diff --git a/lib/puppet/config.rb b/lib/puppet/config.rb index cc6383fc9..81ec4fe85 100644 --- a/lib/puppet/config.rb +++ b/lib/puppet/config.rb @@ -1,922 +1,928 @@ require 'puppet' require 'sync' require 'puppet/transportable' module Puppet # The class for handling configuration files. class Config include Enumerable @@sync = Sync.new attr_reader :file, :timer # Retrieve a config value def [](param) param = symbolize(param) # Yay, recursion. self.reparse() unless param == :filetimeout if @config.include?(param) if @config[param] val = @config[param].value return val end else raise ArgumentError, "Undefined configuration parameter '%s'" % param end end # Set a config value. This doesn't set the defaults, it sets the value itself. def []=(param, value) @@sync.synchronize do # yay, thread-safe param = symbolize(param) unless @config.include?(param) raise Puppet::Error, "Unknown configuration parameter %s" % param.inspect end unless @order.include?(param) @order << param end @config[param].value = value end return value end # A simplified equality operator. def ==(other) self.each { |myname, myobj| unless other[myname] == myobj.value return false end } return true end # Generate the list of valid arguments, in a format that GetoptLong can # understand, and add them to the passed option list. def addargs(options) require 'getoptlong' # Hackish, but acceptable. Copy the current ARGV for restarting. Puppet.args = ARGV.dup # Add all of the config parameters as valid options. self.each { |param, obj| if self.boolean?(param) options << ["--#{param}", GetoptLong::NO_ARGUMENT] options << ["--no-#{param}", GetoptLong::NO_ARGUMENT] else options << ["--#{param}", GetoptLong::REQUIRED_ARGUMENT] end } return options end # Turn the config into a transaction and apply it def apply trans = self.to_transportable begin comp = trans.to_type trans = comp.evaluate trans.evaluate comp.remove rescue => detail if Puppet[:trace] puts detail.backtrace end Puppet.err "Could not configure myself: %s" % detail end end # Is our parameter a boolean parameter? def boolean?(param) param = symbolize(param) if @config.include?(param) and @config[param].kind_of? CBoolean return true else return false end end # Remove all set values, potentially skipping cli values. def clear(exceptcli = false) @config.each { |name, obj| unless exceptcli and obj.setbycli obj.clear end } # Don't clear the 'used' in this case, since it's a config file reparse, # and we want to retain this info. unless exceptcli @used = [] end end # This is mostly just used for testing. def clearused @used = [] end def each @order.each { |name| if @config.include?(name) yield name, @config[name] else raise Puppet::DevError, "%s is in the order but does not exist" % name end } end # Iterate over each section name. def eachsection yielded = [] @order.each { |name| if @config.include?(name) section = @config[name].section unless yielded.include? section yield section yielded << section end else raise Puppet::DevError, "%s is in the order but does not exist" % name end } end # Return an object by name. def element(param) param = symbolize(param) @config[param] end # Handle a command-line argument. def handlearg(opt, value = nil) value = mungearg(value) if value str = opt.sub(/^--/,'') bool = true newstr = str.sub(/^no-/, '') if newstr != str str = newstr bool = false end if self.valid?(str) if self.boolean?(str) self[str] = bool else self[str] = value end # Mark that this was set on the cli, so it's not overridden if the # config gets reread. @config[str.intern].setbycli = true else raise ArgumentError, "Invalid argument %s" % opt end end def include?(name) name = name.intern if name.is_a? String @config.include?(name) end # Create a new config object def initialize @order = [] @config = {} @created = [] end # Make a directory with the appropriate user, group, and mode def mkdir(default) obj = nil unless obj = @config[default] raise ArgumentError, "Unknown default %s" % default end unless obj.is_a? CFile raise ArgumentError, "Default %s is not a file" % default end Puppet::Util.asuser(obj.owner, obj.group) do mode = obj.mode || 0750 Dir.mkdir(obj.value, mode) end end # Convert arguments appropriately. def mungearg(value) # Handle different data types correctly return case value when /^false$/i: false when /^true$/i: true when /^\d+$/i: Integer(value) else value.gsub(/^["']|["']$/,'') end end # Return all of the parameters associated with a given section. def params(section) section = section.intern if section.is_a? String @config.find_all { |name, obj| obj.section == section }.collect { |name, obj| name } end # Parse a configuration file. def parse(file) text = nil if file.is_a? Puppet::LoadedFile @file = file else @file = Puppet::LoadedFile.new(file) end # Create a timer so that this. settimer() begin text = File.read(@file.file) rescue Errno::ENOENT raise Puppet::Error, "No such file %s" % file rescue Errno::EACCES raise Puppet::Error, "Permission denied to file %s" % file end @values = Hash.new { |names, name| names[name] = {} } # Get rid of the values set by the file, keeping cli values. self.clear(true) section = "puppet" metas = %w{owner group mode} values = Hash.new { |hash, key| hash[key] = {} } text.split(/\n/).each { |line| case line when /^\[(\w+)\]$/: section = $1 # Section names when /^\s*#/: next # Skip comments when /^\s*$/: next # Skip blanks when /^\s*(\w+)\s*=\s*(.+)$/: # settings var = $1.intern value = mungearg($2) # Mmm, "special" attributes if metas.include?(var.to_s) unless values.include?(section) values[section] = {} end values[section][var.to_s] = value # Do some annoying skullduggery here. This is so that # the group can be set in the config file. The problem # is that we're using the word 'group' twice, which is # confusing. if var == :group and section == Puppet.name and @config.include?(:group) @config[:group].value = value end next end # Don't override set parameters, since the file is parsed # after cli arguments are handled. unless @config.include?(var) and @config[var].setbycli Puppet.debug "%s: Setting %s to '%s'" % [section, var, value] self[var] = value end @config[var].section = symbolize(section) metas.each { |meta| if values[section][meta] if @config[var].respond_to?(meta + "=") @config[var].send(meta + "=", values[section][meta]) end end } else raise Puppet::Error, "Could not match line %s" % line end } end # Create a new element. The value is passed in because it's used to determine # what kind of element we're creating, but the value itself might be either # a default or a value, so we can't actually assign it. def newelement(hash) value = hash[:value] || hash[:default] klass = nil if hash[:section] hash[:section] = symbolize(hash[:section]) end case value when true, false, "true", "false": klass = CBoolean when /^\$\w+\//, /^\//: klass = CFile when String, Integer, Float: # nothing klass = CElement else raise Puppet::Error, "Invalid value '%s' for %s" % [value.inspect, hash[:name]] end hash[:parent] = self element = klass.new(hash) @order << element.name return element end # Iterate across all of the objects in a given section. def persection(section) section = symbolize(section) self.each { |name, obj| if obj.section == section yield obj end } end # Reparse our config file, if necessary. def reparse if defined? @file and @file.changed? Puppet.notice "Reparsing %s" % @file.file @@sync.synchronize do parse(@file) end reuse() end end def reuse return unless defined? @used @@sync.synchronize do # yay, thread-safe @used.each do |section| @used.delete(section) self.use(section) end end end # Get a list of objects per section def sectionlist sectionlist = [] self.each { |name, obj| section = obj.section || "puppet" sections[section] ||= [] unless sectionlist.include?(section) sectionlist << section end sections[section] << obj } return sectionlist, sections end # Convert a single section into transportable objects. def section_to_transportable(section, done = nil, includefiles = true) done ||= Hash.new { |hash, key| hash[key] = {} } objects = [] - persection(section) { |obj| + persection(section) do |obj| if @config[:mkusers] and @config[:mkusers].value - [:owner, :group].each { |attr| + [:owner, :group].each do |attr| type = nil if attr == :owner type = :user else type = attr end + # If a user and/or group is set, then make sure we're + # managing that object if obj.respond_to? attr and name = obj.send(attr) - # Skip owners and groups we've already done, but tag them with - # our section if necessary + # Skip owners and groups we've already done, but tag + # them with our section if necessary if done[type].include?(name) tags = done[type][name].tags unless tags.include?(section) done[type][name].tags = tags << section end elsif newobj = Puppet::Type.type(type)[name] unless newobj.state(:ensure) newobj[:ensure] = "present" end newobj.tag(section) else newobj = TransObject.new(name, type.to_s) newobj.tags = ["puppet", "configuration", section] newobj[:ensure] = "present" + # Set the group appropriately for the user + if type == :user + newobj[:gid] = Puppet[:group] + end done[type][name] = newobj objects << newobj end end - } + end end if obj.respond_to? :to_transportable next if obj.value =~ /^\/dev/ transobjects = obj.to_transportable transobjects = [transobjects] unless transobjects.is_a? Array transobjects.each do |trans| # transportable could return nil next unless trans unless done[:file].include? trans.name @created << trans.name objects << trans done[:file][trans.name] = trans end end end - } + end bucket = Puppet::TransBucket.new bucket.type = section bucket.push(*objects) bucket.keyword = "class" return bucket end # Set a bunch of defaults in a given section. The sections are actually pretty # pointless, but they help break things up a bit, anyway. def setdefaults(section, defs) section = symbolize(section) defs.each { |name, hash| if hash.is_a? Array tmp = hash hash = {} [:default, :desc].zip(tmp).each { |p,v| hash[p] = v } end name = symbolize(name) hash[:name] = name hash[:section] = section name = hash[:name] if @config.include?(name) raise Puppet::Error, "Parameter %s is already defined" % name end @config[name] = newelement(hash) } end # Create a timer to check whether the file should be reparsed. def settimer if Puppet[:filetimeout] > 0 @timer = Puppet.newtimer( :interval => Puppet[:filetimeout], :tolerance => 1, :start? => true ) do self.reparse() end end end def symbolize(param) case param when String: return param.intern when Symbol: return param else raise ArgumentError, "Invalid param type %s" % param.class end end # Convert our list of objects into a component that can be applied. def to_component transport = self.to_transportable return transport.to_type end # Convert our list of objects into a configuration file. def to_config str = %{The configuration file for #{Puppet.name}. Note that this file is likely to have unused configuration parameters in it; any parameter that's valid anywhere in Puppet can be in any config file, even if it's not used. Every section can specify three special parameters: owner, group, and mode. These parameters affect the required permissions of any files specified after their specification. Puppet will sometimes use these parameters to check its own configured state, so they can be used to make Puppet a bit more self-managing. Note also that the section names are entirely for human-level organizational purposes; they don't provide separate namespaces. All parameters are in a single namespace. Generated on #{Time.now}. }.gsub(/^/, "# ") eachsection do |section| str += "[#{section}]\n" persection(section) do |obj| str += obj.to_config + "\n" end end return str end # Convert our configuration into a list of transportable objects. def to_transportable done = Hash.new { |hash, key| hash[key] = {} } topbucket = Puppet::TransBucket.new if defined? @file.file and @file.file topbucket.name = @file.file else topbucket.name = "configtop" end topbucket.type = "puppetconfig" topbucket.top = true # Now iterate over each section eachsection do |section| topbucket.push section_to_transportable(section, done) end topbucket end # Convert to a parseable manifest def to_manifest transport = self.to_transportable manifest = transport.to_manifest + "\n" eachsection { |section| manifest += "include #{section}\n" } return manifest end # Create the necessary objects to use a section. This is idempotent; # you can 'use' a section as many times as you want. def use(*sections) @@sync.synchronize do # yay, thread-safe unless defined? @used @used = [] end runners = sections.collect { |s| symbolize(s) }.find_all { |s| ! @used.include? s } return if runners.empty? bucket = Puppet::TransBucket.new bucket.type = "puppetconfig" bucket.top = true # Create a hash to keep track of what we've done so far. @done = Hash.new { |hash, key| hash[key] = {} } runners.each do |section| bucket.push section_to_transportable(section, @done, false) end objects = bucket.to_type objects.finalize tags = nil if Puppet[:tags] tags = Puppet[:tags] Puppet[:tags] = "" end trans = objects.evaluate trans.ignoretags = true trans.evaluate if tags Puppet[:tags] = tags end # Remove is a recursive process, so it's sufficient to just call # it on the component. objects.remove(true) objects = nil runners.each { |s| @used << s } end end def valid?(param) param = symbolize(param) @config.has_key?(param) end # Open a file with the appropriate user, group, and mode def write(default, *args) obj = nil unless obj = @config[default] raise ArgumentError, "Unknown default %s" % default end unless obj.is_a? CFile raise ArgumentError, "Default %s is not a file" % default end chown = nil if Process.uid == 0 chown = [obj.owner, obj.group] else chown = [nil, nil] end Puppet::Util.asuser(*chown) do mode = obj.mode || 0640 if args.empty? args << "w" end args << mode File.open(obj.value, *args) do |file| yield file end end end # Open a non-default file under a default dir with the appropriate user, # group, and mode def writesub(default, file, *args) obj = nil unless obj = @config[default] raise ArgumentError, "Unknown default %s" % default end unless obj.is_a? CFile raise ArgumentError, "Default %s is not a file" % default end chown = nil if Process.uid == 0 chown = [obj.owner, obj.group] else chown = [nil, nil] end Puppet::Util.asuser(*chown) do mode = obj.mode || 0640 if args.empty? args << "w" end args << mode # Update the umask to make non-executable files Puppet::Util.withumask(File.umask ^ 0111) do File.open(file, *args) do |file| yield file end end end end # The base element type. class CElement attr_accessor :name, :section, :default, :parent, :setbycli attr_reader :desc # Unset any set value. def clear @value = nil end def convert(value) return value unless value return value unless value.is_a? String if value =~ /\$(\w+)/ parent = $1 if pval = @parent[parent] newval = value.to_s.sub(/\$#{parent.to_s}/, pval.to_s) #return File.join(newval.split("/")) return newval else raise Puppet::DevError, "Could not find value for %s" % parent end else return value end end def desc=(value) @desc = value.gsub(/^\s*/, '') end # Create the new element. Pretty much just sets the name. def initialize(args = {}) if args.include?(:parent) self.parent = args[:parent] args.delete(:parent) end args.each do |param, value| method = param.to_s + "=" unless self.respond_to? method raise ArgumentError, "%s does not accept %s" % [self.class, param] end self.send(method, value) end end def iscreated @iscreated = true end def iscreated? if defined? @iscreated return @iscreated else return false end end def set? if defined? @value and ! @value.nil? return true else return false end end # Convert the object to a config statement. def to_config str = @desc.gsub(/^/, "# ") + "\n" # Add in a statement about the default. if defined? @default and @default str += "# The default value is '%s'.\n" % @default end line = "%s = %s" % [@name, self.value] # If the value has not been overridden, then print it out commented # and unconverted, so it's clear that that's the default and how it # works. if defined? @value and ! @value.nil? line = "%s = %s" % [@name, self.value] else line = "# %s = %s" % [@name, @default] end str += line + "\n" str.gsub(/^/, " ") end # Retrieves the value, or if it's not set, retrieves the default. def value retval = nil if defined? @value and ! @value.nil? retval = @value elsif defined? @default retval = @default else return nil end if retval.is_a? String return convert(retval) else return retval end end # Set the value. def value=(value) if respond_to?(:validate) validate(value) end if respond_to?(:munge) @value = munge(value) else @value = value end end end # A file. class CFile < CElement attr_writer :owner, :group attr_accessor :mode, :create def group if defined? @group return convert(@group) else return nil end end def owner if defined? @owner return convert(@owner) else return nil end end # Set the type appropriately. Yep, a hack. This supports either naming # the variable 'dir', or adding a slash at the end. def munge(value) if value.to_s =~ /\/$/ @type = :directory return value.sub(/\/$/, '') end return value end # Return the appropriate type. def type value = self.value if @name.to_s =~ /dir/ return :directory elsif value.to_s =~ /\/$/ return :directory elsif value.is_a? String return :file else return nil end end # Convert the object to a TransObject instance. # FIXME There's no dependency system in place right now; if you use # a section that requires another section, there's nothing done to # correct that for you, at the moment. def to_transportable type = self.type return nil unless type path = self.value.split(File::SEPARATOR) path.shift # remove the leading nil objects = [] obj = Puppet::TransObject.new(self.value, "file") # Only create directories, or files that are specifically marked to # create. if type == :directory or self.create obj[:ensure] = type end [:mode].each { |var| if value = self.send(var) obj[var] = "%o" % value end } # Only chown or chgrp when root if Process.uid == 0 [:group, :owner].each { |var| if value = self.send(var) obj[var] = value end } end # And set the loglevel to debug for everything obj[:loglevel] = "debug" if self.section obj.tags += ["puppet", "configuration", self.section, self.name] end objects << obj objects end # Make sure any provided variables look up to something. def validate(value) return true unless value.is_a? String value.scan(/\$(\w+)/) { |name| name = $1 unless @parent.include?(name) raise ArgumentError, "Configuration parameter '%s' is undefined" % name end } end end # A simple boolean. class CBoolean < CElement def munge(value) case value when true, "true": return true when false, "false": return false else raise Puppet::Error, "Invalid value '%s' for %s" % [value.inspect, @name] end end end end end # $Id$ diff --git a/lib/puppet/type/group.rb b/lib/puppet/type/group.rb index b03f57907..e2b8dfcb9 100755 --- a/lib/puppet/type/group.rb +++ b/lib/puppet/type/group.rb @@ -1,204 +1,203 @@ # Manage Unix groups. This class is annoyingly complicated; There # is some variety in whether systems use 'groupadd' or 'addgroup', but OS X # significantly complicates the picture by using NetInfo. Eventually we # will also need to deal with systems that have their groups hosted elsewhere # (e.g., in LDAP). That will likely only be a problem for OS X, since it # currently does not use the POSIX interfaces, since lookupd's cache screws # things up. require 'etc' require 'facter' require 'puppet/type/state' -require 'puppet/type/nameservice' module Puppet newtype(:group) do @doc = "Manage groups. This type can only create groups. Group membership must be managed on individual users. This element type uses the prescribed native tools for creating groups and generally uses POSIX APIs for retrieving information about them. It does not directly modify /etc/group or anything. For most platforms, the tools used are ``groupadd`` and its ilk; for Mac OS X, NetInfo is used. This is currently unconfigurable, but if you desperately need it to be so, please contact us." newstate(:ensure) do desc "The basic state that the object should be in." newvalue(:present) do provider.create :group_created end newvalue(:absent) do provider.delete :group_removed end # If they're talking about the thing at all, they generally want to # say it should exist. defaultto do if @parent.managed? :present else nil end end def change_to_s begin if @is == :absent return "created" elsif self.should == :absent return "removed" else return "%s changed '%s' to '%s'" % [self.name, self.is_to_s, self.should_to_s] end rescue Puppet::Error, Puppet::DevError raise rescue => detail raise Puppet::DevError, "Could not convert change %s to string: %s" % [self.name, detail] end end def retrieve if provider.exists? @is = :present else @is = :absent end end # The default 'sync' method only selects among a list of registered # values. def sync if self.insync? self.info "already in sync" return nil #else #self.info "%s vs %s" % [self.is.inspect, self.should.inspect] end unless self.class.values self.devfail "No values defined for %s" % self.class.name end # Set ourselves to whatever our should value is. self.set end end newstate(:gid) do desc "The group ID. Must be specified numerically. If not specified, a number will be picked, which can result in ID differences across systems and thus is not recommended. The GID is picked according to local system standards." def autogen highest = 0 # Make sure we don't use the same value multiple times if defined? @@prevauto @@prevauto += 1 else Etc.group { |group| if group.gid > highest unless group.gid > 65000 highest = group.gid end end } @@prevauto = highest + 1 end return @@prevauto end def retrieve @is = provider.gid end def sync if self.should == :absent raise Puppet::DevError, "GID cannot be deleted" else provider.gid = self.should :group_modified end end munge do |gid| case gid when String if gid =~ /^[-0-9]+$/ gid = Integer(gid) else self.fail "Invalid GID %s" % gid end when Symbol unless gid == :absent self.devfail "Invalid GID %s" % gid end end return gid end end newparam(:name) do desc "The group name. While naming limitations vary by system, it is advisable to keep the name to the degenerate limitations, which is a maximum of 8 characters beginning with a letter." isnamevar end newparam(:allowdupe) do desc "Whether to allow duplicate GIDs. This option does not work on FreeBSD (contract to the ``pw`` man page)." newvalues(:true, :false) defaultto false end # List all groups def self.listbyname groups = [] while ent = Etc.getgrent groups << ent.name end Etc.endgrent return groups end def retrieve if @provider.exists? super else # the group does not exist #unless @states.include?(:gid) # self[:gid] = :auto #end @states.each { |name, state| state.is = :absent } return end end end end # $Id$ diff --git a/lib/puppet/type/nameservice.rb b/lib/puppet/type/nameservice.rb deleted file mode 100755 index 6db2ff083..000000000 --- a/lib/puppet/type/nameservice.rb +++ /dev/null @@ -1,186 +0,0 @@ -require 'puppet/type' - -module Puppet -class Type - class NSSType < Puppet::Type - class << self - attr_reader :parentstate, :parentmodule - - # Seems a lot like this should be elsewhere, - # but we'd have to have a different parent class for - # netinfo types if that were the case. - attr_accessor :netinfodir - - # Create an instance for every object that exists on the machine - def list - listbyname.collect do |name| - obj = nil - check = @states.collect { |st| st.name } - if obj = self[name] - obj[:check] = check - else - # unless it exists, create it as an unmanaged object - obj = self.create(:name => name, :check => check) - end - - next unless obj # In case there was an error somewhere - - #obj.retrieve - obj - end - end - - def newstate(*args, &block) - s = super(*args, &block) - - if s.respond_to?(:finish) - s.finish - end - end - end - end -end - -class State - # This is the state that all other Nameservice states descend from. It sets - # the standard for how one interacts with these state objects, but it leaves - # out any implementation details. See the 'posix' stuff for the basics - # on how to retrieve information on most systems, but any adding of information - # is done specially per-system (e.g., netinfo, useradd, adduser). - class NSSState < Puppet::State - class << self - # Are all changes to states done in one step or do all states need - # to be synced individually? This differentiates between netinfo, - # in which creation cannot be used to fill out information, and - # things like useradd, in which creation can be done with all - # information in one swell foop. - def allatonce? - #Puppet.info "Returning allatonce %s" % @allatonce - if defined? @allatonce - return @allatonce - else - return false - end - end - - # Yes, this value will autogenerate. - def isautogen - @isautogen = true - end - - def noautogen - @isautogen = false - end - - # Can we autogenerate a value for this field? If a required field - # can be autogenerated then we don't require a value. - def autogen? - if defined? @isautogen and @isautogen - return true - else - return false - end - end - - # Yes, this field is optional - def isoptional - @isoptional = true - end - - # Is this field optional? Defaults to false. - def isoptional? - if defined? @isoptional - return @isoptional - else - return false - end - end - - # What method is used to retrieve the value from the POSIX struct? - # Really, these method names should be stored in this class somewhere, - # in a map or something, but then I would have to differentiate - # between the different posix classes (e.g., user and group). In the - # end, we're _only_ using classes that _do_ have posix structs, - # so we might as well store the method in the class definition, - # rather than forcing it to be abstracted out or whatever. - def posixmethod - if defined? @posixmethod - return @posixmethod - else - return self.name - end - end - end - - # We use the POSIX interfaces to retrieve all information, so we don't - # have to worry about abstracting that across the system. Any class - # can still override this, but it should work for the vast majority of - # cases. - def retrieve - if obj = @parent.getinfo(true) - if method = self.class.posixmethod || self.class.name - @is = obj.send(method) - else - self.devfail "%s has no posixmethod" % self.class - end - else - @is = :absent - end - end - - # Sync the information. - def sync - event = nil - # they're in sync some other way - if self.insync? - return nil - end - if @is == :absent - self.retrieve - if self.insync? - return nil - end - end - - unless @parent.exists? - self.devfail "%s %s does not exist; cannot set %s" % - [@parent.class.name, @parent.name, self.class.name] - end - - # this needs to be set either by the individual state - # or its parent class - cmd = self.modifycmd - - self.debug "Executing %s" % cmd.inspect - - output = %x{#{cmd} 2>&1} - - - unless $? == 0 - self.fail "Could not modify %s on %s %s: %s" % - [self.class.name, @parent.class.name, - @parent.name, output] - end - - if event - return event - else - return "#{@parent.class.name}_modified".intern - end - end - end -end -end - -# Here's where we decide what type of objects we'll be dealing with. -case Facter["operatingsystem"].value -when "Darwin": - require 'puppet/type/nameservice/netinfo' -when "FreeBSD": - require 'puppet/type/nameservice/pw' -else - require 'puppet/type/nameservice/objectadd' -end - - -# $Id$ diff --git a/lib/puppet/type/nameservice/netinfo.rb b/lib/puppet/type/nameservice/netinfo.rb deleted file mode 100644 index 6230aa31b..000000000 --- a/lib/puppet/type/nameservice/netinfo.rb +++ /dev/null @@ -1,232 +0,0 @@ -# Manage NetInfo POSIX objects. Probably only used on OS X, but I suppose -# it could be used elsewhere. - -require 'puppet' -require 'puppet/type/nameservice/posix' - -module Puppet - module NameService - module NetInfo - # Verify that we've got all of the commands we need. - def self.test - system("which niutil > /dev/null 2>&1") - - if $? == 0 - return true - else - Puppet.err "Could not find niutil" - return false - end - - system("which nireport > /dev/null 2>&1") - - if $? == 0 - return true - else - Puppet.err "Could not find nireport" - return false - end - end - - # Does the object already exist? - def self.exists?(obj) - cmd = "nidump -r /%s/%s /" % - [obj.class.netinfodir, obj[:name]] - - output = %x{#{cmd} 2>/dev/null} - if output == "" - return false - else - #Puppet.debug "%s exists: %s" % [obj.name, output] - return true - end - end - - # Attempt to flush the database, but this doesn't seem to work at all. - def self.flush - output = %x{lookupd -flushcache 2>&1} - - if $? != 0 - Puppet.err "Could not flush lookupd cache: %s" % output - end - end - - # The state responsible for handling netinfo objects. Because they - # are all accessed using the exact same interface, we can just - # abstract the differents using a simple map where necessary - # (the netinfokeymap). - class NetInfoState < Puppet::State::NSSState - # Similar to posixmethod, what key do we use to get data? Defaults - # to being the object name. - def self.netinfokey - if defined? @netinfokey - return @netinfokey - else - return self.name - end - end - - def self.setkey(key) - @netinfokey = key - end - - def self.finish - @allatonce = false - case self.name - when :comment: setkey "realname" - when :uid: - noautogen - when :gid: - noautogen - end - end - - # Retrieve the data, yo. - # FIXME This should retrieve as much information as possible, - # rather than retrieving it one at a time. - def retrieve - NetInfo.flush - dir = @parent.class.netinfodir - cmd = ["nireport", "/", "/%s" % dir, "name"] - - if key = self.class.netinfokey - cmd << key.to_s - else - raise Puppet::DevError, - "Could not find netinfokey for state %s" % - self.class.name - end - self.debug "Executing %s" % cmd.join(" ").inspect - - %x{#{cmd.join(" ")} 2>&1}.split("\n").each { |line| - if line =~ /^(\w+)\s+(.+)$/ - name = $1 - value = $2.sub(/\s+$/, '') - - if name == @parent[:name] - if value =~ /^[-0-9]+$/ - @is = Integer(value) - else - @is = value - end - end - else - raise Puppet::DevError, "Could not match %s" % line - end - } - - unless defined? @is - @is = :absent - end - end - - # The list of all groups the user is a member of. Different - # user mgmt systems will need to override this method. - def grouplist - groups = [] - - user = @parent[:name] - # Retrieve them all from netinfo - open("| nireport / /groups name users") do |file| - file.each do |line| - name, members = line.split(/\s+/) - next unless members - next if members =~ /NoValue/ - members = members.split(",") - - if members.include? user - groups << name - end - end - end - - groups - end - - # This is really lame. We have to iterate over each - # of the groups and add us to them. - def setgrouplist(groups) - groups = groups.split(/\s*,\s*/) - # Get just the groups we need to modify - diff = groups - @is - - data = {} - open("| nireport / /groups name users") do |file| - file.each do |line| - name, members = line.split(/\s+/) - - if members.nil? or members =~ /NoValue/ - data[name] = [] - else - # Add each diff group's current members - data[name] = members.split(/,/) - end - end - end - - user = @parent[:name] - data.each do |name, members| - if members.include? user and groups.include? name - # I'm in the group and should be - next - elsif members.include? user - # I'm in the group and shouldn't be - setuserlist(name, members - [user]) - elsif groups.include? name - # I'm not in the group and should be - setuserlist(name, members + [user]) - else - # I'm not in the group and shouldn't be - next - end - end - end - - def setuserlist(group, list) - cmd = "niutil -createprop / /groups/%s users %s" % - [group, list.join(",")] - output = %x{#{cmd}} - end - - # How to add an object. - def addcmd - creatorcmd("-create") - end - - def creatorcmd(arg) - cmd = ["niutil"] - cmd << arg - - cmd << "/" << "/%s/%s" % - [@parent.class.netinfodir, @parent[:name]] - - #if arg == "-create" - # return [cmd.join(" "), self.modifycmd].join(";") - #else - return cmd.join(" ") - #end - end - - def deletecmd - creatorcmd("-destroy") - end - - def modifycmd - cmd = ["niutil"] - - cmd << "-createprop" << "/" << "/%s/%s" % - [@parent.class.netinfodir, @parent[:name]] - - if key = self.class.netinfokey - cmd << key << "'%s'" % self.should - else - raise Puppet::DevError, - "Could not find netinfokey for state %s" % - self.class.name - end - cmd.join(" ") - end - end - end - end -end diff --git a/lib/puppet/type/nameservice/objectadd.rb b/lib/puppet/type/nameservice/objectadd.rb deleted file mode 100644 index f9b05f4a2..000000000 --- a/lib/puppet/type/nameservice/objectadd.rb +++ /dev/null @@ -1,146 +0,0 @@ -require 'puppet' - -module Puppet - module NameService - module ObjectAdd - # Verify that we've got the commands necessary to manage flat files. - def self.test - system("which groupadd > /dev/null 2>&1") - - if $? == 0 - return true - else - Puppet.err "Could not find groupadd" - return false - end - end - - # Does the object already exist? - def self.exists?(obj) - if obj.getinfo(true) - return true - else - return false - end - end - - # The base state class for add operations. - class ObjectAddState < Puppet::State::NSSState - class << self - # Determine the flag to pass to our command. - def objectaddflag - unless defined? @objectaddflag - # Else, return the first letter of the name. I have to - # user a range here, else the character will show up - # as a number, rather than as a string, for some reason. - @objectaddflag = "-" + self.name.to_s[0,1] - Puppet.debug "Setting flag on %s to %s" % - [self.name, @objectaddflag] - end - return @objectaddflag - end - - # Set the flag manually. - def setflag(value) - @objectaddflag = value - end - end - end - - # The state class for doing group operations using groupadd or whatever. - # I could probably have abstracted the User and Group classes into - # a single class, but eh, it just didn't seem worth it. - class ObjectAddGroup < ObjectAddState - class << self - # This is hackish, but hey, it works. - def finish - @allatonce = true - end - end - - def addcmd - cmd = ["groupadd"] - if gid = @parent.should(:gid) - unless gid == :auto - cmd << @parent.state(:gid).class.objectaddflag << gid - end - end - if @parent[:allowdupe] == :true - cmd << "-o" - end - cmd << @parent[:name] - - return cmd.join(" ") - end - - def deletecmd - "groupdel %s" % @parent[:name] - end - - def modifycmd - cmd = ["groupmod", - self.class.objectaddflag, - "'%s'" % self.should] - if @parent[:allowdupe] == :true - cmd << "-o" - end - cmd << @parent[:name] - - return cmd.join(" ") - end - end - - # The class for adding users using 'adduser'. - class ObjectAddUser < ObjectAddState - class << self - # This is hackish, but hey, it works. - def finish - @allatonce = true - case self.name - when :home: setflag "-d" - when :groups: setflag "-G" - end - end - end - def addcmd - cmd = ["useradd"] - @parent.eachstate { |state| - next if state.name == :ensure - # the value needs to be quoted, mostly because -c might - # have spaces in it - cmd << state.class.objectaddflag << "'%s'" % state.should - } - # stupid fedora - case Facter["operatingsystem"].value - when "Fedora", "RedHat": - cmd << "-M" - else - end - if @parent[:allowdupe] == :true - cmd << "-o" - end - - cmd << @parent[:name] - - cmd.join(" ") - end - - def deletecmd - ["userdel", @parent[:name]].join(" ") - end - - def modifycmd - cmd = ["usermod", - self.class.objectaddflag, - "'%s'" % self.should] - if @parent[:allowdupe] == :true - cmd << "-o" - end - cmd << @parent[:name] - - return cmd.join(" ") - end - end - end - end -end diff --git a/lib/puppet/type/nameservice/posix.rb b/lib/puppet/type/nameservice/posix.rb deleted file mode 100644 index cf8c371ef..000000000 --- a/lib/puppet/type/nameservice/posix.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet' -require 'puppet/type/nameservice' - -module Puppet - class State - # The lowest-level state class for managing NSS/POSIX information. It - # at least knows how to retrieve information, but it does not know how - # to sync anything. - class POSIXState < NSSState - end - end -end diff --git a/lib/puppet/type/nameservice/pw.rb b/lib/puppet/type/nameservice/pw.rb deleted file mode 100644 index 63d5e2e50..000000000 --- a/lib/puppet/type/nameservice/pw.rb +++ /dev/null @@ -1,107 +0,0 @@ -require 'puppet' -require 'puppet/type/nameservice/objectadd' - -module Puppet - module NameService - module PW - # Verify that we've got the commands necessary to manage flat files. - def self.test - system("which pw > /dev/null 2>&1") - - if $? == 0 - return true - else - Puppet.err "Could not find pw" - return false - end - end - - # Does the object already exist? - def self.exists?(obj) - if obj.getinfo(true) - return true - else - return false - end - end - - # The state class for doing group operations using groupadd or whatever. - # I could probably have abstracted the User and Group classes into - # a single class, but eh, it just didn't seem worth it. - class PWGroup < ObjectAdd::ObjectAddGroup - def addcmd - cmd = ["pw", "groupadd", @parent[:name]] - if gid = @parent.should(:gid) - unless gid == :auto - cmd << @parent.state(:gid).class.objectaddflag << gid - end - end - - # Apparently, contrary to the man page, groupadd does - # not accept -o. - #if @parent[:allowdupe] == :true - # cmd << "-o" - #end - - return cmd.join(" ") - end - - def deletecmd - "pw groupdel %s" % @parent[:name] - end - - def modifycmd - cmd = [ - "pw", - "groupmod", - @parent[:name], - self.class.objectaddflag, - "'%s'" % self.should - ] - return cmd.join(" ") - end - end - - # The class for adding users using 'adduser'. - class PWUser < ObjectAdd::ObjectAddUser - def addcmd - cmd = ["pw", "useradd", @parent[:name], "-w", "no"] - @parent.eachstate { |state| - next if state.name == :ensure - # the value needs to be quoted, mostly because -c might - # have spaces in it - cmd << state.class.objectaddflag << "'%s'" % state.should - } - # stupid fedora - case Facter["operatingsystem"].value - when "Fedora", "RedHat": - cmd << "-M" - end - - if @parent[:allowdupe] == :true - cmd << "-o" - end - - cmd.join(" ") - end - - def deletecmd - ["pw", "userdel", @parent[:name]].join(" ") - end - - def modifycmd - cmd = [ - "pw", - "usermod", - @parent[:name], - "-w", "no", - self.class.objectaddflag, - "'%s'" % self.should - ] - - return cmd.join(" ") - end - end - end - end -end diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb index 3a78d9669..8905b8d1d 100755 --- a/lib/puppet/type/user.rb +++ b/lib/puppet/type/user.rb @@ -1,402 +1,400 @@ require 'etc' require 'facter' require 'puppet/type/state' -require 'puppet/type/nameservice' module Puppet newtype(:user) do newstate(:ensure) do newvalue(:present, :event => :user_created) do # Verify that they have provided everything necessary, if we # are trying to manage the user # if @parent.managed? # @parent.class.states.each { |state| # next if stateobj = @parent.state(state.name) # next if state.name == :ensure # # unless state.autogen? or state.isoptional? # if state.method_defined?(:autogen) # @parent[state.name] = :auto # else # @parent.fail "Users require a value for %s" % # state.name # end # end # } # # #if @states.empty? # # @parent[:comment] = @parent[:name] # #end # end provider.create end newvalue(:absent, :event => :user_removed) do provider.delete end desc "The basic state that the object should be in." # If they're talking about the thing at all, they generally want to # say it should exist. #defaultto :present defaultto do if @parent.managed? :present else nil end end def change_to_s begin if @is == :absent return "created" elsif self.should == :absent return "removed" else return "%s changed '%s' to '%s'" % [self.name, self.is_to_s, self.should_to_s] end rescue Puppet::Error, Puppet::DevError raise rescue => detail raise Puppet::DevError, "Could not convert change %s to string: %s" % [self.name, detail] end end def retrieve if provider.exists? @is = :present else @is = :absent end end # The default 'sync' method only selects among a list of registered # values. def sync if self.insync? self.info "already in sync" return nil #else #self.info "%s vs %s" % [self.is.inspect, self.should.inspect] end unless self.class.values self.devfail "No values defined for %s" % self.class.name end # Set ourselves to whatever our should value is. self.set end end newstate(:uid) do desc "The user ID. Must be specified numerically. For new users being created, if no user ID is specified then one will be chosen automatically, which will likely result in the same user having different IDs on different systems, which is not recommended." munge do |value| case value when String if value =~ /^[-0-9]+$/ value = Integer(value) end when Symbol unless value == :absent or value == :auto self.devfail "Invalid UID %s" % value end if value == :auto value = autogen() end end return value end end newstate(:gid) do desc "The user's primary group. Can be specified numerically or by name." munge do |gid| method = :getgrgid case gid when String if gid =~ /^[-0-9]+$/ gid = Integer(gid) else method = :getgrnam end when Symbol unless gid == :auto or gid == :absent self.devfail "Invalid GID %s" % gid end # these are treated specially by sync() return gid end if group = Puppet::Util.gid(gid) @found = true return group else @found = false return gid end end # *shudder* Make sure that we've looked up the group and gotten # an ID for it. Yuck-o. def should unless defined? @should return super end unless defined? @found and @found @should = @should.each { |val| next unless val Puppet::Util.gid(val) } end super end - end newstate(:comment) do desc "A description of the user. Generally is a user's full name." end newstate(:home) do desc "The home directory of the user. The directory must be created separately and is not currently checked for existence." end newstate(:shell) do desc "The user's login shell. The shell must exist and be executable." end newstate(:groups) do desc "The groups of which the user is a member. The primary group should not be listed. Multiple groups should be specified as an array." def should_to_s self.should.join(",") end def is_to_s @is.join(",") end # We need to override this because the groups need to # be joined with commas def should unless defined? @is retrieve end @should ||= [] if @parent[:membership] == :inclusive @should.sort else members = @should if @is.is_a?(Array) members += @is end members.uniq.sort end end def retrieve if tmp = provider.groups @is = tmp.split(",") else @is = :absent end end def insync? unless defined? @should and @should return false end unless defined? @is and @is return false end unless @is.class == @should.class return false end return @is.sort == @should.sort end validate do |value| if value =~ /^\d+$/ raise ArgumentError, "Group names must be provided, not numbers" end end def sync provider.groups = self.should.join(",") :user_changed end end # these three states are all implemented differently on each platform, # so i'm disabling them for now # FIXME Puppet::State::UserLocked is currently non-functional #newstate(:locked) do # desc "The expected return code. An error will be returned if the # executed command returns something else." #end # FIXME Puppet::State::UserExpire is currently non-functional #newstate(:expire) do # desc "The expected return code. An error will be returned if the # executed command returns something else." # @objectaddflag = "-e" #end # FIXME Puppet::State::UserInactive is currently non-functional #newstate(:inactive) do # desc "The expected return code. An error will be returned if the # executed command returns something else." # @objectaddflag = "-f" #end newparam(:name) do desc "User name. While limitations are determined for each operating system, it is generally a good idea to keep to the degenerate 8 characters, beginning with a letter." isnamevar end newparam(:membership) do desc "Whether specified groups should be treated as the only groups of which the user is a member or whether they should merely be treated as the minimum membership list." newvalues(:inclusive, :minimum) defaultto :minimum end newparam(:allowdupe) do desc "Whether to allow duplicate UIDs." newvalues(:true, :false) defaultto false end @doc = "Manage users. Currently can create and modify users, but cannot delete them. Theoretically all of the parameters are optional, but if no parameters are specified the comment will be set to the user name in order to make the internals work out correctly. This element type uses the prescribed native tools for creating groups and generally uses POSIX APIs for retrieving information about them. It does not directly modify /etc/passwd or anything. For most platforms, the tools used are ``useradd`` and its ilk; for Mac OS X, NetInfo is used. This is currently unconfigurable, but if you desperately need it to be so, please contact us." # Autorequire the group, if it's around autorequire(:group) do #return nil unless @states.include?(:gid) #return nil unless groups = @states[:gid].shouldorig autos = [] if @states.include?(:gid) and groups = @states[:gid].shouldorig groups = groups.collect { |group| if group =~ /^\d+$/ Integer(group) else group end } groups.each { |group| case group when Integer: if obj = Puppet.type(:group).find { |gobj| gobj.should(:gid) == group } autos << obj end else autos << group end } end if @states.include?(:groups) and groups = @states[:groups].should autos += groups end autos end autorequire(:file) do dir = self.should(:home) or self.is(:home) if dir =~ /^#{File::SEPARATOR}/ dir else nil end end def self.list_by_name users = [] defaultprovider.listbyname do |user| users << user end return users end def self.list defaultprovider.list self.collect do |user| user end end def retrieve absent = false states().each { |state| if absent state.is = :absent else state.retrieve end if state.name == :ensure and state.is == :absent absent = true next end } #if provider.exists? # super #else # # the user does not exist # @states.each { |name, state| # state.is = :absent # } # return #end end end end # $Id$