 955     },
 956     :hostcert => {
 957       :default => "$certdir/$certname.pem",
 958       :type   => :file,
 959       :mode => "0644",
 960       :owner => "service",
 961       :group => "service",
 962       :desc => "Where individual hosts store and look for their certificates."
 963     },
 964     :hostprivkey => {
 965       :default => "$privatekeydir/$certname.pem",
 966       :type   => :file,
 967       :mode => "0640",
 968       :owner => "service",
 969       :group => "service",
 970       :desc => "Where individual hosts store and look for their private key."
 971     },
 972     :hostpubkey => {
 973       :default => "$publickeydir/$certname.pem",
 974       :type   => :file,
 975       :mode => "0644",
 976       :owner => "service",
 977       :group => "service",
 978       :desc => "Where individual hosts store and look for their public key."
 979     },
 980     :localcacert => {
 981       :default => "$certdir/ca.pem",
 982       :type   => :file,
 983       :mode => "0644",
 984       :owner => "service",
 985       :group => "service",
 986       :desc => "Where each client stores the CA certificate."
 987     },
 988     :ca_fingerprint => {
 989       :default => nil,
 990       :type   => :string,
 991       :desc => "The expected fingerprint of the CA certificate. If specified, the agent
 992         will compare the CA certificate fingerprint that it downloads against this value
 993         and reject the CA certificate if the values do not match. This only applies
 994         during the first download of the CA certificate."
 995     },
 996     :ssl_trust_store => {
 997       :default => nil,
 998       :type => :file,
 999       :desc => "A file containing CA certificates in PEM format that puppet should trust
1000         when making HTTPS requests. This **only** applies to https requests to non-puppet
1001         infrastructure, such as retrieving file metadata and content from https file sources,
1002         puppet module tool and the 'http' report processor. This setting is ignored when
1003         making requests to puppet:// URLs such as catalog and report requests.",
1004     },
1005     :hostcrl => {
1006       :default => "$ssldir/crl.pem",
1007       :type   => :file,
1008       :mode => "0644",
1009       :owner => "service",
1010       :group => "service",
1011       :desc => "Where the host's certificate revocation list can be found.
1012         This is distinct from the certificate authority's CRL."
1013     },
1014     :certificate_revocation => {
1015         :default  => 'chain',
1016         :type     => :certificate_revocation,
1017         :desc     => <<-'EOT'
1018           Whether certificate revocation checking should be enabled, and what level of
1019           checking should be performed.
1020 
1021           When certificate revocation is enabled, Puppet expects the contents of its CRL
1022           to be one or more PEM-encoded CRLs concatenated together. When using a cert
1023           bundle, CRLs for all CAs in the chain of trust must be included in the crl file.
1024           The chain should be ordered from least to most authoritative, with the first CRL
1025           listed being for the root of the chain and the last being for the leaf CA.
1026 
1027           When certificate_revocation is set to 'true' or 'chain', Puppet ensures
1028           that each CA in the chain of trust has not been revoked by its issuing CA.
1029 
1030           When certificate_revocation is set to 'leaf', Puppet verifies certs against
1031           the issuing CA's revocation list, but it does not verify the revocation status
1032           of the issuing CA or any CA above it within the chain of trust.
1033 
1034           When certificate_revocation is set to 'false', Puppet disables all
1035           certificate revocation checking and does not attempt to download the CRL.
1036         EOT
1037     },
1038     :ciphers => {
1039       :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256',
1040       :type => :string,
1041       :desc => "The list of ciphersuites for TLS connections initiated by puppet. The
1042                 default value is chosen to support TLS 1.0 and up, but can be made
1043                 more restrictive if needed. The ciphersuites must be specified in OpenSSL
1044                 format, not IANA."
1045     },
1046     :key_type => {
1047       :default => 'rsa',
1048       :type    => :enum,
1049       :values  => %w[rsa ec],
1050       :desc    => "The type of private key. Valid values are `rsa` and `ec`. Default is `rsa`."
1051     },
1052     :named_curve => {
1053       :default => 'prime256v1',
1054       :type    => :string,
1055       :desc    => "The short name for the EC curve used to generate the EC private key. Valid
1056                    values must be one of the curves in `OpenSSL::PKey::EC.builtin_curves`.
1057                    Default is `prime256v1`."
1058     },
1059     :digest_algorithm => {
1060         :default  => lambda { default_digest_algorithm },
1061         :type     => :enum,
1062         :values   => valid_digest_algorithms,
1063         :desc     => "Which digest algorithm to use for file resources and the filebucket.
1064                       Valid values are #{valid_digest_algorithms.join(', ')}. Default is
1065                       #{default_digest_algorithm}.",
1066     },
1067     :supported_checksum_types => {
1068       :default => lambda { default_file_checksum_types },
1069       :type    => :array,
1070       :desc    => "Checksum types supported by this agent for use in file resources of a
1071                    static catalog. Values must be comma-separated. Valid types are
1072                    #{valid_file_checksum_types.join(', ')}. Default is
1073                    #{default_file_checksum_types.join(', ')}.",
1074       :hook    => proc do |value|
1075         values = munge(value)
1076 
1077         invalid = values - Puppet.valid_file_checksum_types
1078         if not invalid.empty?
1079           raise ArgumentError, _("Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'") % {
1080             value: invalid.first, name: @name, allowed_values: Puppet.valid_file_checksum_types.join("', '")
1081           }
1082         end
1083       end
1084     },
1085     :logdest => {
1086       :type      => :string,
1087       :desc      => "Where to send log messages. Choose between 'syslog' (the POSIX syslog
1088       service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
1089       file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
1090       # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook,
1091       # unfortunately we have a large number of tests that rely on the logging not resetting itself when the
1092       # settings are initialized as they test what gets logged during settings initialization.
1093     }
1094   )
1095 
1096     settings.define_settings(
1097     :ca,
1098     :ca_name => {
1099       :default => "Puppet CA: $certname",
1100       :desc    => "The name to use the Certificate Authority certificate.",
1101     },
1102     :cadir => {
1103       :default => lambda { default_cadir },
1104       :type => :directory,
1105       :desc => "The root directory for the certificate authority.",
1106     },
1107     :cacert => {
1108       :default => "$cadir/ca_crt.pem",
1109       :type => :file,
1110       :desc => "The CA certificate.",
1111     },
1112     :cakey => {
1113       :default => "$cadir/ca_key.pem",
1114       :type => :file,
1115       :desc => "The CA private key.",
1116     },
1117     :capub => {
1118       :default => "$cadir/ca_pub.pem",
1119       :type => :file,
1120       :desc => "The CA public key.",
1121     },
1122     :cacrl => {
1123       :default => "$cadir/ca_crl.pem",
1124       :type => :file,
1125       :desc => "The certificate revocation list (CRL) for the CA.",
1126     },
1127     :csrdir => {
1128       :default => "$cadir/requests",
1129       :type => :directory,
1130       :desc => "Where the CA stores certificate requests.",
1131     },
1132     :signeddir => {
1133       :default => "$cadir/signed",
1134       :type => :directory,
1135       :desc => "Where the CA stores signed certificates.",
1136     },
1137     :serial => {
1138       :default => "$cadir/serial",
1139       :type => :file,
1140       :desc => "Where the serial number for certificates is stored.",
1141     },
1142     :autosign => {
1143       :default => "$confdir/autosign.conf",
1144       :type => :autosign,
1145       :desc => "Whether (and how) to autosign certificate requests. This setting
1146         is only relevant on a Puppet Server acting as a certificate authority (CA).
1147 
1148         Valid values are true (autosigns all certificate requests; not recommended),
1149         false (disables autosigning certificates), or the absolute path to a file.
1150 
1151         The file specified in this setting may be either a **configuration file**
1152         or a **custom policy executable.** Puppet will automatically determine
1153         what it is: If the Puppet user (see the `user` setting) can execute the
1154         file, it will be treated as a policy executable; otherwise, it will be
1155         treated as a config file.
1156 
1157         If a custom policy executable is configured, the CA Puppet Server will run it
1158         every time it receives a CSR. The executable will be passed the subject CN of the
1159         request _as a command line argument,_ and the contents of the CSR in PEM format
1160         _on stdin._ It should exit with a status of 0 if the cert should be autosigned
1161         and non-zero if the cert should not be autosigned.
1162 
1163         If a certificate request is not autosigned, it will persist for review. An admin
1164         user can use the `puppetserver ca sign` command to manually sign it, or can delete
1165         the request.
1166 
1167         For info on autosign configuration files, see
1168         [the guide to Puppet's config files](https://puppet.com/docs/puppet/latest/config_file_autosign.html).",
1169     },
1170     :allow_duplicate_certs => {
1171       :default    => false,
1172       :type       => :boolean,
1173       :desc       => "Whether to allow a new certificate request to overwrite an existing
1174         certificate request. If true, then the old certificate must be cleaned using
1175         `puppetserver ca clean`, and the new request signed using `puppetserver ca sign`."
1176     },
1177     :ca_ttl => {
1178       :default    => "5y",
1179       :type       => :duration,
1180       :desc       => "The default TTL for new certificates.
1181       #{AS_DURATION}",
1182     },
1183     :crl_refresh_interval => {
1184       :type       => :duration,
1185       :desc       => "How often the Puppet agent refreshes its local CRL. By
1186          default the CRL is only downloaded once, and never refreshed. If a
1187          duration is specified, then the agent will refresh its CRL whenever it
1188          next runs and the elapsed time since the CRL was last refreshed exceeds
1189          the duration.
1190 
1191          In general, the duration should be greater than the `runinterval`.
1192          Setting it to an equal or lesser value will cause the CRL to be
1193          refreshed on every run.
1194 
1195          If the agent downloads a new CRL, the agent will use it for subsequent
1196          network requests. If the refresh request fails or if the CRL is
1197          unchanged on the server, then the agent run will continue using the
1198          local CRL it already has.#{AS_DURATION}",
1199     },
1200     :keylength => {
1201       :default    => 4096,
1202       :type       => :integer,
1203       :desc       => "The bit length of keys.",
1204     },
1205     :cert_inventory => {
1206       :default => "$cadir/inventory.txt",
1207       :type => :file,
1208       :desc => "The inventory file. This is a text file to which the CA writes a
1209         complete listing of all certificates.",
1210     }
1211   )
1212 
1213   # Define the config default.
1214 
1215     settings.define_settings(:application,
1216       :config_file_name => {
1217           :type     => :string,
1218           :default  => Puppet::Settings.default_config_file_name,
1219           :desc     => "The name of the puppet config file.",
1220       },
1221       :config => {
1222           :type => :file,
1223           :default  => "$confdir/${config_file_name}",
1224           :desc     => "The configuration file for the current puppet application.",
1225       },
1226       :pidfile => {
1227           :type => :file,
1228           :default  => "$rundir/${run_mode}.pid",
1229           :desc     => "The file containing the PID of a running process.
1230             This file is intended to be used by service management frameworks
1231             and monitoring systems to determine if a puppet process is still in
1232             the process table.",
1233       },
1234       :sourceaddress => {
1235         :default    => nil,
1236         :desc       => "The address the agent should use to initiate requests.",
1237       },
1238   )
1239 
1240   settings.define_settings(:environment,
1241     :manifest => {
1242       :default    => nil,
1243       :type       => :file_or_directory,
1244       :desc       => "The entry-point manifest for the primary server. This can be one file
1245         or a directory of manifests to be evaluated in alphabetical order. Puppet manages
1246         this path as a directory if one exists or if the path ends with a / or \\.
1247 
1248         Setting a global value for `manifest` in puppet.conf is not allowed
1249         (but it can be overridden from the commandline). Please use
1250         directory environments instead. If you need to use something other than the
1251         environment's `manifests` directory as the main manifest, you can set
1252         `manifest` in environment.conf. For more info, see
1253         <https://puppet.com/docs/puppet/latest/environments_about.html>",
1254     },
1255     :modulepath => {
1256       :default => "",
1257       :type => :path,
1258       :desc => "The search path for modules, as a list of directories separated by the system
1259         path separator character. (The POSIX path separator is ':', and the
1260         Windows path separator is ';'.)
1261 
1262         Setting a global value for `modulepath` in puppet.conf is not allowed
1263         (but it can be overridden from the commandline). Please use
1264         directory environments instead. If you need to use something other than the
1265         default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`,
1266         you can set `modulepath` in environment.conf. For more info, see
1267         <https://puppet.com/docs/puppet/latest/environments_about.html>",
1268     },
1269     :config_version => {
1270       :default    => "",
1271       :desc       => "How to determine the configuration version.  By default, it will be the
1272       time that the configuration is parsed, but you can provide a shell script to override how the
1273       version is determined.  The output of this script will be added to every log message in the
1274       reports, allowing you to correlate changes on your hosts to the source version on the server.
1275 
1276       Setting a global value for config_version in puppet.conf is not allowed
1277       (but it can be overridden from the commandline). Please set a
1278       per-environment value in environment.conf instead. For more info, see
1279       <https://puppet.com/docs/puppet/latest/environments_about.html>",
1280     }
1281   )
1282 
1283   settings.define_settings(:server,
1284     :user => {
1285       :default    => "puppet",
1286       :desc       => "The user Puppet Server will run as. Used to ensure
1287       the agent side processes (agent, apply, etc) create files and
1288       directories readable by Puppet Server when necessary.",
1289     },
1290     :group => {
1291       :default    => "puppet",
1292       :desc       => "The group Puppet Server will run as. Used to ensure
1293       the agent side processes (agent, apply, etc) create files and
1294       directories readable by Puppet Server when necessary.",
1295     },
1296     :default_manifest => {
1297       :default    => "./manifests",
1298       :type       => :string,
1299       :desc       => "The default main manifest for directory environments. Any environment that
1300         doesn't set the `manifest` setting in its `environment.conf` file will use
1301         this manifest.
1302 
1303         This setting's value can be an absolute or relative path. An absolute path
1304         will make all environments default to the same main manifest; a relative
1305         path will allow each environment to use its own manifest, and Puppet will
1306         resolve the path relative to each environment's main directory.
1307 
1308         In either case, the path can point to a single file or to a directory of
1309         manifests to be evaluated in alphabetical order.",
1310     },
1311     :disable_per_environment_manifest => {
1312       :default    => false,
1313       :type       => :boolean,
1314       :desc       => "Whether to disallow an environment-specific main manifest. When set
1315         to `true`, Puppet will use the manifest specified in the `default_manifest` setting
1316         for all environments. If an environment specifies a different main manifest in its
1317         `environment.conf` file, catalog requests for that environment will fail with an error.
1318 
1319         This setting requires `default_manifest` to be set to an absolute path.",
1320       :hook       => proc do |value|
1321         if value && !Pathname.new(Puppet[:default_manifest]).absolute?
1322           raise(Puppet::Settings::ValidationError,
1323                 "The 'default_manifest' setting must be set to an absolute path when 'disable_per_environment_manifest' is true")
1324         end
1325       end,
1326     },
1327     :code => {
1328       :default    => "",
1329       :desc       => "Code to parse directly.  This is essentially only used
1330       by `puppet`, and should only be set if you're writing your own Puppet
1331       executable.",
1332     },
1333     :masterport => {
1334       :default    => 8140,
1335       :type       => :port,
1336       :desc       => "The default port puppet subcommands use to communicate
1337       with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
1338       overridden by more specific settings (see `ca_port`, `report_port`).",
1339     },
1340     :serverport => {
1341       :type => :alias,
1342       :alias_for => :masterport
1343     },
1344     :bucketdir => {
1345       :default => "$vardir/bucket",
1346       :type => :directory,
1347       :mode => "0750",
1348       :owner => "service",
1349       :group => "service",
1350       :desc => "Where FileBucket files are stored."
1351     },
1352     :trusted_oid_mapping_file => {
1353       :default    => "$confdir/custom_trusted_oid_mapping.yaml",
1354       :type       => :file,
1355       :desc       => "File that provides mapping between custom SSL oids and user-friendly names"
1356     },
1357     :basemodulepath => {
1358       :default => lambda { default_basemodulepath },
1359       :type => :path,
1360       :desc => "The search path for **global** modules. Should be specified as a
1361         list of directories separated by the system path separator character. (The
1362         POSIX path separator is ':', and the Windows path separator is ';'.)
1363 
1364         These are the modules that will be used by _all_ environments. Note that
1365         the `modules` directory of the active environment will have priority over
1366         any global directories. For more info, see
1367         <https://puppet.com/docs/puppet/latest/environments_about.html>",
1368     },
1369     :vendormoduledir => {
1370       :default => lambda { default_vendormoduledir },
1371       :type => :string,
1372       :desc => "The directory containing **vendored** modules. These modules will
1373       be used by _all_ environments like those in the `basemodulepath`. The only
1374       difference is that modules in the `basemodulepath` are pluginsynced, while
1375       vendored modules are not",
1376     },
1377     :ssl_client_header => {
1378       :default    => "HTTP_X_CLIENT_DN",
1379       :desc       => "The header containing an authenticated client's SSL DN.
1380       This header must be set by the proxy to the authenticated client's SSL
1381       DN (e.g., `/CN=puppet.puppetlabs.com`).  Puppet will parse out the Common
1382       Name (CN) from the Distinguished Name (DN) and use the value of the CN
1383       field for authorization.
1384 
1385       Note that the name of the HTTP header gets munged by the web server
1386       common gateway interface: an `HTTP_` prefix is added, dashes are converted
1387       to underscores, and all letters are uppercased.  Thus, to use the
1388       `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`.",
1389     },
1390     :ssl_client_verify_header => {
1391       :default    => "HTTP_X_CLIENT_VERIFY",
1392       :desc       => "The header containing the status message of the client
1393       verification. This header must be set by the proxy to 'SUCCESS' if the
1394       client successfully authenticated, and anything else otherwise.
1395 
1396       Note that the name of the HTTP header gets munged by the web server
1397       common gateway interface: an `HTTP_` prefix is added, dashes are converted
1398       to underscores, and all letters are uppercased.  Thus, to use the
1399       `X-Client-Verify` header, this setting should be
1400       `HTTP_X_CLIENT_VERIFY`.",
1401     },
1402     # To make sure this directory is created before we try to use it on the server, we need
1403     # it to be in the server section (#1138).
1404     :yamldir => {
1405       :default => "$vardir/yaml",
1406       :type => :directory,
1407       :owner => "service",
1408       :group => "service",
1409       :mode => "0750",
1410       :desc => "The directory in which YAML data is stored, usually in a subdirectory."},
1411     :server_datadir => {
1412       :default => "$vardir/server_data",
1413       :type => :directory,
1414       :owner => "service",
1415       :group => "service",
1416       :mode => "0750",
1417       :desc => "The directory in which serialized data is stored, usually in a subdirectory."},
1418     :reports => {
1419       :default    => "store",
1420       :desc       => "The list of report handlers to use. When using multiple report handlers,
1421         their names should be comma-separated, with whitespace allowed. (For example,
1422         `reports = http, store`.)
1423 
1424         This setting is relevant to puppet server and puppet apply. The primary Puppet
1425         server will call these report handlers with the reports it receives from
1426         agent nodes, and puppet apply will call them with its own report. (In
1427         all cases, the node applying the catalog must have `report = true`.)
1428 
1429         See the report reference for information on the built-in report
1430         handlers; custom report handlers can also be loaded from modules.
1431         (Report handlers are loaded from the lib directory, at
1432         `puppet/reports/NAME.rb`.)
1433 
1434         To turn off reports entirely, set this to `none`",
1435     },
1436     :reportdir => {
1437       :default => "$vardir/reports",
1438       :type => :directory,
1439       :mode => "0750",
1440       :owner => "service",
1441       :group => "service",
1442       :desc => "The directory in which to store reports. Each node gets
1443         a separate subdirectory in this directory. This setting is only
1444         used when the `store` report processor is enabled (see the
1445         `reports` setting)."},
1446     :reporturl => {
1447       :default    => "http://localhost:3000/reports/upload",
1448       :desc       => "The URL that reports should be forwarded to. This setting
1449         is only used when the `http` report processor is enabled (see the
1450         `reports` setting).",
1451     },
1452     :fileserverconfig => {
1453       :default    => "$confdir/fileserver.conf",
1454       :type       => :file,
1455       :desc       => "Where the fileserver configuration is stored.",
1456     })
1457 
1458   settings.define_settings(:device,
1459     :devicedir =>  {
1460         :default  => "$vardir/devices",
1461         :type     => :directory,
1462         :mode     => "0750",
1463         :owner    => "service",
1464         :group    => "service",
1465         :desc     => "The root directory of devices' $vardir.",
1466     },
1467     :deviceconfig => {
1468         :default  => "$confdir/device.conf",
1469         :desc     => "Path to the device config file for puppet device.",
1470     }
1471   )
1472 
1473   settings.define_settings(:agent,
1474     :node_name_value => {
1475       :default => "$certname",
1476       :desc => "The explicit value used for the node name for all requests the agent
1477         makes to the primary server. WARNING: This setting is mutually exclusive with
1478         node_name_fact.  Changing this setting also requires changes to
1479         Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html)."
1480     },
1481     :node_name_fact => {
1482       :default => "",
1483       :desc => "The fact name used to determine the node name used for all requests the agent
1484         makes to the primary server. WARNING: This setting is mutually exclusive with
1485         node_name_value.  Changing this setting also requires changes to
1486         Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).",
1487       :hook => proc do |value|
1488         if !value.empty? and Puppet[:node_name_value] != Puppet[:certname]
1489           raise "Cannot specify both the node_name_value and node_name_fact settings"
1490         end
1491       end
1492     },
1493     :statefile => {
1494       :default => "$statedir/state.yaml",
1495       :type => :file,
1496       :mode => "0640",
1497       :desc => "Where Puppet agent and Puppet Server store state associated
1498         with the running configuration.  In the case of Puppet Server,
1499         this file reflects the state discovered through interacting
1500         with clients."
1501     },
1502     :statettl => {
1503       :default => "32d",
1504       :type    => :ttl,
1505       :desc    => "How long the Puppet agent should cache when a resource was last checked or synced.
1506       #{AS_DURATION}
1507       A value of `0` or `unlimited` will disable cache pruning.
1508 
1509       This setting affects the usage of `schedule` resources, as the information
1510       about when a resource was last checked (and therefore when it needs to be
1511       checked again) is stored in the `statefile`. The `statettl` needs to be
1512       large enough to ensure that a resource will not trigger multiple times
1513       during a schedule due to its entry expiring from the cache."
1514     },
1515     :transactionstorefile => {
1516       :default => "$statedir/transactionstore.yaml",
1517       :type => :file,
1518       :mode => "0640",
1519       :desc => "Transactional storage file for persisting data between
1520         transactions for the purposes of infering information (such as
1521         corrective_change) on new data received."
1522     },
1523     :clientyamldir => {
1524       :default => "$vardir/client_yaml",
1525       :type => :directory,
1526       :mode => "0750",
1527       :desc => "The directory in which client-side YAML data is stored."
1528     },
1529     :client_datadir => {
1530       :default => "$vardir/client_data",
1531       :type => :directory,
1532       :mode => "0750",
1533       :desc => "The directory in which serialized data is stored on the client."
1534     },
1535     :classfile => {
1536       :default => "$statedir/classes.txt",
1537       :type => :file,
1538       :owner => "root",
1539       :mode => "0640",
1540       :desc => "The file in which puppet agent stores a list of the classes
1541         associated with the retrieved configuration.  Can be loaded in
1542         the separate `puppet` executable using the `--loadclasses`
1543         option."},
1544     :resourcefile => {
1545       :default => "$statedir/resources.txt",
1546       :type => :file,
1547       :owner => "root",
1548       :mode => "0640",
1549       :desc => "The file in which puppet agent stores a list of the resources
1550         associated with the retrieved configuration."  },
1551     :puppetdlog => {
1552       :default => "$logdir/puppetd.log",
1553       :type => :file,
1554       :owner => "root",
1555       :mode => "0640",
1556       :desc => "The fallback log file. This is only used when the `--logdest` option
1557         is not specified AND Puppet is running on an operating system where both
1558         the POSIX syslog service and the Windows Event Log are unavailable. (Currently,
1559         no supported operating systems match that description.)
1560 
1561         Despite the name, both puppet agent and puppet server will use this file
1562         as the fallback logging destination.
1563 
1564         For control over logging destinations, see the `--logdest` command line
1565         option in the manual pages for puppet server, puppet agent, and puppet
1566         apply. You can see man pages by running `puppet <SUBCOMMAND> --help`,
1567         or read them online at https://puppet.com/docs/puppet/latest/man/."
1568     },
1569     :deviceconfdir => {
1570       :default  => "$confdir/devices",
1571       :type     => :directory,
1572       :mode     => "0750",
1573       :owner    => "service",
1574       :group    => "service",
1575       :desc     => "The root directory of devices' $confdir.",
1576     },
1577     :server => {
1578       :default => "puppet",
1579       :desc => "The primary Puppet server to which the Puppet agent should connect.",
1580     },
1581     :server_list => {
1582       :default => [],
1583       :type => :server_list,
1584       :desc => "The list of primary Puppet servers to which the Puppet agent should connect,
1585         in the order that they will be tried. Each value should be a fully qualified domain name, followed by an optional ':' and port number. If a port is omitted, Puppet uses masterport for that host.",
1586     },
1587     :use_srv_records => {
1588       :default    => false,
1589       :type       => :boolean,
1590       :desc       => "Whether the server will search for SRV records in DNS for the current domain.",
1591     },
1592     :srv_domain => {
1593       :default    => lambda { Puppet::Settings.domain_fact },
1594       :desc       => "The domain which will be queried to find the SRV records of servers to use.",
1595     },
1596     :http_extra_headers => {
1597       :default => [],
1598       :type => :http_extra_headers,
1599       :desc => "The list of extra headers that will be sent with http requests to the primary server.
1600       The header definition consists of a name and a value separated by a colon."
1601     },
1602     :ignoreschedules => {
1603       :default    => false,
1604       :type       => :boolean,
1605       :desc       => "Boolean; whether puppet agent should ignore schedules.  This is useful
1606       for initial puppet agent runs.",
1607     },
1608     :default_schedules => {
1609       :default    => true,
1610       :type       => :boolean,
1611       :desc       => "Boolean; whether to generate the default schedule resources. Setting this to
1612       false is useful for keeping external report processors clean of skipped schedule resources.",
1613     },
1614     :noop => {
1615       :default    => false,
1616       :type       => :boolean,
1617       :desc       => "Whether to apply catalogs in noop mode, which allows Puppet to
1618         partially simulate a normal run. This setting affects puppet agent and
1619         puppet apply.
1620 
1621         When running in noop mode, Puppet will check whether each resource is in sync,
1622         like it does when running normally. However, if a resource attribute is not in
1623         the desired state (as declared in the catalog), Puppet will take no
1624         action, and will instead report the changes it _would_ have made. These
1625         simulated changes will appear in the report sent to the primary Puppet server, or
1626         be shown on the console if running puppet agent or puppet apply in the
1627         foreground. The simulated changes will not send refresh events to any
1628         subscribing or notified resources, although Puppet will log that a refresh
1629         event _would_ have been sent.
1630 
1631         **Important note:**
1632         [The `noop` metaparameter](https://puppet.com/docs/puppet/latest/metaparameter.html#noop)
1633         allows you to apply individual resources in noop mode, and will override
1634         the global value of the `noop` setting. This means a resource with
1635         `noop => false` _will_ be changed if necessary, even when running puppet
1636         agent with `noop = true` or `--noop`. (Conversely, a resource with
1637         `noop => true` will only be simulated, even when noop mode is globally disabled.)",
1638     },
1639     :runinterval => {
1640       :default  => "30m",
1641       :type     => :duration,
1642       :desc     => "How often puppet agent applies the catalog.
1643           Note that a runinterval of 0 means \"run continuously\" rather than
1644           \"never run.\" #{AS_DURATION}",
1645     },
1646     :runtimeout => {
1647       :default  => "1h",
1648       :type     => :duration,
1649       :desc     => "The maximum amount of time an agent run is allowed to take.
1650           A Puppet agent run that exceeds this timeout will be aborted. A value
1651           of 0 disables the timeout. Defaults to 1 hour. #{AS_DURATION}",
1652     },
1653     :ca_server => {
1654       :default    => "$server",
1655       :desc       => "The server to use for certificate
1656       authority requests.  It's a separate server because it cannot
1657       and does not need to horizontally scale.",
1658     },
1659     :ca_port => {
1660       :default    => "$serverport",
1661       :type       => :port,
1662       :desc       => "The port to use for the certificate authority.",
1663     },
1664     :preferred_serialization_format => {
1665       :default    => "json",
1666       :desc       => "The preferred means of serializing
1667       ruby instances for passing over the wire.  This won't guarantee that all
1668       instances will be serialized using this method, since not all classes
1669       can be guaranteed to support this format, but it will be used for all
1670       classes that support it.",
1671     },
1672     :agent_catalog_run_lockfile => {
1673       :default    => "$statedir/agent_catalog_run.lock",
1674       :type       => :string, # (#2888) Ensure this file is not added to the settings catalog.
1675       :desc       => "A lock file to indicate that a puppet agent catalog run is currently in progress.
1676         The file contains the pid of the process that holds the lock on the catalog run.",
1677     },
1678     :agent_disabled_lockfile => {
1679         :default    => "$statedir/agent_disabled.lock",
1680         :type       => :string,
1681         :desc       => "A lock file to indicate that puppet agent runs have been administratively
1682           disabled.  File contains a JSON object with state information.",
1683     },
1684     :usecacheonfailure => {
1685       :default    => true,
1686       :type       => :boolean,
1687       :desc       => "Whether to use the cached configuration when the remote
1688         configuration will not compile.  This option is useful for testing
1689         new configurations, where you want to fix the broken configuration
1690         rather than reverting to a known-good one.",
1691     },
1692     :fact_name_length_soft_limit => {
1693       :default    => 2560,
1694       :type       => :integer,
1695       :desc       => "The soft limit for the length of a fact name.",
1696     },
1697     :fact_value_length_soft_limit => {
1698       :default    => 4096,
1699       :type       => :integer,
1700       :desc       => "The soft limit for the length of a fact value.",
1701     },
1702     :top_level_facts_soft_limit => {
1703       :default    => 512,
1704       :type       => :integer,
1705       :desc       => "The soft limit for the number of top level facts.",
1706     },
1707     :number_of_facts_soft_limit => {
1708       :default    => 2048,
1709       :type       => :integer,
1710       :desc       => "The soft limit for the total number of facts.",
1711     },
1712     :payload_soft_limit => {
1713       :default    => 16 * 1024 * 1024,
1714       :type       => :integer,
1715       :desc       => "The soft limit for the size of the payload.",
1716     },
1717     :use_cached_catalog => {
1718       :default    => false,
1719       :type       => :boolean,
1720       :desc       => "Whether to only use the cached catalog rather than compiling a new catalog
1721         on every run.  Puppet can be run with this enabled by default and then selectively
1722         disabled when a recompile is desired. Because a Puppet agent using cached catalogs
1723         does not contact the primary server for a new catalog, it also does not upload facts at
1724         the beginning of the Puppet run.",
1725     },
1726     :ignoremissingtypes => {
1727       :default    => false,
1728       :type       => :boolean,
1729       :desc       => "Skip searching for classes and definitions that were missing during a
1730         prior compilation. The list of missing objects is maintained per-environment and
1731         persists until the environment is cleared or the primary server is restarted.",
1732     },
1733     :splaylimit => {
1734       :default    => "$runinterval",
1735       :type       => :duration,
1736       :desc       => "The maximum time to delay before an agent's first run when
1737         `splay` is enabled. Defaults to the agent's `$runinterval`. The
1738         `splay` interval is random and recalculated each time the agent is started or
1739         restarted. #{AS_DURATION}",
1740     },
1741     :splay => {
1742       :default    => false,
1743       :type       => :boolean,
1744       :desc       => "Whether to sleep for a random amount of time, ranging from
1745         immediately up to its `$splaylimit`, before performing its first agent run
1746         after a service restart. After this period, the agent runs periodically
1747         on its `$runinterval`.
1748 
1749         For example, assume a default 30-minute `$runinterval`, `splay` set to its
1750         default of `false`, and an agent starting at :00 past the hour. The agent
1751         would check in every 30 minutes at :01 and :31 past the hour.
1752 
1753         With `splay` enabled, it waits any amount of time up to its `$splaylimit`
1754         before its first run. For example, it might randomly wait 8 minutes,
1755         then start its first run at :08 past the hour. With the `$runinterval`
1756         at its default 30 minutes, its next run will be at :38 past the hour.
1757 
1758         If you restart an agent's puppet service with `splay` enabled, it
1759         recalculates its splay period and delays its first agent run after
1760         restarting for this new period. If you simultaneously restart a group of
1761         puppet agents with `splay` enabled, their checkins to your primary servers
1762         can be distributed more evenly.",
1763     },
1764     :clientbucketdir => {
1765       :default  => "$vardir/clientbucket",
1766       :type     => :directory,
1767       :mode     => "0750",
1768       :desc     => "Where FileBucket files are stored locally."
1769     },
1770     :report_server => {
1771       :default  => "$server",
1772       :desc     => "The server to send transaction reports to.",
1773     },
1774     :report_port => {
1775       :default  => "$serverport",
1776       :type     => :port,
1777       :desc     => "The port to communicate with the report_server.",
1778     },
1779     :report => {
1780       :default  => true,
1781       :type     => :boolean,
1782       :desc     => "Whether to send reports after every transaction.",
1783     },
1784     :report_include_system_store => {
1785       :default  => false,
1786       :type     => :boolean,
1787       :desc     => "Whether the 'http' report processor should include the system
1788         certificate store when submitting reports to HTTPS URLs. If false, then
1789         the 'http' processor will only trust HTTPS report servers whose certificates
1790         are issued by the puppet CA or one of its intermediate CAs. If true, the
1791         processor will additionally trust CA certificates in the system's
1792         certificate store."
1793     },
1794     :resubmit_facts => {
1795       :default  => false,
1796       :type     => :boolean,
1797       :desc     => "Whether to send updated facts after every transaction. By default
1798         puppet only submits facts at the beginning of the transaction before applying a
1799         catalog. Since puppet can modify the state of the system, the value of the facts
1800         may change after puppet finishes. Therefore, any facts stored in puppetdb may not
1801         be consistent until the agent next runs, typically in 30 minutes. If this feature
1802         is enabled, puppet will resubmit facts after applying its catalog, ensuring facts
1803         for the node stored in puppetdb are current. However, this will double the fact
1804         submission load on puppetdb, so it is disabled by default.",
1805     },
1806     :publicdir => {
1807       :default  => nil,
1808       :type     => :directory,
1809       :mode     => "0755",
1810       :desc     => "Where Puppet stores public files."
1811     },
1812     :lastrunfile =>  {
1813       :default  => "$publicdir/last_run_summary.yaml",
1814       :type     => :file,
1815       :mode     => "0640",
1816       :desc     => "Where puppet agent stores the last run report summary in yaml format."
1817     },
1818     :lastrunreport =>  {
1819       :default  => "$statedir/last_run_report.yaml",
1820       :type     => :file,
1821       :mode     => "0640",
1822       :desc     => "Where Puppet Agent stores the last run report, by default, in yaml format.
1823         The format of the report can be changed by setting the `cache` key of the `report` terminus
1824         in the [routes.yaml](https://puppet.com/docs/puppet/latest/config_file_routes.html) file.
1825         To avoid mismatches between content and file extension, this setting needs to be
1826         manually updated to reflect the terminus changes."
1827     },
1828     :graph => {
1829       :default  => false,
1830       :type     => :boolean,
1831       :desc     => "Whether to create .dot graph files, which let you visualize the
1832         dependency and containment relationships in Puppet's catalog. You
1833         can load and view these files with tools like
1834         [OmniGraffle](http://www.omnigroup.com/applications/omnigraffle/) (OS X)
1835         or [graphviz](http://www.graphviz.org/) (multi-platform).
1836 
1837         Graph files are created when _applying_ a catalog, so this setting
1838         should be used on nodes running `puppet agent` or `puppet apply`.
1839 
1840         The `graphdir` setting determines where Puppet will save graphs. Note
1841         that we don't save graphs for historical runs; Puppet will replace the
1842         previous .dot files with new ones every time it applies a catalog.
1843 
1844         See your graphing software's documentation for details on opening .dot
1845         files. If you're using GraphViz's `dot` command, you can do a quick PNG
1846         render with `dot -Tpng <DOT FILE> -o <OUTPUT FILE>`.",
1847     },
1848     :graphdir => {
1849       :default    => "$statedir/graphs",
1850       :type       => :directory,
1851       :desc       => "Where to save .dot-format graphs (when the `graph` setting is enabled).",
1852     },
1853     :waitforcert => {
1854       :default  => "2m",
1855       :type     => :duration,
1856       :desc     => "How frequently puppet agent should ask for a signed certificate.
1857 
1858       When starting for the first time, puppet agent will submit a certificate
1859       signing request (CSR) to the server named in the `ca_server` setting
1860       (usually the primary Puppet server); this may be autosigned, or may need to be
1861       approved by a human, depending on the CA server's configuration.
1862 
1863       Puppet agent cannot apply configurations until its approved certificate is
1864       available. Since the certificate may or may not be available immediately,
1865       puppet agent will repeatedly try to fetch it at this interval. You can
1866       turn off waiting for certificates by specifying a time of 0, or a maximum
1867       amount of time to wait in the `maxwaitforcert` setting, in which case
1868       puppet agent will exit if it cannot get a cert.
1869       #{AS_DURATION}",
1870     },
1871     :maxwaitforcert => {
1872       :default  => "unlimited",
1873       :type     => :ttl,
1874       :desc     => "The maximum amount of time the Puppet agent should wait for its
1875       certificate request to be signed. A value of `unlimited` will cause puppet agent
1876       to ask for a signed certificate indefinitely.
1877       #{AS_DURATION}",
1878     },
1879     :waitforlock => {
1880       :default  => "0",
1881       :type     => :duration,
1882       :desc     => "How frequently puppet agent should try running when there is an
1883       already ongoing puppet agent instance.
1884 
1885       This argument is by default disabled (value set to 0). In this case puppet agent will
1886       immediately exit if it cannot run at that moment. When a value other than 0 is set, this
1887       can also be used in combination with the `maxwaitforlock` argument.
1888       #{AS_DURATION}",
1889     },
1890     :maxwaitforlock => {
1891       :default  => "1m",
1892       :type     => :ttl,
1893       :desc     => "The maximum amount of time the puppet agent should wait for an
1894       already running puppet agent to finish before starting a new one. This is set by default to 1 minute.
1895       A value of `unlimited` will cause puppet agent to wait indefinitely.
1896       #{AS_DURATION}",
1897     }
1898   )
1899 
1900   # Plugin information.
1901 
1902   settings.define_settings(
1903     :main,
1904     :plugindest => {
1905       :type       => :directory,
1906       :default    => "$libdir",
1907       :desc       => "Where Puppet should store plugins that it pulls down from the central
1908       server.",
1909     },
1910     :pluginsource => {
1911       :default    => "puppet:///plugins",
1912       :desc       => "From where to retrieve plugins.  The standard Puppet `file` type
1913       is used for retrieval, so anything that is a valid file source can
1914       be used here.",
1915     },
1916     :pluginfactdest => {
1917       :type     => :directory,
1918       :default  => "$vardir/facts.d",
1919       :desc     => "Where Puppet should store external facts that are being handled by pluginsync",
1920     },
1921     :pluginfactsource => {
1922       :default  => "puppet:///pluginfacts",
1923       :desc     => "Where to retrieve external facts for pluginsync",
1924     },
1925     :localedest => {
1926       :type       => :directory,
1927       :default    => "$vardir/locales",
1928       :desc       => "Where Puppet should store translation files that it pulls down from the central
1929       server.",
1930     },
1931     :localesource => {
1932       :default    => "puppet:///locales",
1933       :desc       => "From where to retrieve translation files.  The standard Puppet `file` type
1934       is used for retrieval, so anything that is a valid file source can
1935       be used here.",
1936     },
1937     :pluginsync => {
1938       :default    => true,
1939       :type       => :boolean,
1940       :desc       => "Whether plugins should be synced with the central server. This setting is
1941         deprecated.",
1942       :hook => proc { |value|
1943         #TRANSLATORS 'pluginsync' is a setting and should not be translated
1944         Puppet.deprecation_warning(_("Setting 'pluginsync' is deprecated."))
1945       }
1946     },
1947     :pluginsignore => {
1948         :default  => ".svn CVS .git .hg",
1949         :desc     => "What files to ignore when pulling down plugins.",
1950     },
1951     :ignore_plugin_errors => {
1952       :default    => false,
1953       :type       => :boolean,
1954       :desc       => "Whether the puppet run should ignore errors during pluginsync. If the setting
1955         is false and there are errors during pluginsync, then the agent will abort the run and
1956         submit a report containing information about the failed run."
1957     }
1958   )
1959 
1960   # Central fact information.
1961 
1962     settings.define_settings(
1963     :main,
1964     :factpath => {
1965       :type     => :path,
1966       :default  => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts",
1967       :desc     => "Where Puppet should look for facts.  Multiple directories should
1968         be separated by the system path separator character. (The POSIX path
1969         separator is ':', and the Windows path separator is ';'.)",
1970 
1971       :call_hook => :on_initialize_and_write, # Call our hook with the default value, so we always get the value added to facter.
1972       :hook => proc do |value|
1973         paths = value.split(File::PATH_SEPARATOR)
1974         Facter.search(*paths)
1975       end
1976     }
1977   )
1978 
1979   settings.define_settings(
1980     :transaction,
1981     :tags => {
1982       :default    => "",
1983       :desc       => "Tags to use to find resources.  If this is set, then
1984         only resources tagged with the specified tags will be applied.
1985         Values must be comma-separated.",
1986     },
1987     :skip_tags => {
1988       :default    => "",
1989       :desc       => "Tags to use to filter resources.  If this is set, then
1990         only resources not tagged with the specified tags will be applied.
1991         Values must be comma-separated.",
1992     },
1993     :evaltrace => {
1994       :default    => false,
1995       :type       => :boolean,
1996       :desc       => "Whether each resource should log when it is
1997         being evaluated.  This allows you to interactively see exactly
1998         what is being done.",
1999     },
2000     :summarize => {
2001         :default  => false,
2002         :type     => :boolean,
2003         :desc     => "Whether to print a transaction summary.",
2004     }
2005   )
2006 
2007     settings.define_settings(
2008     :main,
2009     :external_nodes => {
2010         :default  => "none",
2011         :desc     => "The external node classifier (ENC) script to use for node data.
2012           Puppet combines this data with the main manifest to produce node catalogs.
2013 
2014           To enable this setting, set the `node_terminus` setting to `exec`.
2015 
2016           This setting's value must be the path to an executable command that
2017           can produce node information. The command must:
2018 
2019           * Take the name of a node as a command-line argument.
2020           * Return a YAML hash with up to three keys:
2021             * `classes` --- A list of classes, as an array or hash.
2022             * `environment` --- A string.
2023             * `parameters` --- A list of top-scope variables to set, as a hash.
2024           * For unknown nodes, exit with a non-zero exit code.
2025 
2026           Generally, an ENC script makes requests to an external data source.
2027 
2028           For more info, see [the ENC documentation](https://puppet.com/docs/puppet/latest/nodes_external.html).",
2029     }
2030     )
2031 
2032         settings.define_settings(
2033         :ldap,
2034     :ldapssl => {
2035       :default  => false,
2036       :type   => :boolean,
2037       :desc   => "Whether SSL should be used when searching for nodes.
2038         Defaults to false because SSL usually requires certificates
2039         to be set up on the client side.",
2040     },
2041     :ldaptls => {
2042       :default  => false,
2043       :type     => :boolean,
2044       :desc     => "Whether TLS should be used when searching for nodes.
2045         Defaults to false because TLS usually requires certificates
2046         to be set up on the client side.",
2047     },
2048     :ldapserver => {
2049       :default  => "ldap",
2050       :desc     => "The LDAP server.",
2051     },
2052     :ldapport => {
2053       :default  => 389,
2054       :type     => :port,
2055       :desc     => "The LDAP port.",
2056     },
2057 
2058     :ldapstring => {
2059       :default  => "(&(objectclass=puppetClient)(cn=%s))",
2060       :desc     => "The search string used to find an LDAP node.",
2061     },
2062     :ldapclassattrs => {
2063       :default  => "puppetclass",
2064       :desc     => "The LDAP attributes to use to define Puppet classes.  Values
2065         should be comma-separated.",
2066     },
2067     :ldapstackedattrs => {
2068       :default  => "puppetvar",
2069       :desc     => "The LDAP attributes that should be stacked to arrays by adding
2070         the values in all hierarchy elements of the tree.  Values
2071         should be comma-separated.",
2072     },
2073     :ldapattrs => {
2074       :default  => "all",
2075       :desc     => "The LDAP attributes to include when querying LDAP for nodes.  All
2076         returned attributes are set as variables in the top-level scope.
2077         Multiple values should be comma-separated.  The value 'all' returns
2078         all attributes.",
2079     },
2080     :ldapparentattr => {
2081       :default  => "parentnode",
2082       :desc     => "The attribute to use to define the parent node.",
2083     },
2084     :ldapuser => {
2085       :default  => "",
2086       :desc     => "The user to use to connect to LDAP.  Must be specified as a
2087         full DN.",
2088     },
2089     :ldappassword => {
2090       :default  => "",
2091       :desc     => "The password to use to connect to LDAP.",
2092     },
2093     :ldapbase => {
2094         :default  => "",
2095         :desc     => "The search base for LDAP searches.  It's impossible to provide
2096           a meaningful default here, although the LDAP libraries might
2097           have one already set.  Generally, it should be the 'ou=Hosts'
2098           branch under your main directory.",
2099     }
2100   )
2101 
2102   settings.define_settings(:server,
2103     :storeconfigs => {
2104       :default  => false,
2105       :type     => :boolean,
2106       :desc     => "Whether to store each client's configuration, including catalogs, facts,
2107         and related data. This also enables the import and export of resources in
2108         the Puppet language - a mechanism for exchange resources between nodes.
2109 
2110         By default this uses the 'puppetdb' backend.
2111 
2112         You can adjust the backend using the storeconfigs_backend setting.",
2113       # Call our hook with the default value, so we always get the libdir set.
2114       :call_hook => :on_initialize_and_write,
2115       :hook => proc do |value|
2116         require_relative '../puppet/node'
2117         require_relative '../puppet/node/facts'
2118         if value
2119           Puppet::Resource::Catalog.indirection.set_global_setting(:cache_class, :store_configs)
2120           settings.override_default(:catalog_cache_terminus, :store_configs)
2121           Puppet::Node::Facts.indirection.set_global_setting(:cache_class, :store_configs)
2122           Puppet::Resource.indirection.set_global_setting(:terminus_class, :store_configs)
2123         end
2124       end
2125     },
2126     :storeconfigs_backend => {
2127       :type => :terminus,
2128       :default => "puppetdb",
2129       :desc => "Configure the backend terminus used for StoreConfigs.
2130         By default, this uses the PuppetDB store, which must be installed
2131         and configured before turning on StoreConfigs."
2132     }
2133   )
2134 
2135   settings.define_settings(:parser,
2136    :max_errors => {
2137      :default => 10,
2138      :type => :integer,
2139      :desc => <<-'EOT'
2140        Sets the max number of logged/displayed parser validation errors in case
2141        multiple errors have been detected. A value of 0 is the same as a value of 1; a
2142        minimum of one error is always raised.  The count is per manifest.
2143      EOT
2144    },
2145    :max_warnings => {
2146      :default => 10,
2147      :type => :integer,
2148      :desc => <<-'EOT'
2149        Sets the max number of logged/displayed parser validation warnings in
2150        case multiple warnings have been detected. A value of 0 blocks logging of
2151        warnings.  The count is per manifest.
2152      EOT
2153      },
2154   :max_deprecations => {
2155     :default => 10,
2156     :type => :integer,
2157     :desc => <<-'EOT'
2158       Sets the max number of logged/displayed parser validation deprecation
2159       warnings in case multiple deprecation warnings have been detected. A value of 0
2160       blocks the logging of deprecation warnings.  The count is per manifest.
2161     EOT
2162     },
2163   :strict_variables => {
2164     :default => false,
2165     :type => :boolean,
2166     :desc => <<-'EOT'
2167       Causes an evaluation error when referencing unknown variables. (This does not affect
2168       referencing variables that are explicitly set to undef).
2169     EOT
2170     },
2171   :tasks => {
2172     :default => false,
2173     :type => :boolean,
2174     :desc => <<-'EOT'
2175       Turns on experimental support for tasks and plans in the puppet language. This is for internal API use only.
2176       Do not change this setting.
2177     EOT
2178     }
2179   )
2180   settings.define_settings(:puppetdoc,
2181     :document_all => {
2182         :default  => false,
2183         :type     => :boolean,
2184         :desc     => "Whether to document all resources when using `puppet doc` to
2185           generate manifest documentation.",
2186     }
2187   )
2188 
2189   settings.define_settings(
2190     :main,
2191     :rich_data => {
2192       :default  => true,
2193       :type     => :boolean,
2194       :desc     => <<-'EOT'
2195         Enables having extended data in the catalog by storing them as a hash with the special key
2196         `__ptype`. When enabled, resource containing values of the data types `Binary`, `Regexp`,
2197         `SemVer`, `SemVerRange`, `Timespan` and `Timestamp`, as well as instances of types derived
2198         from `Object` retain their data type.
2199       EOT
2200     }
2201   )
2202   end
initialize_facts() click to toggle source

Initialize puppet's core facts. It should not be called before initialize_settings.

    # File lib/puppet.rb
193 def self.initialize_facts
194   # Add the puppetversion fact; this is done before generating the hash so it is
195   # accessible to custom facts.
196   Facter.add(:puppetversion) do
197     setcode { Puppet.version.to_s }
198   end
199 
200   Facter.add(:agent_specified_environment) do
201     setcode do
202       Puppet.settings.set_by_cli(:environment) ||
203         Puppet.settings.set_in_section(:environment, :agent) ||
204         Puppet.settings.set_in_section(:environment, :main)
205     end
206   end
207 end
initialize_settings(args = [], require_config = true, push_settings_globally = true, runtime_implementations = {}) click to toggle source

Initialize puppet's settings. This is intended only for use by external tools that are not

built off of the Faces API or the Puppet::Util::Application class. It may also be used
to initialize state so that a Face may be used programatically, rather than as a stand-alone
command-line tool.

@api public @param args [Array<String>] the command line arguments to use for initialization @param require_config [Boolean] controls loading of Puppet configuration files @param global_settings [Boolean] controls push to global context after settings object initialization @param runtime_implementations [Hash<Symbol, Object>] runtime implementations to register @return [void]

    # File lib/puppet.rb
152 def self.initialize_settings(args = [], require_config = true, push_settings_globally = true, runtime_implementations = {})
153   do_initialize_settings_for_run_mode(:user, args, require_config, push_settings_globally, runtime_implementations)
154 end
instances() click to toggle source
    # File lib/puppet/type/exec.rb
626 def self.instances
627   []
628 end
lookup(name, &block) click to toggle source

Lookup a binding by name or return a default value provided by a passed block (if given). @api private

    # File lib/puppet.rb
297 def self.lookup(name, &block)
298   @context.lookup(name, &block)
299 end
mark_context(name) click to toggle source

@api private

    # File lib/puppet.rb
322 def self.mark_context(name)
323   @context.mark(name)
324 end
minor_version() click to toggle source

@return [String] containing the puppet version to minor specificity, e.g. “3.0”

   # File lib/puppet/version.rb
68 def self.minor_version
69   self.version.split('.')[0..1].join('.')
70 end
mkdefaultbucket() click to toggle source

Create a default filebucket.

   # File lib/puppet/type/filebucket.rb
85 def self.mkdefaultbucket
86   new(:name => "puppet", :path => Puppet[:clientbucketdir])
87 end
mkdefaultschedules() click to toggle source
    # File lib/puppet/type/schedule.rb
392 def self.mkdefaultschedules
393   result = []
394   unless Puppet[:default_schedules]
395     Puppet.debug "Not creating default schedules: default_schedules is false"
396     return result
397   end
398 
399   Puppet.debug "Creating default schedules"
400 
401         result << self.new(
402 
403     :name => "puppet",
404     :period => :hourly,
405 
406     :repeat => "2"
407   )
408 
409   # And then one for every period
410   @parameters.find { |p| p.name == :period }.value_collection.values.each { |value|
411 
412           result << self.new(
413       :name => value.to_s,
414       :period => value
415     )
416   }
417 
418   result
419 end
needs_ensure_retrieved() click to toggle source
    # File lib/puppet/type/service.rb
294 def self.needs_ensure_retrieved
295   false
296 end
newcheck(name, options = {}, &block) click to toggle source

Create a new check mechanism. It's basically a parameter that provides one extra 'check' method.

   # File lib/puppet/type/exec.rb
73 def self.newcheck(name, options = {}, &block)
74   @checks ||= {}
75 
76   check = newparam(name, options, &block)
77   @checks[name] = check
78 end
normalize(source) click to toggle source
    # File lib/puppet/type/file/source.rb
124 def self.normalize(source)
125   source.sub(/[#{SEPARATOR_REGEX}]+$/, '')
126 end
override(bindings, description = "", &block) click to toggle source

@param bindings [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @yield [] A block executed in the context of the temporarily pushed bindings. @api private

    # File lib/puppet.rb
305 def self.override(bindings, description = "", &block)
306   @context.override(bindings, description, &block)
307 end
parameters_to_include() click to toggle source
    # File lib/puppet/type/package.rb
284 def self.parameters_to_include
285   [:provider]
286 end
pop_context() click to toggle source

Return to the previous context. @raise [StackUnderflow] if the current context is the root @api private

    # File lib/puppet.rb
291 def self.pop_context
292   @context.pop
293 end
push_context(overrides, description = "") click to toggle source

@param overrides [Hash] A hash of bindings to be merged with the parent context. @param description [String] A description of the context. @api private

    # File lib/puppet.rb
276 def self.push_context(overrides, description = "")
277   @context.push(overrides, description)
278 end
push_context_global(overrides, description = '') click to toggle source

Push something onto the the context and make it global across threads. This has the potential to convert threadlocal overrides earlier on the stack into global overrides. @api private

    # File lib/puppet.rb
284 def self.push_context_global(overrides, description = '')
285   @context.unsafe_push_global(overrides, description)
286 end
replace_settings_object(new_settings) click to toggle source

The puppetserver project has its own settings class that is thread-aware; this method is here to allow the puppetserver to define its own custom settings class for multithreaded puppet. It is not intended for use outside of the puppetserver implmentation.

   # File lib/puppet.rb
71 def self.replace_settings_object(new_settings)
72   @@settings = new_settings
73 end
restore(name) click to toggle source

@param name The name of a previously ignored context key to restore; intended for test usage. @api private

    # File lib/puppet.rb
317 def self.restore(name)
318   @context.restore(name)
319 end
rollback_context(name) click to toggle source

@api private

    # File lib/puppet.rb
327 def self.rollback_context(name)
328   @context.rollback(name)
329 end
run_mode() click to toggle source
    # File lib/puppet.rb
117 def self.run_mode
118   # This sucks (the existence of this method); there are a lot of places in our code that branch based the value of
119   # "run mode", but there used to be some really confusing code paths that made it almost impossible to determine
120   # when during the lifecycle of a puppet application run the value would be set properly.  A lot of the lifecycle
121   # stuff has been cleaned up now, but it still seems frightening that we rely so heavily on this value.
122   #
123   # I'd like to see about getting rid of the concept of "run_mode" entirely, but there are just too many places in
124   # the code that call this method at the moment... so I've settled for isolating it inside of the Settings class
125   # (rather than using a global variable, as we did previously...).  Would be good to revisit this at some point.
126   #
127   # --cprice 2012-03-16
128   Puppet::Util::RunMode[@@settings.preferred_run_mode]
129 end
runtime() click to toggle source
    # File lib/puppet.rb
331 def self.runtime
332   @runtime
333 end
settings() click to toggle source

Note: It's important that these accessors (`self.settings`, `self.[]`) are defined before we try to load any “features” (which happens a few lines below), because the implementation of the features loading may examine the values of settings.

   # File lib/puppet.rb
63 def self.settings
64   @@settings
65 end
title_patterns() click to toggle source

We have more than one namevar, so we need title_patterns. However, we cheat and set the patterns to map to name only and completely ignore provider (and command, for targetable providers). So far, the logic that determines uniqueness appears to just “Do The Right Thing™” when provider (and command) are explicitly set.

The following resources will be seen as unique by puppet:

# Uniqueness Key: ['mysql', nil]
package {'mysql': }

# Uniqueness Key: ['mysql', 'gem', nil]
package {'gem-mysql':
  name     => 'mysql,
  provider => gem,
}

# Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem']
package {'gem-mysql-opt':
  name     => 'mysql,
  provider => gem
  command  => '/opt/ruby/bin/gem',
}

This does not handle the case where providers like 'yum' and 'rpm' should clash. Also, declarations that implicitly use the default provider will clash with those that explicitly use the default.

    # File lib/puppet/type/package.rb
342 def self.title_patterns
343   # This is the default title pattern for all types, except hard-wired to
344   # set only name.
345   [ [ /(.*)/m, [ [:name] ] ] ]
346 end
valid_digest_algorithms() click to toggle source
   # File lib/puppet/defaults.rb
17 def self.valid_digest_algorithms
18   Puppet::Util::Platform.fips_enabled? ?
19     %w[sha256 sha384 sha512 sha224] :
20     %w[sha256 sha384 sha512 sha224 md5]
21 end
valid_file_checksum_types() click to toggle source
   # File lib/puppet/defaults.rb
29 def self.valid_file_checksum_types
30   Puppet::Util::Platform.fips_enabled? ?
31     %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite mtime ctime] :
32     %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime]
33 end
version() click to toggle source

version is a public API method intended to always provide a fast and lightweight way to determine the version of Puppet.

The intent is that software external to Puppet be able to determine the Puppet version with no side-effects. The expected use is:

require 'puppet/version'
version = Puppet.version

This function has the following ordering precedence. This precedence list is designed to facilitate automated packaging tasks by simply writing to the VERSION file in the same directory as this source file.

1. If a version has been explicitly assigned using the Puppet.version=
   method, return that version.
2. If there is a VERSION file, read the contents, trim any
   trailing whitespace, and return that version string.
3. Return the value of the Puppet::PUPPETVERSION constant hard-coded into
   the source code.

If there is no VERSION file, the method must return the version string of the nearest parent version that is an officially released version. That is to say, if a branch named 3.1.x contains 25 patches on top of the most recent official release of 3.1.1, then the version method must return the string “3.1.1” if no “VERSION” file is present.

By design the version identifier is not intended to vary during the life a process. There is no guarantee provided that writing to the VERSION file while a Puppet process is running will cause the version string to be updated. On the contrary, the contents of the VERSION are cached to reduce filesystem accesses.

The VERSION file is intended to be used by package maintainers who may be applying patches or otherwise changing the software version in a manner that warrants a different software version identifier. The VERSION file is intended to be managed and owned by the release process and packaging related tasks, and as such should not reside in version control. The PUPPETVERSION constant is intended to be version controlled in history.

Ideally, this behavior will allow package maintainers to precisely specify the version of the software they're packaging as in the following example:

$ git describe --match "3.0.*" > lib/puppet/VERSION
$ ruby -r puppet -e 'puts Puppet.version'
3.0.1-260-g9ca4e54

@api public

@return [String] containing the puppet version, e.g. “3.0.1”

   # File lib/puppet/version.rb
61 def self.version
62   version_file = File.join(File.dirname(__FILE__), 'VERSION')
63   return @puppet_version if @puppet_version
64   @puppet_version = read_version_file(version_file) || PUPPETVERSION
65 end
version=(version) click to toggle source
   # File lib/puppet/version.rb
72 def self.version=(version)
73   @puppet_version = version
74 end

Private Class Methods

do_initialize_settings_for_run_mode(run_mode, args, require_config, push_settings_globally, runtime_implementations) click to toggle source

private helper method to provide the implementation details of initializing for a run mode,

but allowing us to control where the deprecation warning is issued
    # File lib/puppet.rb
177 def self.do_initialize_settings_for_run_mode(run_mode, args, require_config, push_settings_globally, runtime_implementations)
178   Puppet.settings.initialize_global_settings(args, require_config)
179   run_mode = Puppet::Util::RunMode[run_mode]
180   Puppet.settings.initialize_app_defaults(Puppet::Settings.app_defaults_for_run_mode(run_mode))
181   if push_settings_globally
182     initialize_load_path
183     push_context_global(Puppet.base_context(Puppet.settings), "Initial context after settings initialization")
184     Puppet::Parser::Functions.reset
185   end
186   runtime_implementations.each_pair do |name, impl|
187     Puppet.runtime[name] = impl
188   end
189 end
initialize_load_path() click to toggle source
    # File lib/puppet.rb
169 def self.initialize_load_path
170   $LOAD_PATH.unshift(Puppet[:libdir])
171   $LOAD_PATH.concat(vendored_modules)
172 end
read_version_file(path) click to toggle source

read_version_file reads the content of the “VERSION” file that lives in the same directory as this source code file.

@api private

@return [String] for example: “1.6.14-6-gea42046” or nil if the VERSION

file does not exist.
   # File lib/puppet/version.rb
84 def self.read_version_file(path)
85   if File.exist?(path)
86     File.read(path).chomp
87   end
88 end
vendored_modules() click to toggle source
    # File lib/puppet.rb
156 def self.vendored_modules
157   dir = Puppet[:vendormoduledir]
158   if dir && File.directory?(dir)
159     Dir.entries(dir)
160       .reject { |f| f =~ /^\./ }
161       .map { |f| File.join(dir, f, "lib") }
162       .select { |d| FileTest.directory?(d) }
163   else
164     []
165   end
166 end

Public Instance Methods

actual_should(currentvalue, newvalue) click to toggle source

Calculates the actual should value given the current and new values. This is only used in should_to_s and change_to_s to fix the change notification issue reported in PUP-6542.

    # File lib/puppet/type/group.rb
123 def actual_should(currentvalue, newvalue)
124   currentvalue = munge_members_value(currentvalue)
125   newvalue = munge_members_value(newvalue)
126 
127   if @resource[:auth_membership]
128     newvalue.uniq.sort 
129   else
130     (currentvalue + newvalue).uniq.sort
131   end
132 end
bucket() click to toggle source
   # File lib/puppet/type/filebucket.rb
89 def bucket
90   mkbucket unless defined?(@bucket)
91   @bucket
92 end
change_to_s(currentvalue, newvalue) click to toggle source

Make output a bit prettier

    # File lib/puppet/type/exec.rb
120 def change_to_s(currentvalue, newvalue)
121   _("executed successfully")
122 end
check(value) click to toggle source

We always fail this test, because we're only supposed to run on refresh.

    # File lib/puppet/type/exec.rb
401 def check(value)
402   # We have to invert the values.
403   if value == :true
404     false
405   else
406     true
407   end
408 end
check_all_attributes(refreshing = false) click to toggle source

Verify that we pass all of the checks. The argument determines whether we skip the :refreshonly check, which is necessary because we now check within refresh

    # File lib/puppet/type/exec.rb
633 def check_all_attributes(refreshing = false)
634   self.class.checks.each { |check|
635     next if refreshing and check == :refreshonly
636     if @parameters.include?(check)
637       val = @parameters[check].value
638       val = [val] unless val.is_a? Array
639       val.each do |value|
640         if !@parameters[check].check(value)
641           # Give a debug message so users can figure out what command would have been
642           # but don't print sensitive commands or parameters in the clear
643           cmdstring = @parameters[:command].sensitive ? "[command redacted]" : @parameters[:command].value
644 
645           debug(_("'%{cmd}' won't be executed because of failed check '%{check}'") % { cmd: cmdstring, check: check })
646 
647           return false
648         end
649       end
650     end
651   }
652 
653   true
654 end
checksum() click to toggle source
    # File lib/puppet/type/file/source.rb
137 def checksum
138   metadata && metadata.checksum
139 end
chunk_file_from_disk(local_path) { |chunk| ... } click to toggle source
    # File lib/puppet/type/file/source.rb
283 def chunk_file_from_disk(local_path)
284   File.open(local_path, "rb") do |src|
285     while chunk = src.read(8192) #rubocop:disable Lint/AssignmentInCondition
286       yield chunk
287     end
288   end
289 end
chunk_file_from_source(&block) click to toggle source
    # File lib/puppet/type/file/source.rb
323 def chunk_file_from_source(&block)
324   if uri.scheme =~ /^https?/
325     # Historically puppet has not encoded the http(s) source URL before parsing
326     # it, for example, if the path contains spaces, then it must be URL encoded
327     # as %20 in the manifest. Puppet behaves the same when retrieving file
328     # metadata via http(s), see Puppet::Indirector::FileMetadata::Http#find.
329     url = URI.parse(metadata.source)
330     get_from_http_source(url, &block)
331   elsif metadata.content_uri
332     content_url = URI.parse(Puppet::Util.uri_encode(metadata.content_uri))
333     get_from_content_uri_source(content_url, &block)
334   else
335     get_from_source_uri_source(uri, &block)
336   end
337 rescue Puppet::HTTP::ResponseError => e
338   handle_response_error(e.response)
339 end
clear() click to toggle source

This only exists for testing.

    # File lib/puppet/type/package.rb
612 def clear
613   obj = @parameters[:ensure]
614   if obj
615     obj.latest = nil
616   end
617 end
content() click to toggle source
   # File lib/puppet/type/file/content.rb
92 def content
93   self.should
94 end
content_is_really_a_checksum?() click to toggle source
    # File lib/puppet/type/file/content.rb
162 def content_is_really_a_checksum?
163   checksum?(should)
164 end
copy_source_value(metadata_method) click to toggle source
    # File lib/puppet/type/file/source.rb
254 def copy_source_value(metadata_method)
255   param_name = (metadata_method == :checksum) ? :content : metadata_method
256   if resource[param_name].nil? or resource[param_name] == :absent
257     if Puppet::Util::Platform.windows? && [:owner, :group, :mode].include?(metadata_method)
258       devfail "Should not have tried to use source owner/mode/group on Windows"
259     end
260 
261     value = metadata.send(metadata_method)
262     # Force the mode value in file resources to be a string containing octal.
263     value = value.to_s(8) if param_name == :mode && value.is_a?(Numeric)
264     resource[param_name] = value
265 
266     if (metadata_method == :checksum)
267       # If copying checksum, also copy checksum_type
268       resource[:checksum] = metadata.checksum_type
269     end
270   end
271 end
copy_source_values() click to toggle source

Copy the values from the source to the resource. Yay.

    # File lib/puppet/type/file/source.rb
142 def copy_source_values
143   devfail "Somehow got asked to copy source values without any metadata" unless metadata
144 
145   # conditionally copy :checksum
146   if metadata.ftype != "directory" && !(metadata.ftype == "link" && metadata.links == :manage)
147     copy_source_value(:checksum)
148   end
149 
150   # Take each of the stats and set them as states on the local file
151   # if a value has not already been provided.
152   [:owner, :mode, :group].each do |metadata_method|
153     next if metadata_method == :owner and !Puppet.features.root?
154     next if metadata_method == :group and !Puppet.features.root?
155 
156     case resource[:source_permissions]
157     when :ignore, nil
158       next
159     when :use_when_creating
160       next if Puppet::FileSystem.exist?(resource[:path])
161     end
162 
163     copy_source_value(metadata_method)
164   end
165 
166   if resource[:ensure] == :absent
167     # We know all we need to
168   elsif metadata.ftype != "link"
169     resource[:ensure] = metadata.ftype
170   elsif resource[:links] == :follow
171     resource[:ensure] = :present
172   else
173     resource[:ensure] = "link"
174     resource[:target] = metadata.destination
175   end
176 end
current_username() click to toggle source
    # File lib/puppet/type/exec.rb
676 def current_username
677   Etc.getpwuid(Process.uid).name
678 end
delimiter() click to toggle source
    # File lib/puppet/type/group.rb
192 def delimiter
193   " "
194 end
desired_mode_from_current(desired, current) click to toggle source
    # File lib/puppet/type/file/mode.rb
102 def desired_mode_from_current(desired, current)
103   current = current.to_i(8) if current.is_a? String
104   is_a_directory = @resource.stat && @resource.stat.directory?
105   symbolic_mode_to_int(desired, current, is_a_directory)
106 end
dirmask(value) click to toggle source

If we're a directory, we need to be executable for all cases that are readable. This should probably be selectable, but eh.

    # File lib/puppet/type/file/mode.rb
110 def dirmask(value)
111   if FileTest.directory?(resource[:path]) and value =~ /^\d+$/ then
112     value = value.to_i(8)
113     value |= 0100 if value & 0400 != 0
114     value |= 010 if value & 040 != 0
115     value |= 01 if value & 04 != 0
116     value = value.to_s(8)
117   end
118 
119   value
120 end
each_chunk_from() { |actual_content| ... } click to toggle source

the content is munged so if it's a checksum source_or_content is nil unless the checksum indirectly comes from source

    # File lib/puppet/type/file/content.rb
152 def each_chunk_from
153   if actual_content.is_a?(String)
154     yield actual_content
155   elsif content_is_really_a_checksum? && actual_content.nil?
156     yield read_file_from_filebucket
157   elsif actual_content.nil?
158     yield ''
159   end
160 end
event_name() click to toggle source
   # File lib/puppet/type/exec.rb
90 def event_name
91   :executed_command
92 end
exists?() click to toggle source

This method has been exposed for puppet to manage users and groups of files in its settings and should not be considered available outside of puppet.

(see Puppet::Settings#service_group_available?)

@return [Boolean] if the group exists on the system @api private

    # File lib/puppet/type/group.rb
234 def exists?
235   provider.exists?
236 end
find_unmanaged_keys() click to toggle source

Generate ssh_authorized_keys resources for purging. The key files are taken from the purge_ssh_keys parameter. The generated resources inherit all metaparameters from the parent user resource.

@return [Array<Puppet::Type::Ssh_authorized_key] a list of resources

representing the found keys

@see generate @api private

    # File lib/puppet/type/user.rb
768 def find_unmanaged_keys
769   munged_unmanaged_keys.
770     select { |f| File.readable?(f) }.
771     map { |f| unknown_keys_in_file(f) }.
772     flatten.each do |res|
773       res[:ensure] = :absent
774       res[:user] = self[:name]
775       @parameters.each do |name, param|
776         res[name] = param.value if param.metaparam?
777       end
778     end
779 end
found?() click to toggle source
    # File lib/puppet/type/file/source.rb
250 def found?
251   ! (metadata.nil? or metadata.ftype.nil?)
252 end
full_path() click to toggle source
    # File lib/puppet/type/file/source.rb
215 def full_path
216   Puppet::Util.uri_to_path(uri) if found?
217 end
generate() click to toggle source
    # File lib/puppet/type/user.rb
697 def generate
698   if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
699     return [] if self[:ensure] == :present && !provider.exists? 
700     if Puppet::Type.type(:ssh_authorized_key).nil?
701       warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
702     else
703       return find_unmanaged_keys
704     end
705   end
706 
707   []
708 end
get_from_content_uri_source(url, &block) click to toggle source
    # File lib/puppet/type/file/source.rb
291 def get_from_content_uri_source(url, &block)
292   session = Puppet.lookup(:http_session)
293   api = session.route_to(:fileserver, url: url)
294 
295   api.get_static_file_content(
296     path: Puppet::Util.uri_unescape(url.path),
297     environment: resource.catalog.environment_instance.to_s,
298     code_id: resource.catalog.code_id,
299     &block
300   )
301 end
get_from_http_source(url, &block) click to toggle source
    # File lib/puppet/type/file/source.rb
314 def get_from_http_source(url, &block)
315   client = Puppet.runtime[:http]
316   client.get(url, options: {include_system_store: true}) do |response|
317     raise Puppet::HTTP::ResponseError.new(response) unless response.success?
318 
319     response.read_body(&block)
320   end
321 end
get_from_source_uri_source(url, &block) click to toggle source
    # File lib/puppet/type/file/source.rb
303 def get_from_source_uri_source(url, &block)
304   session = Puppet.lookup(:http_session)
305   api = session.route_to(:fileserver, url: url)
306 
307   api.get_file_content(
308     path: Puppet::Util.uri_unescape(url.path),
309     environment: resource.catalog.environment_instance.to_s,
310     &block
311   )
312 end
handle_response_error(response) click to toggle source
    # File lib/puppet/type/file/source.rb
341 def handle_response_error(response)
342   message = "Error #{response.code} on SERVER: #{response.body.empty? ? response.reason : response.body}"
343   raise Net::HTTPError.new(message, Puppet::HTTP::ResponseConverter.to_ruby_response(response))
344 end
insync?(is) click to toggle source
Calls superclass method
   # File lib/puppet/type/file/checksum_value.rb
14 def insync?(is)
15   # If checksum_value and source are specified, manage the file contents.
16   # Otherwise the content property will manage syncing.
17   if resource.parameter(:source).nil?
18     return true
19   end
20 
21   checksum_insync?(resource.parameter(:source), is, true) {|_is| super(_is)}
22 end
is_to_s(currentvalue) click to toggle source

We want to print names, not numbers

Calls superclass method
   # File lib/puppet/type/file/group.rb
33 def is_to_s(currentvalue)
34   super(provider.gid2name(currentvalue) || currentvalue)
35 end
length() click to toggle source
   # File lib/puppet/type/file/content.rb
88 def length
89   (actual_content and actual_content.length) || 0
90 end
local?() click to toggle source
    # File lib/puppet/type/file/source.rb
211 def local?
212   found? and scheme == "file"
213 end
match?(previous, now) click to toggle source
    # File lib/puppet/type/schedule.rb
150 def match?(previous, now)
151   # The lowest-level array is of the hour, minute, second triad
152   # then it's an array of two of those, to present the limits
153   # then it's an array of those ranges
154   @value = [@value] unless @value[0][0].is_a?(Array)
155   @value.any? do |range|
156     limit_start = Time.local(now.year, now.month, now.day, *range[0])
157     limit_end = Time.local(now.year, now.month, now.day, *range[1])
158 
159     if limit_start < limit_end
160       # The whole range is in one day, simple case
161       now.between?(limit_start, limit_end) && weekday_match?(now.wday)
162     else
163       # The range spans days. We have to test against a range starting
164       # today, and a range that started yesterday.
165       today = Date.new(now.year, now.month, now.day)
166       tomorrow = today.next_day
167       yesterday = today.prev_day
168 
169       # First check a range starting today
170       if now.between?(limit_start, Time.local(tomorrow.year, tomorrow.month, tomorrow.day, *range[1]))
171         weekday_match?(today.wday)
172       else
173         # Then check a range starting yesterday
174         now.between?(Time.local(yesterday.year, yesterday.month, yesterday.day, *range[0]),
175                      limit_end) &&
176           weekday_match?(yesterday.wday)
177       end
178     end
179   end
180 end
membership() click to toggle source
    # File lib/puppet/type/group.rb
188 def membership
189   :attribute_membership
190 end
metadata() click to toggle source

Provide, and retrieve if necessary, the metadata for this file. Fail if we can't find data about this host, and fail if there are any problems in our query.

    # File lib/puppet/type/file/source.rb
183 def metadata
184   @metadata ||= resource.catalog.metadata[resource.title]
185   return @metadata if @metadata
186 
187   return nil unless value
188   value.each do |source|
189     begin
190       options = {
191         :environment          => resource.catalog.environment_instance,
192         :links                => resource[:links],
193         :checksum_type        => resource[:checksum],
194         :source_permissions   => resource[:source_permissions]
195       }
196 
197       data = Puppet::FileServing::Metadata.indirection.find(source, options)
198       if data
199         @metadata = data
200         @metadata.source = source
201         break
202       end
203     rescue => detail
204       self.fail Puppet::Error, "Could not retrieve file metadata for #{source}: #{detail}", detail
205     end
206   end
207   self.fail "Could not retrieve information from environment #{resource.catalog.environment} source(s) #{value.join(", ")}" unless @metadata
208   @metadata
209 end
mkbucket() click to toggle source
    # File lib/puppet/type/filebucket.rb
 96 def mkbucket
 97   # Default is a local filebucket, if no server is given.
 98   # If the default path has been removed, too, then
 99   # the puppetmaster is used as default server
100 
101   type = "local"
102   args = {}
103   if self[:path]
104     args[:Path] = self[:path]
105   else
106     args[:Server] = self[:server]
107     args[:Port] = self[:port]
108   end
109 
110   begin
111     @bucket = Puppet::FileBucket::Dipper.new(args)
112   rescue => detail
113     message = _("Could not create %{type} filebucket: %{detail}") % { type: type, detail: detail }
114     self.log_exception(detail, message)
115     self.fail(message)
116   end
117 
118   @bucket.name = self.name
119 end
munge_members_value(value) click to toggle source

Useful helper to handle the possible property value types that we can both pass-in and return. It munges the value into an array

    # File lib/puppet/type/group.rb
136 def munge_members_value(value)
137   return [] if value == :absent
138   return value.split(',') if value.is_a?(String)
139 
140   value
141 end
munged_unmanaged_keys() click to toggle source
    # File lib/puppet/type/user.rb
781 def munged_unmanaged_keys
782   value = self[:purge_ssh_keys]
783 
784   # Resolve string, boolean and symbol forms of true and false to a
785   # single representation.
786   test_sym = value.to_s.intern
787   value = test_sym if [:true, :false].include? test_sym
788 
789   return [] if value == :false
790 
791   home = self[:home]
792   begin
793     home ||= provider.home
794   rescue
795     Puppet.debug("User '#{self[:name]}' does not exist")
796   end
797 
798   if home.to_s.empty? || !Dir.exist?(home.to_s)
799     if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
800       Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
801       return []
802     end
803   end
804 
805   return [ "#{home}/.ssh/authorized_keys" ] if value == :true
806 
807   # value is an array - munge each value
808   [ value ].flatten.map do |entry|
809     # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
810     entry = entry.gsub(/^~\//, "#{home}/")
811     entry.gsub!(/^%h\//, "#{home}/")
812     entry
813   end
814 end
output() click to toggle source
    # File lib/puppet/type/exec.rb
656 def output
657   if self.property(:returns).nil?
658     return nil
659   else
660     return self.property(:returns).output
661   end
662 end
port() click to toggle source
    # File lib/puppet/type/file/source.rb
227 def port
228   (uri and uri.port) or Puppet.settings[:serverport]
229 end
present?(current_values) click to toggle source
Calls superclass method
    # File lib/puppet/type/package.rb
625 def present?(current_values)
626   super && current_values[:ensure] != :purged
627 end
property_matches?(current, desired) click to toggle source
Calls superclass method
   # File lib/puppet/type/file/checksum_value.rb
24 def property_matches?(current, desired)
25   return true if super(current, desired)
26   return date_matches?(resource.parameter(:checksum).value, current, desired)
27 end
read_file_from_filebucket() click to toggle source
    # File lib/puppet/type/file/content.rb
166 def read_file_from_filebucket
167   dipper = resource.bucket
168   raise "Could not get filebucket from file" unless dipper
169   sum = should.sub(/\{\w+\}/, '')
170 
171   dipper.getfile(sum)
172 rescue => detail
173   self.fail Puppet::Error, "Could not retrieve content for #{should} from filebucket: #{detail}", detail
174 end
refresh() click to toggle source

Run the command, or optionally run a separately-specified command.

    # File lib/puppet/type/exec.rb
665 def refresh
666   if self.check_all_attributes(true)
667     cmd = self[:refresh]
668     if cmd
669       provider.run(cmd)
670     else
671       self.property(:returns).sync
672     end
673   end
674 end
retrieve() click to toggle source

First verify that all of our checks pass.

    # File lib/puppet/type/exec.rb
125 def retrieve
126   # We need to return :notrun to trigger evaluation; when that isn't
127   # true, we *LIE* about what happened and return a "success" for the
128   # value, which causes us to be treated as in_sync?, which means we
129   # don't actually execute anything.  I think. --daniel 2011-03-10
130   if @resource.check_all_attributes
131     return :notrun
132   else
133     return self.should
134   end
135 end
scheme() click to toggle source
    # File lib/puppet/type/file/source.rb
246 def scheme
247   (uri and uri.scheme)
248 end
server() click to toggle source
    # File lib/puppet/type/file/source.rb
223 def server
224   server? ? uri.host : Puppet.settings[:server]
225 end
server?() click to toggle source
    # File lib/puppet/type/file/source.rb
219 def server?
220    uri && uri.host && !uri.host.empty?
221 end
set_sensitive_parameters(sensitive_parameters) click to toggle source
Calls superclass method
    # File lib/puppet/type/exec.rb
681 def set_sensitive_parameters(sensitive_parameters)
682   # If any are sensitive, mark all as sensitive
683   sensitive = false
684   parameters_to_check = [:command, :unless, :onlyif]
685 
686   parameters_to_check.each do |p|
687     if sensitive_parameters.include?(p)
688       sensitive_parameters.delete(p)
689       sensitive = true
690     end
691   end
692 
693   if sensitive
694     parameters_to_check.each do |p|
695       if parameters.include?(p)
696         parameter(p).sensitive = true
697       end
698     end
699   end
700 
701   super(sensitive_parameters)
702 end
should() click to toggle source
    # File lib/puppet/type/package.rb
690 def should
691   @should[0] if @should && @should.is_a?(Array) && @should.size == 1
692 end
should=(value) click to toggle source

Make sure we're also managing the checksum property.

Calls superclass method
    # File lib/puppet/type/file/content.rb
127 def should=(value)
128   # treat the value as a bytestring
129   value = value.b if value.is_a?(String)
130   @resource.newattr(:checksum) unless @resource.parameter(:checksum)
131   super
132 end
should_to_s(newvalue) click to toggle source
Calls superclass method
   # File lib/puppet/type/file/group.rb
37 def should_to_s(newvalue)
38   super(provider.gid2name(newvalue) || newvalue)
39 end
sync() click to toggle source

Actually execute the command.

    # File lib/puppet/type/exec.rb
138 def sync
139   event = :executed_command
140   tries = self.resource[:tries]
141   try_sleep = self.resource[:try_sleep]
142 
143   begin
144     tries.times do |try|
145       # Only add debug messages for tries > 1 to reduce log spam.
146       debug("Exec try #{try+1}/#{tries}") if tries > 1
147       @output, @status = provider.run(self.resource[:command])
148       break if self.should.include?(@status.exitstatus.to_s)
149       if try_sleep > 0 and tries > 1
150         debug("Sleeping for #{try_sleep} seconds between tries")
151         sleep try_sleep
152       end
153     end
154   rescue Timeout::Error
155     self.fail Puppet::Error, _("Command exceeded timeout"), $!
156   end
157 
158   log = @resource[:logoutput]
159   if log
160     case log
161     when :true
162       log = @resource[:loglevel]
163     when :on_failure
164       unless self.should.include?(@status.exitstatus.to_s)
165         log = @resource[:loglevel]
166       else
167         log = :false
168       end
169     end
170     unless log == :false
171       if @resource.parameter(:command).sensitive
172         self.send(log, "[output redacted]")
173       else
174         @output.split(/\n/).each { |line|
175           self.send(log, line)
176         }
177       end
178     end
179   end
180 
181   unless self.should.include?(@status.exitstatus.to_s)
182     if @resource.parameter(:command).sensitive
183       # Don't print sensitive commands in the clear
184       self.fail(_("[command redacted] returned %{status} instead of one of [%{expected}]") % { status: @status.exitstatus, expected: self.should.join(",") })
185     else
186       self.fail(_("'%{cmd}' returned %{status} instead of one of [%{expected}]") % { cmd: self.resource[:command], status: @status.exitstatus, expected: self.should.join(",") })
187     end
188   end
189 
190   event
191 end
unknown_keys_in_file(keyfile) click to toggle source

Parse an ssh authorized keys file superficially, extract the comments on the keys. These are considered names of possible ssh_authorized_keys resources. Keys that are managed by the present catalog are ignored.

@see generate @api private @return [Array<Puppet::Type::Ssh_authorized_key] a list of resources

representing the found keys
    # File lib/puppet/type/user.rb
824 def unknown_keys_in_file(keyfile)
825   # The ssh_authorized_key type is distributed as a module on the Forge,
826   # so we shouldn't rely on it being available.
827   return [] unless Puppet::Type.type(:ssh_authorized_key)
828 
829   names = []
830   name_index = 0
831   # RFC 4716 specifies UTF-8 allowed in public key files per https://www.ietf.org/rfc/rfc4716.txt
832   # the authorized_keys file may contain UTF-8 comments
833   Puppet::FileSystem.open(keyfile, nil, 'r:UTF-8').each do |line|
834     next unless line =~ Puppet::Type.type(:ssh_authorized_key).keyline_regex
835     # the name is stored in the 4th capture of the regex
836     name = $4
837     if name.empty?
838       $3.delete("\n")
839       # If no comment is specified for this key, generate a unique internal
840       # name. This uses the same rules as
841       # provider/ssh_authorized_key/parsed (PUP-3357)
842       name = "#{keyfile}:unnamed-#{name_index += 1}"
843     end
844     names << name
845     Puppet.debug "#{self.ref} parsed for purging Ssh_authorized_key[#{name}]"
846   end
847 
848   names.map { |keyname|
849     Puppet::Type.type(:ssh_authorized_key).new(
850       :name => keyname,
851       :target => keyfile)
852   }.reject { |res|
853     catalog.resource_refs.include? res.ref
854   }
855 end
uri() click to toggle source
    # File lib/puppet/type/file/source.rb
231 def uri
232   @uri ||= URI.parse(Puppet::Util.uri_encode(metadata.source))
233 end
value=(*values) click to toggle source

Support both arrays and colon-separated fields.

    # File lib/puppet/type/exec.rb
219 def value=(*values)
220   @value = values.flatten.collect { |val|
221     val.split(File::PATH_SEPARATOR)
222   }.flatten
223 end
weekday_integer?(value) click to toggle source
    # File lib/puppet/type/schedule.rb
340 def weekday_integer?(value)
341   value.is_a?(Integer) && (0..6).cover?(value)
342 end
weekday_match?(day) click to toggle source
    # File lib/puppet/type/schedule.rb
142 def weekday_match?(day)
143   if @resource[:weekday]
144     @resource[:weekday].has_key?(day)
145   else
146     true
147   end
148 end
weekday_string?(value) click to toggle source
    # File lib/puppet/type/schedule.rb
344 def weekday_string?(value)
345   value.is_a?(String) && (value =~ /^[0-6]$/ || value =~ /^(Mon|Tues?|Wed(?:nes)?|Thu(?:rs)?|Fri|Sat(?:ur)?|Sun)(day)?$/i)
346 end
write(file) click to toggle source
    # File lib/puppet/type/file/content.rb
139 def write(file)
140   resource.parameter(:checksum).sum_stream { |sum|
141     each_chunk_from { |chunk|
142       sum << chunk
143       file.print chunk
144     }
145   }
146 end