diff --git a/lib/puppet/agent.rb b/lib/puppet/agent.rb index a16b75688..6b254c0cd 100644 --- a/lib/puppet/agent.rb +++ b/lib/puppet/agent.rb @@ -1,114 +1,112 @@ require 'sync' require 'puppet/external/event-loop' require 'puppet/application' # A general class for triggering a run of another # class. class Puppet::Agent require 'puppet/agent/locker' include Puppet::Agent::Locker - require 'puppet/agent/disabler' - include Puppet::Agent::Disabler - attr_reader :client_class, :client, :splayed # Just so we can specify that we are "the" instance. def initialize(client_class) @splayed = false @client_class = client_class end def lockfile_path client_class.lockfile_path end def needing_restart? Puppet::Application.restart_requested? end # Perform a run with our client. def run(*args) if running? Puppet.notice "Run of #{client_class} already in progress; skipping" return end if disabled? - Puppet.notice "Skipping run of #{client_class}; administratively disabled: #{disable_message}" + Puppet.notice "Skipping run of #{client_class}; administratively disabled; use 'puppet #{client_class} --enable' to re-enable." return end + result = nil block_run = Puppet::Application.controlled_run do splay with_client do |client| begin sync.synchronize { lock { result = client.run(*args) } } rescue SystemExit,NoMemoryError raise rescue Exception => detail puts detail.backtrace if Puppet[:trace] Puppet.err "Could not run #{client_class}: #{detail}" end end true end Puppet.notice "Shutdown/restart in progress (#{Puppet::Application.run_status.inspect}); skipping run" unless block_run result end def stopping? Puppet::Application.stop_requested? end # Have we splayed already? def splayed? splayed end # Sleep when splay is enabled; else just return. def splay return unless Puppet[:splay] return if splayed? time = rand(Integer(Puppet[:splaylimit]) + 1) Puppet.info "Sleeping for #{time} seconds (splay is enabled)" sleep(time) @splayed = true end # Start listening for events. We're pretty much just listening for # timer events here. def start # Create our timer. Puppet will handle observing it and such. timer = EventLoop::Timer.new(:interval => Puppet[:runinterval], :tolerance => 1, :start? => true) do run end # Run once before we start following the timer timer.sound_alarm end def sync @sync ||= Sync.new end private # Create and yield a client instance, keeping a reference # to it during the yield. def with_client begin @client = client_class.new rescue SystemExit,NoMemoryError raise rescue Exception => detail puts detail.backtrace if Puppet[:trace] Puppet.err "Could not create instance of #{client_class}: #{detail}" return end yield @client ensure @client = nil end end diff --git a/lib/puppet/agent/disabler.rb b/lib/puppet/agent/disabler.rb deleted file mode 100644 index a8b2d0fa2..000000000 --- a/lib/puppet/agent/disabler.rb +++ /dev/null @@ -1,101 +0,0 @@ -require 'puppet/util/anonymous_filelock' - -# -# A module that can be mixed in to provide enable/disable support for the agent. -# It would be nice if this module completely encapsulated the details of this -# process; however, it unfortunately relies on the existence of a "lockfile_path" method -# on the class it's being mixed in to. -# -module Puppet::Agent::Disabler - # Let the daemon run again, freely in the filesystem. - def enable - disable_lockfile.unlock - - # This is here for backwards compatibility with versions prior to 2.7.10 - # (see ticket #12844 and comments in the method itself). - handle_old_lockfile - end - - - # Stop the daemon from making any catalog runs. - def disable(msg='') - disable_lockfile.lock(msg) - end - - def disable_lockfile - @disable_lockfile ||= Puppet::Util::AnonymousFilelock.new(lockfile_path+".disabled") - - @disable_lockfile - end - - def disabled? - disable_lockfile.locked? - end - - def disable_message - disable_lockfile.message - end - - - - # - # This method is here for backwards compatibility (see ticket #12844). - # - # In puppet versions prior to 2.7.10, there was a single lock file (puppetdlock) that - # the agent used for two different purposes: - # - # 1. If the file exists and contains a pid, then ostensibly there is an agent process - # currently running on the system. - # 2. If the file exists but is empty, then it was most likely generated by a call to - # "puppet agent --disable", which is the means for administratively disabling the - # agent until further notice. - # - # In puppet 2.7.10, the code was improved to be a little more explicit about this - # distinction; the "--disable/--enable" operations were changed to use a distinct - # lock file (puppetdlock.disabled), to reduce ambiguity relating to the existence - # of the file. - # - # However, it is possible that a user ran "--disable" with an older version of puppet, - # and then upgraded. Therefore we need to try to detect the lock file by the old name. - # If we find it, we need to see if we can tell why it's there, delete it if possible, - # and print a warning. - # - # (cprice 2012-02-28) - # - def handle_old_lockfile - old_disable_lockfile_path = lockfile_path - - begin - contents = File.read(old_disable_lockfile_path) - rescue Errno::ENOENT => err - # The lock file must not exist, so we don't need to do anything - else - case contents - when /^$/ - # The file is empty. This almost certainly means that it was created by an old version of puppet, via - # puppet agent --disable, so we'll warn and delete it. - Puppet.warning("Found an agent lock file at path '#{old_disable_lockfile_path}'. " + - "It appears that this lock file was generated by a previous version of puppet, via a call " + - "to 'puppet agent --disable'. Deleting the empty file so that agents will be enabled.") - File.unlink(old_disable_lockfile_path) - when /^\d{3,10}$/ - # The file appears to contain a pid. This indicates that puppet believes an agent is currently running - # in another process. We'll respect that, but issue a warning just in case something else has happened, - # so that at least the user knows why "--enable" isn't necessarily guaranteed to actually enable the agent. - Puppet.warning("Found an agent lock file at path '#{old_disable_lockfile_path}'. It appears that a puppet " + - "agent process is already running (pid #{contents}). If this is not the case, please remove or rename " + - "the file in order to enable a new agent run.") - else - # The file exists, and it's not empty... but it does not appear to contain just a pid. In other words, - # we have no idea what's going on. So we'll just print a warning. - Puppet.warning("Found an agent lock file at path '#{old_disable_lockfile_path}'; unable to determine " + - "whether an existing agent is running or not. If not, please remove or rename the file in order to " + - "enable a new agent run.") - end - end - - end - private :handle_old_lockfile - - -end diff --git a/lib/puppet/agent/locker.rb b/lib/puppet/agent/locker.rb index d41b12547..6d9a00bdc 100644 --- a/lib/puppet/agent/locker.rb +++ b/lib/puppet/agent/locker.rb @@ -1,30 +1,44 @@ require 'puppet/util/pidlock' # Break out the code related to locking the agent. This module is just # included into the agent, but having it here makes it easier to test. module Puppet::Agent::Locker + # Let the daemon run again, freely in the filesystem. + def enable + lockfile.unlock(:anonymous => true) + end + + # Stop the daemon from making any catalog runs. + def disable + lockfile.lock(:anonymous => true) + end + # Yield if we get a lock, else do nothing. Return # true/false depending on whether we get the lock. def lock if lockfile.lock begin yield ensure lockfile.unlock end return true else return false end end def lockfile @lockfile ||= Puppet::Util::Pidlock.new(lockfile_path) @lockfile end def running? - lockfile.locked? + lockfile.locked? and !lockfile.anonymous? + end + + def disabled? + lockfile.locked? and lockfile.anonymous? end end diff --git a/lib/puppet/application/agent.rb b/lib/puppet/application/agent.rb index 001342e65..eab02d0f6 100644 --- a/lib/puppet/application/agent.rb +++ b/lib/puppet/application/agent.rb @@ -1,495 +1,487 @@ require 'puppet/application' class Puppet::Application::Agent < Puppet::Application should_parse_config run_mode :agent attr_accessor :args, :agent, :daemon, :host def preinit # Do an initial trap, so that cancels don't get a stack trace. Signal.trap(:INT) do $stderr.puts "Cancelling startup" exit(0) end { :waitforcert => nil, :detailed_exitcodes => false, :verbose => false, :debug => false, :centrallogs => false, :setdest => false, :enable => false, :disable => false, :client => true, :fqdn => nil, :serve => [], :digest => :MD5, :graph => true, :fingerprint => false, }.each do |opt,val| options[opt] = val end @args = {} require 'puppet/daemon' @daemon = Puppet::Daemon.new @daemon.argv = ARGV.dup end option("--centrallogging") - - option("--disable [MESSAGE]") do |message| - options[:disable] = true - options[:disable_message] = message - end - + option("--disable") option("--enable") option("--debug","-d") option("--fqdn FQDN","-f") option("--test","-t") option("--verbose","-v") option("--fingerprint") option("--digest DIGEST") option("--serve HANDLER", "-s") do |arg| if Puppet::Network::Handler.handler(arg) options[:serve] << arg.to_sym else raise "Could not find handler for #{arg}" end end option("--no-client") do |arg| options[:client] = false end option("--detailed-exitcodes") do |arg| options[:detailed_exitcodes] = true end option("--logdest DEST", "-l DEST") do |arg| begin Puppet::Util::Log.newdestination(arg) options[:setdest] = true rescue => detail puts detail.backtrace if Puppet[:debug] $stderr.puts detail.to_s end end option("--waitforcert WAITFORCERT", "-w") do |arg| options[:waitforcert] = arg.to_i end option("--port PORT","-p") do |arg| @args[:Port] = arg end def help <<-HELP puppet-agent(8) -- The puppet agent daemon ======== SYNOPSIS -------- Retrieves the client configuration from the puppet master and applies it to the local host. This service may be run as a daemon, run periodically using cron (or something similar), or run interactively for testing purposes. USAGE ----- puppet agent [--certname ] [-D|--daemonize|--no-daemonize] - [-d|--debug] [--detailed-exitcodes] [--digest ] [--disable [message]] [--enable] + [-d|--debug] [--detailed-exitcodes] [--digest ] [--disable] [--enable] [--fingerprint] [-h|--help] [-l|--logdest syslog||console] [--no-client] [--noop] [-o|--onetime] [--serve ] [-t|--test] [-v|--verbose] [-V|--version] [-w|--waitforcert ] DESCRIPTION ----------- This is the main puppet client. Its job is to retrieve the local machine's configuration from a remote server and apply it. In order to successfully communicate with the remote server, the client must have a certificate signed by a certificate authority that the server trusts; the recommended method for this, at the moment, is to run a certificate authority as part of the puppet server (which is the default). The client will connect and request a signed certificate, and will continue connecting until it receives one. Once the client has a signed certificate, it will retrieve its configuration and apply it. USAGE NOTES ----------- 'puppet agent' does its best to find a compromise between interactive use and daemon use. Run with no arguments and no configuration, it will go into the background, attempt to get a signed certificate, and retrieve and apply its configuration every 30 minutes. Some flags are meant specifically for interactive use -- in particular, 'test', 'tags' or 'fingerprint' are useful. 'test' enables verbose logging, causes the daemon to stay in the foreground, exits if the server's configuration is invalid (this happens if, for instance, you've left a syntax error on the server), and exits after running the configuration once (rather than hanging around as a long-running process). 'tags' allows you to specify what portions of a configuration you want to apply. Puppet elements are tagged with all of the class or definition names that contain them, and you can use the 'tags' flag to specify one of these names, causing only configuration elements contained within that class or definition to be applied. This is very useful when you are testing new configurations -- for instance, if you are just starting to manage 'ntpd', you would put all of the new elements into an 'ntpd' class, and call puppet with '--tags ntpd', which would only apply that small portion of the configuration during your testing, rather than applying the whole thing. 'fingerprint' is a one-time flag. In this mode 'puppet agent' will run once and display on the console (and in the log) the current certificate (or certificate request) fingerprint. Providing the '--digest' option allows to use a different digest algorithm to generate the fingerprint. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man-in-the-middle attacks when signing certificates). OPTIONS ------- Note that any configuration parameter that's valid in the configuration file is also a valid long argument. For example, 'server' is a valid configuration parameter, so you can specify '--server ' as an argument. See the configuration file documentation at http://docs.puppetlabs.com/references/stable/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet agent with '--genconfig'. * --certname: Set the certname (unique ID) of the client. The master reads this unique identifying string, which is usually set to the node's fully-qualified domain name, to determine which configurations the node will receive. Use this option to debug setup problems or implement unusual node identification schemes. * --daemonize: Send the process into the background. This is the default. * --no-daemonize: Do not send the process into the background. * --debug: Enable full debugging. * --detailed-exitcodes: Provide transaction information via exit codes. If this is enabled, an exit code of '2' means there were changes, an exit code of '4' means there were failures during the transaction, and an exit code of '6' means there were both changes and failures. * --digest: Change the certificate fingerprinting digest algorithm. The default is MD5. Valid values depends on the version of OpenSSL installed, but should always at least contain MD5, MD2, SHA1 and SHA256. * --disable: Disable working on the local system. This puts a lock file in place, causing 'puppet agent' not to work on the system until the lock file is removed. This is useful if you are testing a configuration and do not want the central configuration to override the local state until everything is tested and committed. - Disable can also take an optional message that will be reported by the - 'puppet agent' at the next disabled run. - 'puppet agent' uses the same lock file while it is running, so no more than one 'puppet agent' process is working at a time. 'puppet agent' exits after executing this. * --enable: Enable working on the local system. This removes any lock file, causing 'puppet agent' to start managing the local system again (although it will continue to use its normal scheduling, so it might not start for another half hour). 'puppet agent' exits after executing this. * --fingerprint: Display the current certificate or certificate signing request fingerprint and then exit. Use the '--digest' option to change the digest algorithm used. * --help: Print this help message * --logdest: Where to send messages. Choose between syslog, the console, and a log file. Defaults to sending messages to syslog, or the console if debugging or verbosity is enabled. * --no-client: Do not create a config client. This will cause the daemon to run without ever checking for its configuration automatically, and only makes sense when puppet agent is being run with listen = true in puppet.conf or was started with the `--listen` option. * --noop: Use 'noop' mode where the daemon runs in a no-op or dry-run mode. This is useful for seeing what changes Puppet will make without actually executing the changes. * --onetime: Run the configuration once. Runs a single (normally daemonized) Puppet run. Useful for interactively running puppet agent when used in conjunction with the --no-daemonize option. * --serve: Start another type of server. By default, 'puppet agent' will start a service handler that allows authenticated and authorized remote nodes to trigger the configuration to be pulled down and applied. You can specify any handler here that does not require configuration, e.g., filebucket, ca, or resource. The handlers are in 'lib/puppet/network/handler', and the names must match exactly, both in the call to 'serve' and in 'namespaceauth.conf'. * --test: Enable the most common options used for testing. These are 'onetime', 'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure', 'detailed-exit-codes', 'no-splay', and 'show_diff'. * --verbose: Turn on verbose reporting. * --version: Print the puppet version number and exit. * --waitforcert: This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes 'puppet agent' to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0. EXAMPLE ------- $ puppet agent --server puppet.domain.com DIAGNOSTICS ----------- Puppet agent accepts the following signals: * SIGHUP: Restart the puppet agent daemon. * SIGINT and SIGTERM: Shut down the puppet agent daemon. * SIGUSR1: Immediately retrieve and apply configurations from the puppet master. AUTHOR ------ Luke Kanies COPYRIGHT --------- Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License HELP end def run_command return fingerprint if options[:fingerprint] return onetime if Puppet[:onetime] main end def fingerprint unless cert = host.certificate || host.certificate_request $stderr.puts "Fingerprint asked but no certificate nor certificate request have yet been issued" exit(1) return end unless fingerprint = cert.fingerprint(options[:digest]) raise ArgumentError, "Could not get fingerprint for digest '#{options[:digest]}'" end puts fingerprint end def onetime unless options[:client] $stderr.puts "onetime is specified but there is no client" exit(43) return end @daemon.set_signal_traps begin report = @agent.run rescue => detail puts detail.backtrace if Puppet[:trace] Puppet.err detail.to_s end @daemon.stop(:exit => false) if not report exit(1) elsif options[:detailed_exitcodes] then exit(report.exit_status) else exit(0) end end def main Puppet.notice "Starting Puppet client version #{Puppet.version}" @daemon.start end # Enable all of the most common test options. def setup_test Puppet.settings.handlearg("--ignorecache") Puppet.settings.handlearg("--no-usecacheonfailure") Puppet.settings.handlearg("--no-splay") Puppet.settings.handlearg("--show_diff") Puppet.settings.handlearg("--no-daemonize") options[:verbose] = true Puppet[:onetime] = true options[:detailed_exitcodes] = true end def enable_disable_client(agent) if options[:enable] agent.enable elsif options[:disable] - agent.disable(options[:disable_message] || 'reason not specified') + agent.disable end exit(0) end def setup_listen unless FileTest.exists?(Puppet[:rest_authconfig]) Puppet.err "Will not start without authorization file #{Puppet[:rest_authconfig]}" exit(14) end handlers = nil if options[:serve].empty? handlers = [:Runner] else handlers = options[:serve] end require 'puppet/network/server' # No REST handlers yet. server = Puppet::Network::Server.new(:xmlrpc_handlers => handlers, :port => Puppet[:puppetport]) @daemon.server = server end def setup_host @host = Puppet::SSL::Host.new waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : 120) cert = @host.wait_for_cert(waitforcert) unless options[:fingerprint] end def setup_agent # We need tomake the client either way, we just don't start it # if --no-client is set. require 'puppet/agent' require 'puppet/configurer' @agent = Puppet::Agent.new(Puppet::Configurer) enable_disable_client(@agent) if options[:enable] or options[:disable] @daemon.agent = agent if options[:client] # It'd be nice to daemonize later, but we have to daemonize before the # waitforcert happens. @daemon.daemonize if Puppet[:daemonize] setup_host @objects = [] # This has to go after the certs are dealt with. if Puppet[:listen] unless Puppet[:onetime] setup_listen else Puppet.notice "Ignoring --listen on onetime run" end end end def setup setup_test if options[:test] setup_logs exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs? args[:Server] = Puppet[:server] if options[:fqdn] args[:FQDN] = options[:fqdn] Puppet[:certname] = options[:fqdn] end if options[:centrallogs] logdest = args[:Server] logdest += ":" + args[:Port] if args.include?(:Port) Puppet::Util::Log.newdestination(logdest) end Puppet.settings.use :main, :agent, :ssl # Always ignoreimport for agent. It really shouldn't even try to import, # but this is just a temporary band-aid. Puppet[:ignoreimport] = true # We need to specify a ca location for all of the SSL-related i # indirected classes to work; in fingerprint mode we just need # access to the local files and we don't need a ca. Puppet::SSL::Host.ca_location = options[:fingerprint] ? :none : :remote Puppet::Transaction::Report.indirection.terminus_class = :rest # we want the last report to be persisted locally Puppet::Transaction::Report.indirection.cache_class = :yaml # Override the default; puppetd needs this, usually. # You can still override this on the command-line with, e.g., :compiler. Puppet[:catalog_terminus] = :rest # Override the default. Puppet[:facts_terminus] = :facter Puppet::Resource::Catalog.indirection.cache_class = :yaml unless options[:fingerprint] setup_agent else setup_host end end end diff --git a/lib/puppet/util/anonymous_filelock.rb b/lib/puppet/util/anonymous_filelock.rb deleted file mode 100644 index ff09c5d12..000000000 --- a/lib/puppet/util/anonymous_filelock.rb +++ /dev/null @@ -1,36 +0,0 @@ - -class Puppet::Util::AnonymousFilelock - attr_reader :lockfile - - def initialize(lockfile) - @lockfile = lockfile - end - - def anonymous? - true - end - - def lock(msg = '') - return false if locked? - - File.open(@lockfile, 'w') { |fd| fd.print(msg) } - true - end - - def unlock - if locked? - File.unlink(@lockfile) - true - else - false - end - end - - def locked? - File.exists? @lockfile - end - - def message - return File.read(@lockfile) if locked? - end -end \ No newline at end of file diff --git a/lib/puppet/util/pidlock.rb b/lib/puppet/util/pidlock.rb index 9eb1bd26c..a0fe99e89 100644 --- a/lib/puppet/util/pidlock.rb +++ b/lib/puppet/util/pidlock.rb @@ -1,68 +1,117 @@ require 'fileutils' -require 'puppet/util/anonymous_filelock' -class Puppet::Util::Pidlock < Puppet::Util::AnonymousFilelock +class Puppet::Util::Pidlock + attr_reader :lockfile + + def initialize(lockfile) + @lockfile = lockfile + end def locked? clear_if_stale + return true if File.exists? @lockfile + + # HACK! There was a temporary change to the lockfile behavior introduced in 2.7.10 and 2.7.11, and reverted + # in 2.7.12. We need to pull some chicanery to be backwards-compatible with those versions. For more info, + # see the comments on the method... and this hack should be removed for the 3.x series. + handle_2_7_10_disabled_lockfile File.exists? @lockfile end def mine? Process.pid == lock_pid end def anonymous? - false + return false unless File.exists?(@lockfile) + File.read(@lockfile) == "" end - def lock - return mine? if locked? + def lock(opts = {}) + opts = {:anonymous => false}.merge(opts) - File.open(@lockfile, "w") { |fd| fd.write(Process.pid) } - true + if locked? + mine? + else + if opts[:anonymous] + File.open(@lockfile, 'w') { |fd| true } + else + File.open(@lockfile, "w") { |fd| fd.write(Process.pid) } + end + true + end end def unlock(opts = {}) - if mine? - begin - File.unlink(@lockfile) - rescue Errno::ENOENT - # Someone deleted it for us ...and so we do nothing. No point whining - # about a problem that the user can't actually do anything about. - rescue SystemCallError => e - # This one is a real failure though. No idea what went wrong, but it - # is most likely "read only file(system)" or wrong permissions or - # something like that. - Puppet.err "Could not remove PID file #{@lockfile}: #{e}" - puts e.backtrace if Puppet[:trace] - end + return false unless locked? + + opts = {:anonymous => false}.merge(opts) + + if mine? or (opts[:anonymous] and anonymous?) + File.unlink(@lockfile) true else false end end + private def lock_pid if File.exists? @lockfile File.read(@lockfile).to_i else nil end end - private def clear_if_stale return if lock_pid.nil? errors = [Errno::ESRCH] # Process::Error can only happen, and is only defined, on Windows errors << Process::Error if defined? Process::Error begin Process.kill(0, lock_pid) rescue *errors File.unlink(@lockfile) end end + + + ###################################################################################### + # Backwards compatibility hack + ###################################################################################### + # A change to lockfile behavior was introduced in 2.7.10 and 2.7.11; basically, + # instead of using a single lockfile to indicate both administrative disabling of + # the agent *and* the case where an agent run is already in progress, we started using + # two separate lockfiles: the 'normal' one for the "run in progress" case, and a + # separate one with a ".disabled" extension to indicate administrative disabling. + # + # This was determined to cause incompatibilities with mcollective, so the behavior + # was reverted for 2.7.12. Unfortunately this leaves the possibility that someone + # may have run "agent --disable" to administratively disable a 2.7.10 or 2.7.11 + # agent, and then upgraded to a newer version. This method exists only to + # provide backwards compatibility. Basically, it just recognizes the 2.7.10/2.7.11 + # ".disabled" lock file, warns, and cleans it up. + # + # This should be removed for the 3.x series. + # + # For more information, please see tickets #12844, #3757, #4836, and #11057 + # + # -- cprice 2012-03-01 + # + def handle_2_7_10_disabled_lockfile + disabled_lockfile_path = @lockfile + ".disabled" + if (File.exists?(disabled_lockfile_path)) + Puppet.warning("Found special lockfile '#{disabled_lockfile_path}'; this file was " + + "generated by a call to 'puppet agent --disable' in puppet 2.7.10 or 2.7.11. " + + "The expected lockfile path is '#{@lockfile}'; renaming the lock file.") + File.rename(disabled_lockfile_path, @lockfile) + end + end + private :handle_2_7_10_disabled_lockfile + ###################################################################################### + # End backwards compatibility hack + ###################################################################################### end diff --git a/spec/unit/agent/disabler_spec.rb b/spec/unit/agent/disabler_spec.rb deleted file mode 100644 index b6958e20a..000000000 --- a/spec/unit/agent/disabler_spec.rb +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env rspec -require 'spec_helper' -require 'puppet/agent' -require 'puppet/agent/locker' - -class LockerTester - include Puppet::Agent::Disabler -end - -describe Puppet::Agent::Disabler do - before(:all) do - @lockdir = Dir.mktmpdir("disabler_spec_tmpdir") - @lockfile = File.join(@lockdir, "lock") - end - - after(:all) do - FileUtils.rm_rf(@lockdir) - end - - before(:each) do - @locker = LockerTester.new - @locker.stubs(:lockfile_path).returns @lockfile - end - - it "should use an AnonymousFilelock instance as its disable_lockfile" do - @locker.disable_lockfile.should be_instance_of(Puppet::Util::AnonymousFilelock) - end - - it "should use 'lockfile_path' to determine its disable_lockfile path" do - @locker.expects(:lockfile_path).returns @lockfile - lock = Puppet::Util::AnonymousFilelock.new(@lockfile) - Puppet::Util::AnonymousFilelock.expects(:new).with(@lockfile + ".disabled").returns lock - - @locker.disable_lockfile - end - - it "should reuse the same lock file each time" do - @locker.disable_lockfile.should equal(@locker.disable_lockfile) - end - - it "should lock the anonymous lock when disabled" do - @locker.disable_lockfile.expects(:lock) - - @locker.disable - end - - it "should disable with a message" do - @locker.disable_lockfile.expects(:lock).with("disabled because") - - @locker.disable("disabled because") - end - - it "should unlock the anonymous lock when enabled" do - @locker.disable_lockfile.expects(:unlock) - - @locker.enable - end - - it "should check the lock if it is disabled" do - @locker.disable_lockfile.expects(:locked?) - - @locker.disabled? - end - - it "should report the disable message when disabled" do - @locker.disable_lockfile.expects(:message).returns("message") - @locker.disable_message.should == "message" - end - - describe "when enabling" do - - # this is for backwards compatibility with puppet versions prior to 2.7.10. - # for more detailed information, see the comments in the "#check_for_old_lockfile" method, - # in disabler.rb --cprice 2012-02-28 - describe "when a lockfile with the old filename already exists" do - let(:warning_prefix) { "Found an agent lock file at path '#{@lockfile}'" } - - after(:each) do - File.delete(@lockfile) if File.exists?(@lockfile) - end - - describe "when the lockfile is empty" do - before (:each) do - FileUtils.touch(@lockfile) - end - - it "should assume it was created by --disable in an old version of puppet, print a warning, and remove it" do - Puppet.expects(:warning).with { |msg| msg =~ /^#{warning_prefix}.*Deleting the empty file/ } - - @locker.enable - - File.exists?(@lockfile).should == false - end - end - - describe "when the lockfile contains a pid" do - before (:each) do - File.open(@lockfile, "w") { |f| f.print(12345) } - end - - it "should assume that there may be a running agent process, and print a warning" do - Puppet.expects(:warning).with { |msg| msg =~ /^#{warning_prefix}.*appears that a puppet agent process is already running/ } - - @locker.enable - - File.exists?(@lockfile).should == true - end - end - - describe "when the lockfile contains something other than a pid" do - before (:each) do - File.open(@lockfile, "w") { |f| f.print("Foo\nbar\n\baz") } - end - - it "should admit that it doesn't know what's going on, and print a warning" do - Puppet.expects(:warning).with { |msg| msg =~ /^#{warning_prefix}.*unable to determine whether an existing agent is running or not/ } - - @locker.enable - - File.exists?(@lockfile).should == true - end - end - end - - end -end diff --git a/spec/unit/agent/locker_spec.rb b/spec/unit/agent/locker_spec.rb index 9b530c0d8..341859e3b 100755 --- a/spec/unit/agent/locker_spec.rb +++ b/spec/unit/agent/locker_spec.rb @@ -1,87 +1,99 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' require 'puppet/agent/locker' class LockerTester include Puppet::Agent::Locker end describe Puppet::Agent::Locker do before do @locker = LockerTester.new @locker.stubs(:lockfile_path).returns "/my/lock" end it "should use a Pidlock instance as its lockfile" do @locker.lockfile.should be_instance_of(Puppet::Util::Pidlock) end it "should use 'lockfile_path' to determine its lockfile path" do @locker.expects(:lockfile_path).returns "/my/lock" lock = Puppet::Util::Pidlock.new("/my/lock") Puppet::Util::Pidlock.expects(:new).with("/my/lock").returns lock @locker.lockfile end it "should reuse the same lock file each time" do @locker.lockfile.should equal(@locker.lockfile) end + it "should use the lock file to anonymously lock the process when disabled" do + @locker.lockfile.expects(:lock).with(:anonymous => true) + + @locker.disable + end + + it "should use the lock file to anonymously unlock the process when enabled" do + @locker.lockfile.expects(:unlock).with(:anonymous => true) + + @locker.enable + end + it "should have a method that yields when a lock is attained" do @locker.lockfile.expects(:lock).returns true yielded = false @locker.lock do yielded = true end yielded.should be_true end it "should return true when the lock method successfully locked" do @locker.lockfile.expects(:lock).returns true @locker.lock {}.should be_true end it "should return true when the lock method does not receive the lock" do @locker.lockfile.expects(:lock).returns false @locker.lock {}.should be_false end it "should not yield when the lock method does not receive the lock" do @locker.lockfile.expects(:lock).returns false yielded = false @locker.lock { yielded = true } yielded.should be_false end it "should not unlock when a lock was not received" do @locker.lockfile.expects(:lock).returns false @locker.lockfile.expects(:unlock).never @locker.lock {} end it "should unlock after yielding upon obtaining a lock" do @locker.lockfile.stubs(:lock).returns true @locker.lockfile.expects(:unlock) @locker.lock {} end it "should unlock after yielding upon obtaining a lock, even if the block throws an exception" do @locker.lockfile.stubs(:lock).returns true @locker.lockfile.expects(:unlock) lambda { @locker.lock { raise "foo" } }.should raise_error(RuntimeError) end it "should be considered running if the lockfile is locked" do @locker.lockfile.expects(:locked?).returns true @locker.should be_running end end diff --git a/spec/unit/agent_backward_compatibility_spec.rb b/spec/unit/agent_backward_compatibility_spec.rb new file mode 100644 index 000000000..4f2acfd01 --- /dev/null +++ b/spec/unit/agent_backward_compatibility_spec.rb @@ -0,0 +1,152 @@ +#!/usr/bin/env rspec +require 'spec_helper' +require 'puppet/agent' + + +############################################################################ +# NOTE # +############################################################################ +# # +# This entire spec is only here for backwards compatibility from 2.7.12+ # +# with 2.7.10 and 2.7.11. The entire file should be able to be removed # +# for the 3.x series. # +# # +# For more info, see the comments on the #handle_2_7_10_disabled_lockfile # +# method in pidlock.rb # +# # +# --cprice 2012-03-01 # +############################################################################ + +class AgentTestClient + def run + # no-op + end + def stop + # no-op + end +end + +describe Puppet::Agent do + include PuppetSpec::Files + + let(:agent) { Puppet::Agent.new(AgentTestClient) } + + describe "in order to be backwards-compatibility with versions 2.7.10 and 2.7.11" do + + describe "when the 2.7.10/2.7.11 'disabled' lockfile exists" do + + # the "normal" lockfile + let(:lockfile_path) { tmpfile("agent_spec_lockfile") } + + # the 2.7.10/2.7.11 "disabled" lockfile + # (can't use PuppetSpec::Files.tmpfile here because we need the ".disabled" file to have *exactly* the same + # path/name as the original file, plus the ".disabled" suffix.) + let(:disabled_lockfile_path) { lockfile_path + ".disabled" } + + # some regexes to match log messages + let(:warning_regex) { /^Found special lockfile '#{disabled_lockfile_path}'.*renaming/ } + let(:disabled_regex) { /^Skipping run of .*; administratively disabled/ } + + before(:each) do + # create the 2.7.10 "disable" lockfile. + FileUtils.touch(disabled_lockfile_path) + + # stub in our temp lockfile path. + AgentTestClient.expects(:lockfile_path).returns lockfile_path + end + + after(:each) do + # manually clean up the files that we didn't create via PuppetSpec::Files.tmpfile + begin + File.unlink(disabled_lockfile_path) + rescue Errno::ENOENT + # some of the tests expect for the agent code to take care of deleting this file, + # so it may (validly) not exist. + end + end + + describe "when the 'regular' lockfile also exists" do + # the logic here is that if a 'regular' lockfile already exists, then there is some state that the + # current version of puppet is responsible for dealing with. All of the tests in this block are + # simply here to make sure that our backwards-compatibility hack does *not* interfere with this. + # + # Even if the ".disabled" lockfile exists--it can be dealt with at another time, when puppet is + # in *exactly* the state that we want it to be in (mostly meaning that the 'regular' lockfile + # does not exist.) + + before(:each) do + # create the "regular" lockfile + FileUtils.touch(lockfile_path) + end + + it "should be recognized as 'disabled'" do + agent.should be_disabled + end + + it "should not try to start a new agent run" do + AgentTestClient.expects(:new).never + Puppet.expects(:notice).with(regexp_matches(disabled_regex)) + + agent.run + end + + it "should not delete the 2.7.10/2.7.11 lockfile" do + agent.run + + File.exists?(disabled_lockfile_path).should == true + end + + it "should not print the warning message" do + Puppet.expects(:warning).with(regexp_matches(warning_regex)).never + + agent.run + end + end + + describe "when the 'regular' lockfile does not exist" do + # this block of tests is for actually testing the backwards compatibility hack. This + # is where we're in a clean state and we know it's safe(r) to muck with the lockfile + # situation. + + it "should recognize that the agent is disabled" do + agent.should be_disabled + end + + describe "when an agent run is requested" do + it "should not try to start a new agent run" do + AgentTestClient.expects(:new).never + Puppet.expects(:notice).with(regexp_matches(disabled_regex)) + + agent.run + end + + it "should warn, remove the 2.7.10/2.7.11 lockfile, and create the 'normal' lockfile" do + Puppet.expects(:warning).with(regexp_matches(warning_regex)) + + agent.run + + File.exists?(disabled_lockfile_path).should == false + File.exists?(lockfile_path).should == true + end + end + + describe "when running --enable" do + it "should recognize that the agent is disabled" do + agent.should be_disabled + end + + it "should warn and clean up the 2.7.10/2.7.11 lockfile" do + Puppet.expects(:warning).with(regexp_matches(warning_regex)) + + agent.enable + + File.exists?(disabled_lockfile_path).should == false + File.exists?(lockfile_path).should == false + end + end + end + end + end + + +end diff --git a/spec/unit/agent_spec.rb b/spec/unit/agent_spec.rb index f5342f882..f24630eb9 100755 --- a/spec/unit/agent_spec.rb +++ b/spec/unit/agent_spec.rb @@ -1,295 +1,305 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' class AgentTestClient def run # no-op end def stop # no-op end end def without_warnings flag = $VERBOSE $VERBOSE = nil yield $VERBOSE = flag end describe Puppet::Agent do before do @agent = Puppet::Agent.new(AgentTestClient) # So we don't actually try to hit the filesystem. @agent.stubs(:lock).yields - @agent.stubs(:disabled?).returns(false) # make Puppet::Application safe for stubbing; restore in an :after block; silence warnings for this. without_warnings { Puppet::Application = Class.new(Puppet::Application) } Puppet::Application.stubs(:clear?).returns(true) Puppet::Application.class_eval do class << self def controlled_run(&block) block.call end end end end after do # restore Puppet::Application from stub-safe subclass, and silence warnings without_warnings { Puppet::Application = Puppet::Application.superclass } end it "should set its client class at initialization" do Puppet::Agent.new("foo").client_class.should == "foo" end it "should include the Locker module" do Puppet::Agent.ancestors.should be_include(Puppet::Agent::Locker) end it "should create an instance of its client class and run it when asked to run" do client = mock 'client' AgentTestClient.expects(:new).returns client client.expects(:run) @agent.stubs(:running?).returns false + @agent.stubs(:disabled?).returns false @agent.run end it "should determine its lock file path by asking the client class" do AgentTestClient.expects(:lockfile_path).returns "/my/lock" @agent.lockfile_path.should == "/my/lock" end - it "should be considered running if the lock file is locked" do + it "should be considered running if the lock file is locked and not anonymous" do lockfile = mock 'lockfile' - @agent.expects(:lockfile).returns lockfile + @agent.expects(:lockfile).returns(lockfile).twice lockfile.expects(:locked?).returns true + lockfile.expects(:anonymous?).returns false @agent.should be_running end + it "should be considered disabled if the lock file is locked and anonymous" do + lockfile = mock 'lockfile' + + @agent.expects(:lockfile).returns(lockfile).at_least_once + lockfile.expects(:locked?).returns(true).at_least_once + lockfile.expects(:anonymous?).returns(true).at_least_once + + @agent.should be_disabled + end + describe "when being run" do before do - AgentTestClient.stubs(:lockfile_path).returns "/my/lock" @agent.stubs(:running?).returns false + @agent.stubs(:disabled?).returns false end it "should splay" do @agent.expects(:splay) - @agent.stubs(:running?).returns false @agent.run end it "should do nothing if already running" do @agent.expects(:running?).returns true AgentTestClient.expects(:new).never @agent.run end - it "should do nothing if disabled" do - @agent.expects(:disabled?).returns(true) - AgentTestClient.expects(:new).never - @agent.run - end - it "(#11057) should notify the user about why a run is skipped" do Puppet::Application.stubs(:controlled_run).returns(false) Puppet::Application.stubs(:run_status).returns('MOCK_RUN_STATUS') # This is the actual test that we inform the user why the run is skipped. # We assume this information is contained in # Puppet::Application.run_status Puppet.expects(:notice).with(regexp_matches(/MOCK_RUN_STATUS/)) @agent.run end + it "should display an informative message if the agent is administratively disabled" do + @agent.expects(:disabled?).returns true + Puppet.expects(:notice).with(regexp_matches(/Skipping run of .*; administratively disabled/)) + @agent.run + end + it "should use Puppet::Application.controlled_run to manage process state behavior" do calls = sequence('calls') Puppet::Application.expects(:controlled_run).yields.in_sequence(calls) AgentTestClient.expects(:new).once.in_sequence(calls) @agent.run end it "should not fail if a client class instance cannot be created" do AgentTestClient.expects(:new).raises "eh" Puppet.expects(:err) @agent.run end it "should not fail if there is an exception while running its client" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).raises "eh" Puppet.expects(:err) @agent.run end it "should use a mutex to restrict multi-threading" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client mutex = mock 'mutex' @agent.expects(:sync).returns mutex mutex.expects(:synchronize) client.expects(:run).never # if it doesn't run, then we know our yield is what triggers it @agent.run end it "should use a filesystem lock to restrict multiple processes running the agent" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client @agent.expects(:lock) client.expects(:run).never # if it doesn't run, then we know our yield is what triggers it @agent.run end it "should make its client instance available while running" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).with { @agent.client.should equal(client); true } @agent.run end it "should run the client instance with any arguments passed to it" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).with("testargs") @agent.run("testargs") end end describe "when splaying" do before do Puppet.settings.stubs(:value).with(:splay).returns true Puppet.settings.stubs(:value).with(:splaylimit).returns "10" end it "should do nothing if splay is disabled" do Puppet.settings.expects(:value).returns false @agent.expects(:sleep).never @agent.splay end it "should do nothing if it has already splayed" do @agent.expects(:splayed?).returns true @agent.expects(:sleep).never @agent.splay end it "should log that it is splaying" do @agent.stubs :sleep Puppet.expects :info @agent.splay end it "should sleep for a random portion of the splaylimit plus 1" do Puppet.settings.expects(:value).with(:splaylimit).returns "50" @agent.expects(:rand).with(51).returns 10 @agent.expects(:sleep).with(10) @agent.splay end it "should mark that it has splayed" do @agent.stubs(:sleep) @agent.splay @agent.should be_splayed end end describe "when checking execution state" do describe 'with regular run status' do before :each do Puppet::Application.stubs(:restart_requested?).returns(false) Puppet::Application.stubs(:stop_requested?).returns(false) Puppet::Application.stubs(:interrupted?).returns(false) Puppet::Application.stubs(:clear?).returns(true) end it 'should be false for :stopping?' do @agent.stopping?.should be_false end it 'should be false for :needing_restart?' do @agent.needing_restart?.should be_false end end describe 'with a stop requested' do before :each do Puppet::Application.stubs(:clear?).returns(false) Puppet::Application.stubs(:restart_requested?).returns(false) Puppet::Application.stubs(:stop_requested?).returns(true) Puppet::Application.stubs(:interrupted?).returns(true) end it 'should be true for :stopping?' do @agent.stopping?.should be_true end it 'should be false for :needing_restart?' do @agent.needing_restart?.should be_false end end describe 'with a restart requested' do before :each do Puppet::Application.stubs(:clear?).returns(false) Puppet::Application.stubs(:restart_requested?).returns(true) Puppet::Application.stubs(:stop_requested?).returns(false) Puppet::Application.stubs(:interrupted?).returns(true) end it 'should be false for :stopping?' do @agent.stopping?.should be_false end it 'should be true for :needing_restart?' do @agent.needing_restart?.should be_true end end end describe "when starting" do before do @agent.stubs(:observe_signal) end it "should create a timer with the runinterval, a tolerance of 1, and :start? set to true" do Puppet.settings.expects(:value).with(:runinterval).returns 5 timer = stub 'timer', :sound_alarm => nil EventLoop::Timer.expects(:new).with(:interval => 5, :start? => true, :tolerance => 1).returns timer @agent.stubs(:run) @agent.start end it "should run once immediately" do timer = mock 'timer' EventLoop::Timer.expects(:new).returns timer timer.expects(:sound_alarm) @agent.start end it "should run within the block passed to the timer" do timer = stub 'timer', :sound_alarm => nil EventLoop::Timer.expects(:new).returns(timer).yields @agent.expects(:run) @agent.start end end end diff --git a/spec/unit/application/agent_spec.rb b/spec/unit/application/agent_spec.rb index 44162bf0c..c89f53878 100755 --- a/spec/unit/application/agent_spec.rb +++ b/spec/unit/application/agent_spec.rb @@ -1,631 +1,599 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' require 'puppet/application/agent' require 'puppet/network/server' require 'puppet/daemon' require 'puppet/network/handler' describe Puppet::Application::Agent do before :each do @puppetd = Puppet::Application[:agent] @puppetd.stubs(:puts) @daemon = stub_everything 'daemon' Puppet::Daemon.stubs(:new).returns(@daemon) Puppet[:daemonize] = false @agent = stub_everything 'agent' Puppet::Agent.stubs(:new).returns(@agent) @puppetd.preinit Puppet::Util::Log.stubs(:newdestination) Puppet::Node.indirection.stubs(:terminus_class=) Puppet::Node.indirection.stubs(:cache_class=) Puppet::Node::Facts.indirection.stubs(:terminus_class=) end it "should operate in agent run_mode" do @puppetd.class.run_mode.name.should == :agent end it "should ask Puppet::Application to parse Puppet configuration file" do @puppetd.should_parse_config?.should be_true end it "should declare a main command" do @puppetd.should respond_to(:main) end it "should declare a onetime command" do @puppetd.should respond_to(:onetime) end it "should declare a fingerprint command" do @puppetd.should respond_to(:fingerprint) end it "should declare a preinit block" do @puppetd.should respond_to(:preinit) end describe "in preinit" do it "should catch INT" do Signal.expects(:trap).with { |arg,block| arg == :INT } @puppetd.preinit end it "should init client to true" do @puppetd.preinit @puppetd.options[:client].should be_true end it "should init fqdn to nil" do @puppetd.preinit @puppetd.options[:fqdn].should be_nil end it "should init serve to []" do @puppetd.preinit @puppetd.options[:serve].should == [] end it "should use MD5 as default digest algorithm" do @puppetd.preinit @puppetd.options[:digest].should == :MD5 end it "should not fingerprint by default" do @puppetd.preinit @puppetd.options[:fingerprint].should be_false end end describe "when handling options" do before do @puppetd.command_line.stubs(:args).returns([]) end - [:centrallogging, :enable, :debug, :fqdn, :test, :verbose, :digest].each do |option| + [:centrallogging, :disable, :enable, :debug, :fqdn, :test, :verbose, :digest].each do |option| it "should declare handle_#{option} method" do @puppetd.should respond_to("handle_#{option}".to_sym) end it "should store argument value when calling handle_#{option}" do @puppetd.options.expects(:[]=).with(option, 'arg') @puppetd.send("handle_#{option}".to_sym, 'arg') end end - describe "when handling --disable" do - it "should declare handle_disable method" do - @puppetd.should respond_to(:handle_disable) - end - - it "should set disable to true" do - @puppetd.options.stubs(:[]=) - @puppetd.options.expects(:[]=).with(:disable, true) - @puppetd.handle_disable('') - end - - it "should store disable message" do - @puppetd.options.stubs(:[]=) - @puppetd.options.expects(:[]=).with(:disable_message, "message") - @puppetd.handle_disable('message') - end - end - it "should set an existing handler on server" do Puppet::Network::Handler.stubs(:handler).with("handler").returns(true) @puppetd.handle_serve("handler") @puppetd.options[:serve].should == [ :handler ] end it "should set client to false with --no-client" do @puppetd.handle_no_client(nil) @puppetd.options[:client].should be_false end it "should set waitforcert to 0 with --onetime and if --waitforcert wasn't given" do Puppet[:onetime] = true Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(0) @puppetd.setup_host end it "should use supplied waitforcert when --onetime is specified" do Puppet[:onetime] = true @puppetd.handle_waitforcert(60) Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(60) @puppetd.setup_host end it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(120) @puppetd.setup_host end it "should set the log destination with --logdest" do @puppetd.options.stubs(:[]=).with { |opt,val| opt == :setdest } Puppet::Log.expects(:newdestination).with("console") @puppetd.handle_logdest("console") end it "should put the setdest options to true" do @puppetd.options.expects(:[]=).with(:setdest,true) @puppetd.handle_logdest("console") end it "should parse the log destination from the command line" do @puppetd.command_line.stubs(:args).returns(%w{--logdest /my/file}) Puppet::Util::Log.expects(:newdestination).with("/my/file") @puppetd.parse_options end it "should store the waitforcert options with --waitforcert" do @puppetd.options.expects(:[]=).with(:waitforcert,42) @puppetd.handle_waitforcert("42") end it "should set args[:Port] with --port" do @puppetd.handle_port("42") @puppetd.args[:Port].should == "42" end end describe "during setup" do before :each do @puppetd.options.stubs(:[]) Puppet.stubs(:info) FileTest.stubs(:exists?).returns(true) Puppet[:libdir] = "/dev/null/lib" Puppet::SSL::Host.stubs(:ca_location=) Puppet::Transaction::Report.indirection.stubs(:terminus_class=) Puppet::Transaction::Report.indirection.stubs(:cache_class=) Puppet::Resource::Catalog.indirection.stubs(:terminus_class=) Puppet::Resource::Catalog.indirection.stubs(:cache_class=) Puppet::Node::Facts.indirection.stubs(:terminus_class=) @host = stub_everything 'host' Puppet::SSL::Host.stubs(:new).returns(@host) Puppet.stubs(:settraps) end describe "with --test" do before :each do #Puppet.settings.stubs(:handlearg) @puppetd.options.stubs(:[]=) end it "should call setup_test" do @puppetd.options.stubs(:[]).with(:test).returns(true) @puppetd.expects(:setup_test) @puppetd.setup end it "should set options[:verbose] to true" do @puppetd.options.expects(:[]=).with(:verbose,true) @puppetd.setup_test end it "should set options[:onetime] to true" do Puppet[:onetime] = false @puppetd.setup_test Puppet[:onetime].should == true end it "should set options[:detailed_exitcodes] to true" do @puppetd.options.expects(:[]=).with(:detailed_exitcodes,true) @puppetd.setup_test end end it "should call setup_logs" do @puppetd.expects(:setup_logs) @puppetd.setup end describe "when setting up logs" do before :each do Puppet::Util::Log.stubs(:newdestination) end it "should set log level to debug if --debug was passed" do @puppetd.options.stubs(:[]).with(:debug).returns(true) @puppetd.setup_logs Puppet::Util::Log.level.should == :debug end it "should set log level to info if --verbose was passed" do @puppetd.options.stubs(:[]).with(:verbose).returns(true) @puppetd.setup_logs Puppet::Util::Log.level.should == :info end [:verbose, :debug].each do |level| it "should set console as the log destination with level #{level}" do @puppetd.options.stubs(:[]).with(level).returns(true) Puppet::Util::Log.expects(:newdestination).with(:console) @puppetd.setup_logs end end it "should set a default log destination if no --logdest" do @puppetd.options.stubs(:[]).with(:setdest).returns(false) Puppet::Util::Log.expects(:setup_default) @puppetd.setup_logs end end it "should print puppet config if asked to in Puppet config" do Puppet[:configprint] = "pluginsync" Puppet.settings.expects(:print_configs).returns true expect { @puppetd.setup }.to exit_with 0 end it "should exit after printing puppet config if asked to in Puppet config" do Puppet[:modulepath] = '/my/path' Puppet[:configprint] = "modulepath" Puppet::Util::Settings.any_instance.expects(:puts).with('/my/path') expect { @puppetd.setup }.to exit_with 0 end it "should set a central log destination with --centrallogs" do @puppetd.options.stubs(:[]).with(:centrallogs).returns(true) Puppet[:server] = "puppet.reductivelabs.com" Puppet::Util::Log.stubs(:setup_default) Puppet::Util::Log.expects(:newdestination).with("puppet.reductivelabs.com") @puppetd.setup end it "should use :main, :puppetd, and :ssl" do Puppet.settings.expects(:use).with(:main, :agent, :ssl) @puppetd.setup end it "should install a remote ca location" do Puppet::SSL::Host.expects(:ca_location=).with(:remote) @puppetd.setup end it "should install a none ca location in fingerprint mode" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) Puppet::SSL::Host.expects(:ca_location=).with(:none) @puppetd.setup end it "should tell the report handler to use REST" do Puppet::Transaction::Report.indirection.expects(:terminus_class=).with(:rest) @puppetd.setup end it "should tell the report handler to cache locally as yaml" do Puppet::Transaction::Report.indirection.expects(:cache_class=).with(:yaml) @puppetd.setup end it "should change the catalog_terminus setting to 'rest'" do Puppet[:catalog_terminus] = :foo @puppetd.setup Puppet[:catalog_terminus].should == :rest end it "should tell the catalog handler to use cache" do Puppet::Resource::Catalog.indirection.expects(:cache_class=).with(:yaml) @puppetd.setup end it "should change the facts_terminus setting to 'facter'" do Puppet[:facts_terminus] = :foo @puppetd.setup Puppet[:facts_terminus].should == :facter end it "should create an agent" do Puppet::Agent.stubs(:new).with(Puppet::Configurer) @puppetd.setup end [:enable, :disable].each do |action| it "should delegate to enable_disable_client if we #{action} the agent" do @puppetd.options.stubs(:[]).with(action).returns(true) @puppetd.expects(:enable_disable_client).with(@agent) @puppetd.setup end end describe "when enabling or disabling agent" do [:enable, :disable].each do |action| it "should call client.#{action}" do @puppetd.options.stubs(:[]).with(action).returns(true) @agent.expects(action) expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 end end - it "should pass the disable message when disabling" do - @puppetd.options.stubs(:[]).with(:disable).returns(true) - @puppetd.options.stubs(:[]).with(:disable_message).returns("message") - @agent.expects(:disable).with("message") - expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 - end - - it "should pass the default disable message when disabling without a message" do - @puppetd.options.stubs(:[]).with(:disable).returns(true) - @puppetd.options.stubs(:[]).with(:disable_message).returns(nil) - @agent.expects(:disable).with("reason not specified") - expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 - end - it "should finally exit" do expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 end end it "should inform the daemon about our agent if :client is set to 'true'" do @puppetd.options.expects(:[]).with(:client).returns true @daemon.expects(:agent=).with(@agent) @puppetd.setup end it "should not inform the daemon about our agent if :client is set to 'false'" do @puppetd.options[:client] = false @daemon.expects(:agent=).never @puppetd.setup end it "should daemonize if needed" do Puppet.features.stubs(:microsoft_windows?).returns false Puppet[:daemonize] = true @daemon.expects(:daemonize) @puppetd.setup end it "should wait for a certificate" do @puppetd.options.stubs(:[]).with(:waitforcert).returns(123) @host.expects(:wait_for_cert).with(123) @puppetd.setup end it "should not wait for a certificate in fingerprint mode" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.options.stubs(:[]).with(:waitforcert).returns(123) @host.expects(:wait_for_cert).never @puppetd.setup end it "should setup listen if told to and not onetime" do Puppet[:listen] = true @puppetd.options.stubs(:[]).with(:onetime).returns(false) @puppetd.expects(:setup_listen) @puppetd.setup end describe "when setting up listen" do before :each do Puppet[:authconfig] = 'auth' FileTest.stubs(:exists?).with('auth').returns(true) File.stubs(:exist?).returns(true) @puppetd.options.stubs(:[]).with(:serve).returns([]) @server = stub_everything 'server' Puppet::Network::Server.stubs(:new).returns(@server) end it "should exit if no authorization file" do Puppet.stubs(:err) FileTest.stubs(:exists?).with(Puppet[:rest_authconfig]).returns(false) expect { @puppetd.setup_listen }.to exit_with 14 end it "should create a server to listen on at least the Runner handler" do Puppet::Network::Server.expects(:new).with { |args| args[:xmlrpc_handlers] == [:Runner] } @puppetd.setup_listen end it "should create a server to listen for specific handlers" do @puppetd.options.stubs(:[]).with(:serve).returns([:handler]) Puppet::Network::Server.expects(:new).with { |args| args[:xmlrpc_handlers] == [:handler] } @puppetd.setup_listen end it "should use puppet default port" do Puppet[:puppetport] = 32768 Puppet::Network::Server.expects(:new).with { |args| args[:port] == 32768 } @puppetd.setup_listen end end describe "when setting up for fingerprint" do before(:each) do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) end it "should not setup as an agent" do @puppetd.expects(:setup_agent).never @puppetd.setup end it "should not create an agent" do Puppet::Agent.stubs(:new).with(Puppet::Configurer).never @puppetd.setup end it "should not daemonize" do @daemon.expects(:daemonize).never @puppetd.setup end it "should setup our certificate host" do @puppetd.expects(:setup_host) @puppetd.setup end end end describe "when running" do before :each do @puppetd.agent = @agent @puppetd.daemon = @daemon @puppetd.options.stubs(:[]).with(:fingerprint).returns(false) end it "should dispatch to fingerprint if --fingerprint is used" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.stubs(:fingerprint) @puppetd.run_command end it "should dispatch to onetime if --onetime is used" do @puppetd.options.stubs(:[]).with(:onetime).returns(true) @puppetd.stubs(:onetime) @puppetd.run_command end it "should dispatch to main if --onetime and --fingerprint are not used" do @puppetd.options.stubs(:[]).with(:onetime).returns(false) @puppetd.stubs(:main) @puppetd.run_command end describe "with --onetime" do before :each do @agent.stubs(:run).returns(:report) @puppetd.options.stubs(:[]).with(:client).returns(:client) @puppetd.options.stubs(:[]).with(:detailed_exitcodes).returns(false) Puppet.stubs(:newservice) end it "should exit if no defined --client" do $stderr.stubs(:puts) @puppetd.options.stubs(:[]).with(:client).returns(nil) expect { @puppetd.onetime }.to exit_with 43 end it "should setup traps" do @daemon.expects(:set_signal_traps) expect { @puppetd.onetime }.to exit_with 0 end it "should let the agent run" do @agent.expects(:run).returns(:report) expect { @puppetd.onetime }.to exit_with 0 end it "should finish by exiting with 0 error code" do expect { @puppetd.onetime }.to exit_with 0 end it "should stop the daemon" do @daemon.expects(:stop).with(:exit => false) expect { @puppetd.onetime }.to exit_with 0 end describe "and --detailed-exitcodes" do before :each do @puppetd.options.stubs(:[]).with(:detailed_exitcodes).returns(true) end it "should exit with report's computed exit status" do Puppet[:noop] = false report = stub 'report', :exit_status => 666 @agent.stubs(:run).returns(report) expect { @puppetd.onetime }.to exit_with 666 end it "should exit with the report's computer exit status, even if --noop is set." do Puppet[:noop] = true report = stub 'report', :exit_status => 666 @agent.stubs(:run).returns(report) expect { @puppetd.onetime }.to exit_with 666 end end end describe "with --fingerprint" do before :each do @cert = stub_everything 'cert' @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.options.stubs(:[]).with(:digest).returns(:MD5) @host = stub_everything 'host' @puppetd.stubs(:host).returns(@host) end it "should fingerprint the certificate if it exists" do @host.expects(:certificate).returns(@cert) @cert.expects(:fingerprint).with(:MD5).returns "fingerprint" @puppetd.fingerprint end it "should fingerprint the certificate request if no certificate have been signed" do @host.expects(:certificate).returns(nil) @host.expects(:certificate_request).returns(@cert) @cert.expects(:fingerprint).with(:MD5).returns "fingerprint" @puppetd.fingerprint end it "should display the fingerprint" do @host.stubs(:certificate).returns(@cert) @cert.stubs(:fingerprint).with(:MD5).returns("DIGEST") @puppetd.expects(:puts).with "DIGEST" @puppetd.fingerprint end end describe "without --onetime and --fingerprint" do before :each do Puppet.stubs(:notice) @puppetd.options.stubs(:[]).with(:client) end it "should start our daemon" do @daemon.expects(:start) @puppetd.main end end end end diff --git a/spec/unit/util/anonymous_filelock_spec.rb b/spec/unit/util/anonymous_filelock_spec.rb deleted file mode 100644 index 784ac0fca..000000000 --- a/spec/unit/util/anonymous_filelock_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env rspec -require 'spec_helper' - -require 'puppet/util/anonymous_filelock' - -describe Puppet::Util::AnonymousFilelock do - require 'puppet_spec/files' - include PuppetSpec::Files - - before(:each) do - @lockfile = tmpfile("lock") - @lock = Puppet::Util::AnonymousFilelock.new(@lockfile) - end - - it "should be anonymous" do - @lock.should be_anonymous - end - - describe "#lock" do - it "should return false if already locked" do - @lock.stubs(:locked?).returns(true) - @lock.lock.should be_false - end - - it "should return true if it successfully locked" do - @lock.lock.should be_true - end - - it "should create a lock file" do - @lock.lock - - File.should be_exists(@lockfile) - end - - it "should create a lock file containing a message" do - @lock.lock("message") - - File.read(@lockfile).should == "message" - end - end - - describe "#unlock" do - it "should return true when unlocking" do - @lock.lock - @lock.unlock.should be_true - end - - it "should return false when not locked" do - @lock.unlock.should be_false - end - - it "should clear the lock file" do - File.open(@lockfile, 'w') { |fd| fd.print("locked") } - @lock.unlock - File.should_not be_exists(@lockfile) - end - end - - it "should be locked when locked" do - @lock.lock - @lock.should be_locked - end - - it "should not be locked when not locked" do - @lock.should_not be_locked - end - - it "should not be locked when unlocked" do - @lock.lock - @lock.unlock - @lock.should_not be_locked - end - - it "should return the lock message" do - @lock.lock("lock message") - @lock.message.should == "lock message" - end -end \ No newline at end of file diff --git a/spec/unit/util/pidlock_spec.rb b/spec/unit/util/pidlock_spec.rb deleted file mode 100755 index 962745bd4..000000000 --- a/spec/unit/util/pidlock_spec.rb +++ /dev/null @@ -1,208 +0,0 @@ -#!/usr/bin/env rspec -require 'spec_helper' - -require 'puppet/util/pidlock' - -describe Puppet::Util::Pidlock do - require 'puppet_spec/files' - include PuppetSpec::Files - - before(:each) do - @lockfile = tmpfile("lock") - @lock = Puppet::Util::Pidlock.new(@lockfile) - end - - it "should not be anonymous" do - @lock.should_not be_anonymous - end - - describe "#lock" do - it "should not be locked at start" do - @lock.should_not be_locked - end - - it "should not be mine at start" do - @lock.should_not be_mine - end - - it "should become locked" do - @lock.lock - @lock.should be_locked - end - - it "should become mine" do - @lock.lock - @lock.should be_mine - end - - it "should be possible to lock multiple times" do - @lock.lock - lambda { @lock.lock }.should_not raise_error - end - - it "should return true when locking" do - @lock.lock.should be_true - end - - it "should return true if locked by me" do - @lock.lock - @lock.lock.should be_true - end - - it "should return false if locked by someone else" do - Process.stubs(:kill) - File.open(@lockfile, "w") { |fd| fd.print('0') } - - @lock.lock.should be_false - end - - it "should create a lock file" do - @lock.lock - File.should be_exists(@lockfile) - end - - it "should create a lock file containing our pid" do - @lock.lock - File.read(@lockfile).to_i.should == Process.pid.to_i - end - end - - describe "#unlock" do - it "should not be locked anymore" do - @lock.lock - @lock.unlock - @lock.should_not be_locked - end - - it "should return false if not locked" do - @lock.unlock.should be_false - end - - it "should return true if properly unlocked" do - @lock.lock - @lock.unlock.should be_true - end - - it "should get rid of the lock file" do - @lock.lock - @lock.unlock - File.should_not be_exists(@lockfile) - end - - it "should not warn if the lockfile was deleted by someone else" do - @lock.lock - File.unlink(@lockfile) - - Puppet.expects(:err).never # meh - @lock.unlock - end - - it "should warn if the lockfile can't be deleted" do - @lock.lock - File.expects(:unlink).with(@lockfile).raises(Errno::EIO) - Puppet.expects(:err).with do |argument| - argument.should =~ /Input\/output error/ - end - @lock.unlock - - # This is necessary because our cleanup code uses File.unlink - File.unstub(:unlink) - @lock.unlock - end - end - - describe "#locked?" do - it "should return true if locked" do - @lock.lock - @lock.should be_locked - end - end - - describe "with a stale lock" do - before(:each) do - Process.stubs(:kill).with(0, 6789) - Process.stubs(:kill).with(0, 1234).raises(Errno::ESRCH) - Process.stubs(:pid).returns(6789) - File.open(@lockfile, 'w') { |fd| fd.write("1234") } - end - - it "should not be locked" do - @lock.should_not be_locked - end - - describe "#lock" do - it "should clear stale locks" do - @lock.locked? - File.should_not be_exists(@lockfile) - end - - it "should replace with new locks" do - @lock.lock - File.should be_exists(@lockfile) - @lock.lock_pid.should == 6789 - @lock.should be_mine - @lock.should be_locked - end - end - - describe "#unlock" do - it "should not be allowed" do - @lock.unlock.should be_false - end - - it "should not remove the lock file" do - @lock.unlock - File.should be_exists(@lockfile) - end - end - end - - describe "with another process lock" do - before(:each) do - Process.stubs(:kill).with(0, 6789) - Process.stubs(:kill).with(0, 1234) - Process.stubs(:pid).returns(6789) - File.open(@lockfile, 'w') { |fd| fd.write("1234") } - end - - it "should be locked" do - @lock.should be_locked - end - - it "should not be mine" do - @lock.should_not be_mine - end - - describe "#lock" do - it "should not be possible" do - @lock.lock.should be_false - end - - it "should not overwrite the lock" do - @lock.lock - @lock.should_not be_mine - end - end - - describe "#unlock" do - it "should not be possible" do - @lock.unlock.should be_false - end - - it "should not remove the lock file" do - @lock.unlock - File.should be_exists(@lockfile) - end - - it "should still not be our lock" do - @lock.unlock - @lock.should_not be_mine - end - - it "should not warn" do - Puppet.expects(:err).never - @lock.unlock - end - end - end -end diff --git a/test/util/pidlock.rb b/test/util/pidlock.rb new file mode 100755 index 000000000..beaff1089 --- /dev/null +++ b/test/util/pidlock.rb @@ -0,0 +1,126 @@ +require File.expand_path(File.dirname(__FILE__) + '/../lib/puppettest') + +require 'puppet/util/pidlock' +require 'fileutils' + +# This is *fucked* *up* +Puppet.debug = false + +class TestPuppetUtilPidlock < Test::Unit::TestCase + include PuppetTest + + def setup + super + @workdir = tstdir + end + + def teardown + super + FileUtils.rm_rf(@workdir) + end + + def test_00_basic_create + l = nil + assert_nothing_raised { l = Puppet::Util::Pidlock.new(@workdir + '/nothingmuch') } + + assert_equal Puppet::Util::Pidlock, l.class + + assert_equal @workdir + '/nothingmuch', l.lockfile + end + + def test_10_uncontended_lock + l = Puppet::Util::Pidlock.new(@workdir + '/test_lock') + + assert !l.locked? + assert !l.mine? + assert l.lock + assert l.locked? + assert l.mine? + assert !l.anonymous? + # It's OK to call lock multiple times + assert l.lock + assert l.unlock + assert !l.locked? + assert !l.mine? + end + + def test_20_someone_elses_lock + childpid = nil + l = Puppet::Util::Pidlock.new(@workdir + '/someone_elses_lock') + + # First, we need a PID that's guaranteed to be (a) used, (b) someone + # else's, and (c) around for the life of this test. + childpid = fork { loop do; sleep 10; end } + + File.open(l.lockfile, 'w') { |fd| fd.write(childpid) } + + assert l.locked? + assert !l.mine? + assert !l.lock + assert l.locked? + assert !l.mine? + assert !l.unlock + assert l.locked? + assert !l.mine? + ensure + Process.kill("KILL", childpid) unless childpid.nil? + end + + def test_30_stale_lock + # This is a bit hard to guarantee, but we need a PID that is definitely + # unused, and will stay so for the the life of this test. Our best + # bet is to create a process, get it's PID, let it die, and *then* + # lock on it. + childpid = fork { exit } + + # Now we can't continue until we're sure that the PID is dead + Process.wait(childpid) + + l = Puppet::Util::Pidlock.new(@workdir + '/stale_lock') + + # locked? should clear the lockfile + File.open(l.lockfile, 'w') { |fd| fd.write(childpid) } + assert File.exists?(l.lockfile) + assert !l.locked? + assert !File.exists?(l.lockfile) + + # lock should replace the lockfile with our own + File.open(l.lockfile, 'w') { |fd| fd.write(childpid) } + assert File.exists?(l.lockfile) + assert l.lock + assert l.locked? + assert l.mine? + + # unlock should fail, and should *not* molest the existing lockfile, + # despite it being stale + File.open(l.lockfile, 'w') { |fd| fd.write(childpid) } + assert File.exists?(l.lockfile) + assert !l.unlock + assert File.exists?(l.lockfile) + end + + def test_40_not_locked_at_all + l = Puppet::Util::Pidlock.new(@workdir + '/not_locked') + + assert !l.locked? + # We can't unlock if we don't hold the lock + assert !l.unlock + end + + def test_50_anonymous_lock + l = Puppet::Util::Pidlock.new(@workdir + '/anonymous_lock') + + assert !l.locked? + assert l.lock(:anonymous => true) + assert l.locked? + assert l.anonymous? + assert !l.mine? + assert "", File.read(l.lockfile) + assert !l.unlock + assert l.locked? + assert l.anonymous? + assert l.unlock(:anonymous => true) + assert !File.exists?(l.lockfile) + end +end +