diff --git a/acceptance/tests/agent/agent_disable_lockfile.rb b/acceptance/tests/agent/agent_disable_lockfile.rb new file mode 100644 index 000000000..e7cf0c328 --- /dev/null +++ b/acceptance/tests/agent/agent_disable_lockfile.rb @@ -0,0 +1,208 @@ +test_name "the agent --disable/--enable functionality should manage the agent lockfile properly" + +# +# This test is intended to ensure that puppet agent --enable/--disable +# work properly, both in terms of complying with our public "API" around +# lockfile semantics ( http://links.puppetlabs.com/agent_lockfiles ), and +# in terms of actually restricting or allowing new agent runs to begin. +# + +############################################################################### +# BEGIN UTILITY METHODS - ideally this stuff would live somewhere besides in +# the actual test. +############################################################################### + +# Create a file on the host. +# Parameters: +# [host] the host to create the file on +# [file_path] the path to the file to be created +# [file_content] a string containing the contents to be written to the file +# [options] a hash containing additional behavior options. Currently supported: +# * :mkdirs (default false) if true, attempt to create the parent directories on the remote host before writing +# the file +# * :owner (default 'root') the username of the user that the file should be owned by +# * :group (default 'puppet') the name of the group that the file should be owned by +# * :mode (default '644') the mode (file permissions) that the file should be created with +def create_test_file(host, file_rel_path, file_content, options) + + # set default options + options[:mkdirs] ||= false + options[:owner] ||= "root" + options[:group] ||= "puppet" + options[:mode] ||= "755" + + file_path = get_test_file_path(host, file_rel_path) + + mkdirs(host, File.dirname(file_path)) if (options[:mkdirs] == true) + create_remote_file(host, file_path, file_content) + +# +# NOTE: we need these chown/chmod calls because the acceptance framework connects to the nodes as "root", but +# puppet 'master' runs as user 'puppet'. Therefore, in order for puppet master to be able to read any files +# that we've created, we have to carefully set their permissions +# + + chown(host, options[:owner], options[:group], file_path) + chmod(host, options[:mode], file_path) + +end + + +# Given a relative path, returns an absolute path for a test file. Basically, this just prepends the +# a unique temp dir path (specific to the current test execution) to your relative path. +def get_test_file_path(host, file_rel_path) + File.join(@host_test_tmp_dirs[host.name], file_rel_path) +end + + +# Check for the existence of a temp file for the current test; basically, this just calls file_exists?(), +# but prepends the path to the current test's temp dir onto the file_rel_path parameter. This allows +# tests to be written using only a relative path to specify file locations, while still taking advantage +# of automatic temp file cleanup at test completion. +def test_file_exists?(host, file_rel_path) + file_exists?(host, get_test_file_path(host, file_rel_path)) +end + +def file_exists?(host, file_path) + host.execute("test -f \"#{file_path}\"", + :acceptable_exit_codes => [0, 1]) do |result| + return result.exit_code == 0 + end +end + +def file_contents(host, file_path) + host.execute("cat \"#{file_path}\"") do |result| + return result.stdout + end +end + +def tmpdir(host, basename) + host_tmpdir = host.tmpdir(basename) + # we need to make sure that the puppet user can traverse this directory... + chmod(host, "755", host_tmpdir) + host_tmpdir +end + +def mkdirs(host, dir_path) + on(host, "mkdir -p #{dir_path}") +end + +def chown(host, owner, group, path) + on(host, "chown #{owner}:#{group} #{path}") +end + +def chmod(host, mode, path) + on(host, "chmod #{mode} #{path}") +end + + + + +# pluck this out of the test case environment; not sure if there is a better way +cur_test_file = @path +cur_test_file_shortname = File.basename(cur_test_file, File.extname(cur_test_file)) + +# we need one list of all of the hosts, to assist in managing temp dirs. It's possible +# that the master is also an agent, so this will consolidate them into a unique set +all_hosts = Set[master, *agents] + +# now we can create a hash of temp dirs--one per host, and unique to this test--without worrying about +# doing it twice on any individual host +@host_test_tmp_dirs = Hash[all_hosts.map do |host| [host.name, tmpdir(host, cur_test_file_shortname)] end ] + +# a silly variable for keeping track of whether or not all of the tests passed... +all_tests_passed = false + +############################################################################### +# END UTILITY METHODS +############################################################################### + + + +############################################################################### +# BEGIN TEST LOGIC +############################################################################### + + +# this begin block is here for handling temp file cleanup via an "ensure" block at the very end of the +# test. +begin + + agent_disabled_lockfile = "/var/lib/puppet/state/agent_disabled.lock" + + tuples = [ + ["reason not specified", false], + ["I'm busy; go away.'", true] + ] + + step "start the master" do + with_master_running_on(master, "--autosign true") do + + tuples.each do |expected_message, explicitly_specify_message| + + step "disable the agent; specify message? '#{explicitly_specify_message}', message: '#{expected_message}'" do + agents.each do |agent| + if (explicitly_specify_message) + run_agent_on(agent, "--disable \"#{expected_message}\"") + else + run_agent_on(agent, "--disable") + end + + unless file_exists?(agent, agent_disabled_lockfile) then + fail_test("Failed to create disabled lock file '#{agent_disabled_lockfile}' on agent '#{agent}'") + end + lock_file_content = file_contents(agent, agent_disabled_lockfile) + # This is a hack; we should parse the JSON into a hash, but I don't think I have a library available + # from the acceptance test framework that I can use to do that. So I'm falling back to regex. + lock_file_content_regex = /"disabled_message"\s*:\s*"#{expected_message}"/ + unless lock_file_content =~ lock_file_content_regex + fail_test("Disabled lock file contents invalid; expected to match '#{lock_file_content_regex}', got '#{lock_file_content}' on agent '#{agent}'") + end + end + end + + step "attempt to run the agent (message: '#{expected_message}')" do + agents.each do |agent| + run_agent_on(agent, "--no-daemonize --verbose --onetime --test --server #{master}", + :acceptable_exit_codes => [1]) do + disabled_regex = /administratively disabled.*'#{expected_message}'/ + unless result.stdout =~ disabled_regex + fail_test("Unexpected output from attempt to run agent disabled; expecting to match '#{disabled_regex}', got '#{result.stdout}' on agent '#{agent}'") + end + end + end + end + + step "enable the agent (message: '#{expected_message}')" do + agents.each do |agent| + run_agent_on(agent, "--enable") + if file_exists?(agent, agent_disabled_lockfile) then + fail_test("Failed to remove disabled lock file '#{agent_disabled_lockfile}' on agent '#{agent}'") + end + end + + step "verify that we can run the agent (message: '#{expected_message}')" do + agents.each do |agent| + run_agent_on(agent) + end + end + end + + end + end + end + + all_tests_passed = true + +ensure + ########################################################################################## + # Clean up all of the temp files created by this test. It would be nice if this logic + # could be handled outside of the test itself; I envision a stanza like this one appearing + # in a very large number of the tests going forward unless it is handled by the framework. + ########################################################################################## + if all_tests_passed then + all_hosts.each do |host| + on(host, "rm -rf #{@host_test_tmp_dirs[host.name]}") + end + end +end \ No newline at end of file diff --git a/lib/puppet/agent.rb b/lib/puppet/agent.rb index f99e40f4d..47f4fa638 100644 --- a/lib/puppet/agent.rb +++ b/lib/puppet/agent.rb @@ -1,123 +1,122 @@ require 'sync' require 'puppet/application' # A general class for triggering a run of another # class. class Puppet::Agent require 'puppet/agent/locker' include Puppet::Agent::Locker + require 'puppet/agent/disabler' + include Puppet::Agent::Disabler + attr_reader :client_class, :client, :splayed attr_accessor :should_fork # Just so we can specify that we are "the" instance. def initialize(client_class) @splayed = false @client_class = client_class end - def lockfile_path - client_class.lockfile_path - end - def needing_restart? Puppet::Application.restart_requested? end # Perform a run with our client. def run(*args) if running? Puppet.notice "Run of #{client_class} already in progress; skipping" return end if disabled? - Puppet.notice "Skipping run of #{client_class}; administratively disabled; use 'puppet agent --enable' to re-enable." + Puppet.notice "Skipping run of #{client_class}; administratively disabled (Reason: '#{disable_message}');\nUse 'puppet agent --enable' to re-enable." return end result = nil block_run = Puppet::Application.controlled_run do splay result = run_in_fork(should_fork) do with_client do |client| begin sync.synchronize { lock { client.run(*args) } } rescue SystemExit,NoMemoryError raise rescue Exception => detail Puppet.log_exception(detail, "Could not run #{client_class}: #{detail}") end end end true end Puppet.notice "Shutdown/restart in progress (#{Puppet::Application.run_status.inspect}); skipping run" unless block_run result end def stopping? Puppet::Application.stop_requested? end # Have we splayed already? def splayed? splayed end # Sleep when splay is enabled; else just return. def splay return unless Puppet[:splay] return if splayed? time = rand(Integer(Puppet[:splaylimit]) + 1) Puppet.info "Sleeping for #{time} seconds (splay is enabled)" sleep(time) @splayed = true end def sync @sync ||= Sync.new end def run_in_fork(forking = true) return yield unless forking or Puppet.features.windows? child_pid = Kernel.fork do $0 = "puppet agent: applying configuration" begin exit(yield) rescue SystemExit exit(-1) rescue NoMemoryError exit(-2) end end exit_code = Process.waitpid2(child_pid) case exit_code[1].exitstatus when -1 raise SystemExit when -2 raise NoMemoryError end exit_code[1].exitstatus end private # Create and yield a client instance, keeping a reference # to it during the yield. def with_client begin @client = client_class.new rescue SystemExit,NoMemoryError raise rescue Exception => detail Puppet.log_exception(detail, "Could not create instance of #{client_class}: #{detail}") return end yield @client ensure @client = nil end end diff --git a/lib/puppet/agent/disabler.rb b/lib/puppet/agent/disabler.rb new file mode 100644 index 000000000..9f9fcb62d --- /dev/null +++ b/lib/puppet/agent/disabler.rb @@ -0,0 +1,51 @@ +require 'puppet/util/json_lockfile' + +# This module is responsible for encapsulating the logic for +# "disabling" the puppet agent during a run; in other words, +# keeping track of enough state to answer the question +# "has the puppet agent been administratively disabled?" +# +# The implementation involves writing a lockfile with JSON +# contents, and is considered part of the public Puppet API +# because it used by external tools such as mcollective. +# +# For more information, please see docs on the website. +# http://links.puppetlabs.com/agent_lockfiles +module Puppet::Agent::Disabler + DISABLED_MESSAGE_JSON_KEY = "disabled_message" + + # Let the daemon run again, freely in the filesystem. + def enable + disable_lockfile.unlock + end + + # Stop the daemon from making any catalog runs. + def disable(msg=nil) + data = {} + if (! msg.nil?) + data[DISABLED_MESSAGE_JSON_KEY] = msg + end + disable_lockfile.lock(data) + end + + def disabled? + disable_lockfile.locked? + end + + def disable_message + data = disable_lockfile.lock_data + return nil if data.nil? + if data.has_key?(DISABLED_MESSAGE_JSON_KEY) + return data[DISABLED_MESSAGE_JSON_KEY] + end + nil + end + + + def disable_lockfile + @disable_lockfile ||= Puppet::Util::JsonLockfile.new(Puppet[:agent_disabled_lockfile]) + + @disable_lockfile + end + private :disable_lockfile +end diff --git a/lib/puppet/agent/locker.rb b/lib/puppet/agent/locker.rb index e165741c6..53d8c12fd 100644 --- a/lib/puppet/agent/locker.rb +++ b/lib/puppet/agent/locker.rb @@ -1,41 +1,41 @@ require 'puppet/util/pidlock' -# Break out the code related to locking the agent. This module is just -# included into the agent, but having it here makes it easier to test. +# This module is responsible for encapsulating the logic for +# "locking" the puppet agent during a run; in other words, +# keeping track of enough state to answer the question +# "is there a puppet agent currently running?" +# +# The implementation involves writing a lockfile whose contents +# are simply the PID of the running agent process. This is +# considered part of the public Puppet API because it used +# by external tools such as mcollective. +# +# For more information, please see docs on the website. +# http://links.puppetlabs.com/agent_lockfiles module Puppet::Agent::Locker - # Let the daemon run again, freely in the filesystem. - def enable - lockfile.unlock(:anonymous => true) - end - - # Stop the daemon from making any catalog runs. - def disable - lockfile.lock(:anonymous => true) - end # Yield if we get a lock, else do nothing. Return # true/false depending on whether we get the lock. def lock if lockfile.lock begin yield ensure lockfile.unlock end end end + def running? + lockfile.locked? + end + def lockfile - @lockfile ||= Puppet::Util::Pidlock.new(lockfile_path) + @lockfile ||= Puppet::Util::Pidlock.new(Puppet[:agent_pidfile]) @lockfile end + private :lockfile - def running? - lockfile.locked? and !lockfile.anonymous? - end - def disabled? - lockfile.locked? and lockfile.anonymous? - end end diff --git a/lib/puppet/application/agent.rb b/lib/puppet/application/agent.rb index 28e0f7809..b806e33e6 100644 --- a/lib/puppet/application/agent.rb +++ b/lib/puppet/application/agent.rb @@ -1,461 +1,469 @@ require 'puppet/application' class Puppet::Application::Agent < Puppet::Application run_mode :agent attr_accessor :args, :agent, :daemon, :host def preinit # Do an initial trap, so that cancels don't get a stack trace. Signal.trap(:INT) do $stderr.puts "Cancelling startup" exit(0) end { :waitforcert => nil, :detailed_exitcodes => false, :verbose => false, :debug => false, :centrallogs => false, :setdest => false, :enable => false, :disable => false, :client => true, :fqdn => nil, :serve => [], :digest => :MD5, :graph => true, :fingerprint => false, }.each do |opt,val| options[opt] = val end @args = {} require 'puppet/daemon' @daemon = Puppet::Daemon.new @daemon.argv = ARGV.dup end option("--centrallogging") - option("--disable") + + option("--disable [MESSAGE]") do |message| + options[:disable] = true + options[:disable_message] = message + end + option("--enable") option("--debug","-d") option("--fqdn FQDN","-f") option("--test","-t") option("--verbose","-v") option("--fingerprint") option("--digest DIGEST") option("--no-client") do |arg| options[:client] = false end option("--detailed-exitcodes") do |arg| options[:detailed_exitcodes] = true end option("--logdest DEST", "-l DEST") do |arg| begin Puppet::Util::Log.newdestination(arg) options[:setdest] = true rescue => detail Puppet.log_exception(detail) end end option("--waitforcert WAITFORCERT", "-w") do |arg| options[:waitforcert] = arg.to_i end option("--port PORT","-p") do |arg| @args[:Port] = arg end def help <<-HELP puppet-agent(8) -- The puppet agent daemon ======== SYNOPSIS -------- Retrieves the client configuration from the puppet master and applies it to the local host. This service may be run as a daemon, run periodically using cron (or something similar), or run interactively for testing purposes. USAGE ----- puppet agent [--certname ] [-D|--daemonize|--no-daemonize] - [-d|--debug] [--detailed-exitcodes] [--digest ] [--disable] [--enable] + [-d|--debug] [--detailed-exitcodes] [--digest ] [--disable [message]] [--enable] [--fingerprint] [-h|--help] [-l|--logdest syslog||console] [--no-client] [--noop] [-o|--onetime] [-t|--test] [-v|--verbose] [-V|--version] [-w|--waitforcert ] DESCRIPTION ----------- This is the main puppet client. Its job is to retrieve the local machine's configuration from a remote server and apply it. In order to successfully communicate with the remote server, the client must have a certificate signed by a certificate authority that the server trusts; the recommended method for this, at the moment, is to run a certificate authority as part of the puppet server (which is the default). The client will connect and request a signed certificate, and will continue connecting until it receives one. Once the client has a signed certificate, it will retrieve its configuration and apply it. USAGE NOTES ----------- 'puppet agent' does its best to find a compromise between interactive use and daemon use. Run with no arguments and no configuration, it will go into the background, attempt to get a signed certificate, and retrieve and apply its configuration every 30 minutes. Some flags are meant specifically for interactive use -- in particular, 'test', 'tags' or 'fingerprint' are useful. 'test' enables verbose logging, causes the daemon to stay in the foreground, exits if the server's configuration is invalid (this happens if, for instance, you've left a syntax error on the server), and exits after running the configuration once (rather than hanging around as a long-running process). 'tags' allows you to specify what portions of a configuration you want to apply. Puppet elements are tagged with all of the class or definition names that contain them, and you can use the 'tags' flag to specify one of these names, causing only configuration elements contained within that class or definition to be applied. This is very useful when you are testing new configurations -- for instance, if you are just starting to manage 'ntpd', you would put all of the new elements into an 'ntpd' class, and call puppet with '--tags ntpd', which would only apply that small portion of the configuration during your testing, rather than applying the whole thing. 'fingerprint' is a one-time flag. In this mode 'puppet agent' will run once and display on the console (and in the log) the current certificate (or certificate request) fingerprint. Providing the '--digest' option allows to use a different digest algorithm to generate the fingerprint. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man-in-the-middle attacks when signing certificates). OPTIONS ------- Note that any configuration parameter that's valid in the configuration file is also a valid long argument. For example, 'server' is a valid configuration parameter, so you can specify '--server ' as an argument. See the configuration file documentation at http://docs.puppetlabs.com/references/stable/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet agent with '--genconfig'. * --certname: Set the certname (unique ID) of the client. The master reads this unique identifying string, which is usually set to the node's fully-qualified domain name, to determine which configurations the node will receive. Use this option to debug setup problems or implement unusual node identification schemes. * --daemonize: Send the process into the background. This is the default. * --no-daemonize: Do not send the process into the background. * --debug: Enable full debugging. * --detailed-exitcodes: Provide transaction information via exit codes. If this is enabled, an exit code of '2' means there were changes, an exit code of '4' means there were failures during the transaction, and an exit code of '6' means there were both changes and failures. * --digest: Change the certificate fingerprinting digest algorithm. The default is MD5. Valid values depends on the version of OpenSSL installed, but should always at least contain MD5, MD2, SHA1 and SHA256. * --disable: Disable working on the local system. This puts a lock file in place, causing 'puppet agent' not to work on the system until the lock file is removed. This is useful if you are testing a configuration and do not want the central configuration to override the local state until everything is tested and committed. + Disable can also take an optional message that will be reported by the + 'puppet agent' at the next disabled run. + 'puppet agent' uses the same lock file while it is running, so no more than one 'puppet agent' process is working at a time. 'puppet agent' exits after executing this. * --enable: Enable working on the local system. This removes any lock file, causing 'puppet agent' to start managing the local system again (although it will continue to use its normal scheduling, so it might not start for another half hour). 'puppet agent' exits after executing this. * --fingerprint: Display the current certificate or certificate signing request fingerprint and then exit. Use the '--digest' option to change the digest algorithm used. * --help: Print this help message * --logdest: Where to send messages. Choose between syslog, the console, and a log file. Defaults to sending messages to syslog, or the console if debugging or verbosity is enabled. * --no-client: Do not create a config client. This will cause the daemon to run without ever checking for its configuration automatically, and only makes sense when puppet agent is being run with listen = true in puppet.conf or was started with the `--listen` option. * --noop: Use 'noop' mode where the daemon runs in a no-op or dry-run mode. This is useful for seeing what changes Puppet will make without actually executing the changes. * --onetime: Run the configuration once. Runs a single (normally daemonized) Puppet run. Useful for interactively running puppet agent when used in conjunction with the --no-daemonize option. * --test: Enable the most common options used for testing. These are 'onetime', 'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure', 'detailed-exit-codes', 'no-splay', and 'show_diff'. * --verbose: Turn on verbose reporting. * --version: Print the puppet version number and exit. * --waitforcert: This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes 'puppet agent' to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0. EXAMPLE ------- $ puppet agent --server puppet.domain.com DIAGNOSTICS ----------- Puppet agent accepts the following signals: * SIGHUP: Restart the puppet agent daemon. * SIGINT and SIGTERM: Shut down the puppet agent daemon. * SIGUSR1: Immediately retrieve and apply configurations from the puppet master. AUTHOR ------ Luke Kanies COPYRIGHT --------- Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License HELP end def run_command return fingerprint if options[:fingerprint] return onetime if Puppet[:onetime] main end def fingerprint unless cert = host.certificate || host.certificate_request $stderr.puts "Fingerprint asked but no certificate nor certificate request have yet been issued" exit(1) return end unless fingerprint = cert.fingerprint(options[:digest]) raise ArgumentError, "Could not get fingerprint for digest '#{options[:digest]}'" end puts fingerprint end def onetime unless options[:client] $stderr.puts "onetime is specified but there is no client" exit(43) return end @daemon.set_signal_traps begin @agent.should_fork = false exitstatus = @agent.run rescue => detail Puppet.log_exception(detail) end @daemon.stop(:exit => false) if not exitstatus exit(1) elsif options[:detailed_exitcodes] then exit(exitstatus) else exit(0) end end def main Puppet.notice "Starting Puppet client version #{Puppet.version}" @daemon.start end # Enable all of the most common test options. def setup_test Puppet.settings.handlearg("--ignorecache") Puppet.settings.handlearg("--no-usecacheonfailure") Puppet.settings.handlearg("--no-splay") Puppet.settings.handlearg("--show_diff") Puppet.settings.handlearg("--no-daemonize") options[:verbose] = true Puppet[:onetime] = true options[:detailed_exitcodes] = true end def enable_disable_client(agent) if options[:enable] agent.enable elsif options[:disable] - agent.disable + agent.disable(options[:disable_message] || 'reason not specified') end exit(0) end def setup_listen unless FileTest.exists?(Puppet[:rest_authconfig]) Puppet.err "Will not start without authorization file #{Puppet[:rest_authconfig]}" exit(14) end require 'puppet/network/server' # No REST handlers yet. server = Puppet::Network::Server.new(:port => Puppet[:puppetport]) @daemon.server = server end def setup_host @host = Puppet::SSL::Host.new waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert]) cert = @host.wait_for_cert(waitforcert) unless options[:fingerprint] end def setup_agent # We need tomake the client either way, we just don't start it # if --no-client is set. require 'puppet/agent' require 'puppet/configurer' @agent = Puppet::Agent.new(Puppet::Configurer) enable_disable_client(@agent) if options[:enable] or options[:disable] @daemon.agent = agent if options[:client] # It'd be nice to daemonize later, but we have to daemonize before the # waitforcert happens. @daemon.daemonize if Puppet[:daemonize] setup_host @objects = [] # This has to go after the certs are dealt with. if Puppet[:listen] unless Puppet[:onetime] setup_listen else Puppet.notice "Ignoring --listen on onetime run" end end end def setup setup_test if options[:test] setup_logs exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs? args[:Server] = Puppet[:server] if options[:fqdn] args[:FQDN] = options[:fqdn] Puppet[:certname] = options[:fqdn] end if options[:centrallogs] logdest = args[:Server] logdest += ":" + args[:Port] if args.include?(:Port) Puppet::Util::Log.newdestination(logdest) end Puppet.settings.use :main, :agent, :ssl # Always ignoreimport for agent. It really shouldn't even try to import, # but this is just a temporary band-aid. Puppet[:ignoreimport] = true # We need to specify a ca location for all of the SSL-related i # indirected classes to work; in fingerprint mode we just need # access to the local files and we don't need a ca. Puppet::SSL::Host.ca_location = options[:fingerprint] ? :none : :remote Puppet::Transaction::Report.indirection.terminus_class = :rest # we want the last report to be persisted locally Puppet::Transaction::Report.indirection.cache_class = :yaml # Override the default; puppetd needs this, usually. # You can still override this on the command-line with, e.g., :compiler. Puppet[:catalog_terminus] = :rest Puppet[:node_terminus] = :rest # Override the default. Puppet[:facts_terminus] = :facter Puppet::Resource::Catalog.indirection.cache_class = :yaml unless options[:fingerprint] setup_agent else setup_host end end end diff --git a/lib/puppet/configurer.rb b/lib/puppet/configurer.rb index 364bd43c3..e3fbcafc8 100644 --- a/lib/puppet/configurer.rb +++ b/lib/puppet/configurer.rb @@ -1,252 +1,247 @@ # The client for interacting with the puppetmaster config server. require 'sync' require 'timeout' require 'puppet/network/http_pool' require 'puppet/util' require 'puppet/util/config_timeout' class Puppet::Configurer require 'puppet/configurer/fact_handler' require 'puppet/configurer/plugin_handler' extend Puppet::Util::ConfigTimeout include Puppet::Configurer::FactHandler include Puppet::Configurer::PluginHandler # For benchmarking include Puppet::Util attr_reader :compile_time, :environment # Provide more helpful strings to the logging that the Agent does def self.to_s "Puppet configuration client" end class << self # Puppetd should only have one instance running, and we need a way # to retrieve it. attr_accessor :instance include Puppet::Util end - # How to lock instances of this class. - def self.lockfile_path - Puppet[:puppetdlockfile] - end - def execute_postrun_command execute_from_setting(:postrun_command) end def execute_prerun_command execute_from_setting(:prerun_command) end # Initialize and load storage def init_storage Puppet::Util::Storage.load @compile_time ||= Puppet::Util::Storage.cache(:configuration)[:compile_time] rescue => detail Puppet.log_exception(detail, "Removing corrupt state file #{Puppet[:statefile]}: #{detail}") begin ::File.unlink(Puppet[:statefile]) retry rescue => detail raise Puppet::Error.new("Cannot remove #{Puppet[:statefile]}: #{detail}") end end # Just so we can specify that we are "the" instance. def initialize Puppet.settings.use(:main, :ssl, :agent) self.class.instance = self @running = false @splayed = false @environment = Puppet[:environment] end # Get the remote catalog, yo. Returns nil if no catalog can be found. def retrieve_catalog(fact_options) fact_options ||= {} # First try it with no cache, then with the cache. unless (Puppet[:use_cached_catalog] and result = retrieve_catalog_from_cache(fact_options)) or result = retrieve_new_catalog(fact_options) if ! Puppet[:usecacheonfailure] Puppet.warning "Not using cache on failed catalog" return nil end result = retrieve_catalog_from_cache(fact_options) end return nil unless result convert_catalog(result, @duration) end # Convert a plain resource catalog into our full host catalog. def convert_catalog(result, duration) catalog = result.to_ral catalog.finalize catalog.retrieval_duration = duration catalog.write_class_file catalog.write_resource_file catalog end def get_facts(options) download_plugins unless options[:skip_plugin_download] if Puppet::Resource::Catalog.indirection.terminus_class == :rest # This is a bit complicated. We need the serialized and escaped facts, # and we need to know which format they're encoded in. Thus, we # get a hash with both of these pieces of information. # # facts_for_uploading may set Puppet[:node_name_value] as a side effect return facts_for_uploading end end def prepare_and_retrieve_catalog(options, fact_options) # set report host name now that we have the fact options[:report].host = Puppet[:node_name_value] unless catalog = (options.delete(:catalog) || retrieve_catalog(fact_options)) Puppet.err "Could not retrieve catalog; skipping run" return end catalog end # Retrieve (optionally) and apply a catalog. If a catalog is passed in # the options, then apply that one, otherwise retrieve it. def apply_catalog(catalog, options) report = options[:report] report.configuration_version = catalog.version report.environment = @environment benchmark(:notice, "Finished catalog run") do catalog.apply(options) end report.finalize_report report end # The code that actually runs the catalog. # This just passes any options on to the catalog, # which accepts :tags and :ignoreschedules. def run(options = {}) options[:report] ||= Puppet::Transaction::Report.new("apply") report = options[:report] init_storage Puppet::Util::Log.newdestination(report) begin unless Puppet[:node_name_fact].empty? fact_options = get_facts(options) end if node = Puppet::Node.indirection.find(Puppet[:node_name_value], :environment => @environment, :ignore_cache => true) if node.environment.to_s != @environment Puppet.warning "Local environment: \"#{@environment}\" doesn't match server specified node environment \"#{node.environment}\", changing." @environment = node.environment.to_s fact_options = nil end end fact_options = get_facts(options) unless fact_options unless catalog = prepare_and_retrieve_catalog(options, fact_options) return nil end # Here we set the local environment based on what we get from the # catalog. Since a change in environment means a change in facts, and # facts may be used to determine which catalog we get, we need to # rerun the process if the environment is changed. tries = 0 while catalog.environment and not catalog.environment.empty? and catalog.environment != @environment if tries > 3 raise Puppet::Error, "Catalog environment didn't stabilize after #{tries} fetches, aborting run" end Puppet.warning "Local environment: \"#{@environment}\" doesn't match server specified environment \"#{catalog.environment}\", restarting agent run with new environment" @environment = catalog.environment return nil unless catalog = prepare_and_retrieve_catalog(options, fact_options) tries += 1 end execute_prerun_command or return nil apply_catalog(catalog, options) report.exit_status rescue => detail Puppet.log_exception(detail, "Failed to apply catalog: #{detail}") return nil ensure execute_postrun_command or return nil end ensure # Make sure we forget the retained module_directories of any autoload # we might have used. Thread.current[:env_module_directories] = nil Puppet::Util::Log.close(report) send_report(report) end def send_report(report) puts report.summary if Puppet[:summarize] save_last_run_summary(report) Puppet::Transaction::Report.indirection.save(report, nil, :environment => @environment) if Puppet[:report] rescue => detail Puppet.log_exception(detail, "Could not send report: #{detail}") end def save_last_run_summary(report) mode = Puppet.settings.setting(:lastrunfile).mode Puppet::Util.replace_file(Puppet[:lastrunfile], mode) do |fh| fh.print YAML.dump(report.raw_summary) end rescue => detail Puppet.log_exception(detail, "Could not save last run local report: #{detail}") end private def execute_from_setting(setting) return true if (command = Puppet[setting]) == "" begin Puppet::Util::Execution.execute([command]) true rescue => detail Puppet.log_exception(detail, "Could not run command from #{setting}: #{detail}") false end end def retrieve_catalog_from_cache(fact_options) result = nil @duration = thinmark do result = Puppet::Resource::Catalog.indirection.find(Puppet[:node_name_value], fact_options.merge(:ignore_terminus => true, :environment => @environment)) end Puppet.notice "Using cached catalog" result rescue => detail Puppet.log_exception(detail, "Could not retrieve catalog from cache: #{detail}") return nil end def retrieve_new_catalog(fact_options) result = nil @duration = thinmark do result = Puppet::Resource::Catalog.indirection.find(Puppet[:node_name_value], fact_options.merge(:ignore_cache => true, :environment => @environment)) end result rescue SystemExit,NoMemoryError raise rescue Exception => detail Puppet.log_exception(detail, "Could not retrieve catalog from remote server: #{detail}") return nil end end diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index f590e5e93..5f01c94a6 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -1,1484 +1,1489 @@ # The majority of Puppet's configuration settings are set in this file. module Puppet ############################################################################################ # NOTE: For information about the available values for the ":type" property of settings, # see the docs for Settings.define_settings ############################################################################################ define_settings(:main, :confdir => { :default => nil, :type => :directory, :desc => "The main Puppet configuration directory. The default for this setting is calculated based on the user. If the process\n" + "is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user,\n" + "it defaults to being in the user's home directory.", }, :vardir => { :default => nil, :type => :directory, :desc => "Where Puppet stores dynamic and growing data. The default for this setting is calculated specially, like `confdir`_.", }, ### NOTE: this setting is usually being set to a symbol value. We don't officially have a ### setting type for that yet, but we might want to consider creating one. :name => { :default => nil, :desc => "The name of the application, if we are running as one. The\n" + "default is essentially $0 without the path or `.rb`.", }, ## This setting needs to go away. As a first step, we could just make it a first-class property of the Settings ## class, instead of treating it as a normal setting. There are places where the Settings class tries to use ## the value of run_mode to help in resolving other values, and that is no good for nobody. It would cause ## infinite recursion and stack overflows without some chicanery... so, it needs to be cleaned up. ## ## As a longer term goal I think we should be looking into getting rid of run_mode altogether, but that is going ## to be a larger undertaking, as it is being branched on in a lot of places in the current code. ## ## --cprice 2012-03-16 :run_mode => { :default => nil, :desc => "The effective 'run mode' of the application: master, agent, or user.", } ) define_settings(:main, :logdir => { :default => nil, :type => :directory, :mode => 0750, :owner => "service", :group => "service", :desc => "The directory in which to store log files", } ) define_settings(:main, :trace => { :default => false, :type => :boolean, :desc => "Whether to print stack traces on some errors", }, :autoflush => { :default => true, :type => :boolean, :desc => "Whether log files should always flush to disk.", :hook => proc { |value| Log.autoflush = value } }, :syslogfacility => { :default => "daemon", :desc => "What syslog facility to use when logging to\n" + "syslog. Syslog has a fixed list of valid facilities, and you must\n" + "choose one of those; you cannot just make one up." }, :statedir => { :default => "$vardir/state", :type => :directory, :mode => 01755, :desc => "The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts)." }, :rundir => { :default => nil, :type => :directory, :mode => 01777, :desc => "Where Puppet PID files are kept." }, :genconfig => { :default => false, :type => :boolean, :desc => "Whether to just print a configuration to stdout and exit. Only makes\n" + "sense when used interactively. Takes into account arguments specified\n" + "on the CLI.", }, :genmanifest => { :default => false, :type => :boolean, :desc => "Whether to just print a manifest to stdout and exit. Only makes\n" + "sense when used interactively. Takes into account arguments specified\n" + "on the CLI.", }, :configprint => { :default => "", :desc => "Print the value of a specific configuration setting. If the name of a\n" + "setting is provided for this, then the value is printed and puppet\n" + "exits. Comma-separate multiple values. For a list of all values,\n" + "specify 'all'.", }, :color => { :default => (Puppet.features.microsoft_windows? ? "false" : "ansi"), :type => :string, :desc => "Whether to use colors when logging to the console. Valid values are\n" + "`ansi` (equivalent to `true`), `html`, and `false`, which produces no color.\n" + "Defaults to false on Windows, as its console does not support ansi colors.", }, :mkusers => { :default => false, :type => :boolean, :desc => "Whether to create the necessary user and group that puppet agent will run as.", }, :manage_internal_file_permissions => { :default => true, :type => :boolean, :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally", }, :onetime => { :default => false, :type => :boolean, :desc => "Run the configuration once, rather than as a long-running\n" + "daemon. This is useful for interactively running puppetd.", :short => 'o', }, :path => { :default => "none", :desc => "The shell search path. Defaults to whatever is inherited\n" + "from the parent process.", :call_on_define => true, # Call our hook with the default value, so we always get the libdir set. :hook => proc do |value| ENV["PATH"] = "" if ENV["PATH"].nil? ENV["PATH"] = value unless value == "none" paths = ENV["PATH"].split(File::PATH_SEPARATOR) %w{/usr/sbin /sbin}.each do |path| ENV["PATH"] += File::PATH_SEPARATOR + path unless paths.include?(path) end value end }, :libdir => { :type => :directory, :default => "$vardir/lib", :desc => "An extra search path for Puppet. This is only useful\n" + "for those files that Puppet will load on demand, and is only\n" + "guaranteed to work for those cases. In fact, the autoload\n" + "mechanism is responsible for making sure this directory\n" + "is in Ruby's search path\n", #:call_on_define => true, # Call our hook with the default value, so we always get the libdir set. :hook => proc do |value| $LOAD_PATH.delete(@oldlibdir) if defined?(@oldlibdir) and $LOAD_PATH.include?(@oldlibdir) @oldlibdir = value $LOAD_PATH << value end }, :ignoreimport => { :default => false, :type => :boolean, :desc => "If true, allows the parser to continue without requiring\n" + "all files referenced with `import` statements to exist. This setting was primarily\n" + "designed for use with commit hooks for parse-checking.", }, :authconfig => { :default => "$confdir/namespaceauth.conf", :desc => "The configuration file that defines the rights to the different\n" + "namespaces and methods. This can be used as a coarse-grained\n" + "authorization system for both `puppet agent` and `puppet master`.", }, :environment => { :default => "production", :desc => "The environment Puppet is running in. For clients\n" + "(e.g., `puppet agent`) this determines the environment itself, which\n" + "is used to find modules and much more. For servers (i.e., `puppet master`)\n" + "this provides the default environment for nodes we know nothing about." }, :diff_args => { :default => "-u", :desc => "Which arguments to pass to the diff command when printing differences between\n" + "files. The command to use can be chosen with the `diff` setting.", }, :diff => { :default => (Puppet.features.microsoft_windows? ? "" : "diff"), :desc => "Which diff command to use when printing differences between files. This setting\n" + "has no default value on Windows, as standard `diff` is not available, but Puppet can use many\n" + "third-party diff tools.", }, :show_diff => { :type => :boolean, :default => false, :desc => "Whether to log and report a contextual diff when files are being replaced. This causes\n" + "partial file contents to pass through Puppet's normal logging and reporting system, so this setting\n" + "should be used with caution if you are sending Puppet's reports to an insecure destination.\n" + "This feature currently requires the `diff/lcs` Ruby library.", }, :daemonize => { :type => :boolean, :default => (Puppet.features.microsoft_windows? ? false : true), :desc => "Whether to send the process into the background. This defaults to true on POSIX systems, and to false on Windows (where Puppet currently cannot daemonize).", :short => "D", :hook => proc do |value| if value and Puppet.features.microsoft_windows? raise "Cannot daemonize on Windows" end end }, :maximum_uid => { :default => 4294967290, :desc => "The maximum allowed UID. Some platforms use negative UIDs\n" + "but then ship with tools that do not know how to handle signed ints, so the UIDs show up as\n" + "huge numbers that can then not be fed back into the system. This is a hackish way to fail in a\n" + "slightly more useful way when that happens.", }, :route_file => { :default => "$confdir/routes.yaml", :desc => "The YAML file containing indirector route configuration.", }, :node_terminus => { :default => "plain", :desc => "Where to find information about nodes.", }, :catalog_terminus => { :default => "compiler", :desc => "Where to get node catalogs. This is useful to change if, for instance, you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.", }, :facts_terminus => { :default => 'facter', :desc => "The node facts terminus.", :hook => proc do |value| require 'puppet/node/facts' # Cache to YAML if we're uploading facts away if %w[rest inventory_service].include? value.to_s Puppet::Node::Facts.indirection.cache_class = :yaml end end }, :inventory_terminus => { :default => "$facts_terminus", :desc => "Should usually be the same as the facts terminus", }, :httplog => { :default => "$logdir/http.log", :type => :file, :owner => "root", :mode => 0640, :desc => "Where the puppet agent web server logs.", }, :http_proxy_host => { :default => "none", :desc => "The HTTP proxy host to use for outgoing connections. Note: You may need to use a FQDN for the server hostname when using a proxy.", }, :http_proxy_port => { :default => 3128, :desc => "The HTTP proxy port to use for outgoing connections", }, :filetimeout => { :default => 15, :desc => "The minimum time to wait (in seconds) between checking for updates in configuration files. This timeout determines how quickly Puppet checks whether a file (such as manifests or templates) has changed on disk.", }, :queue_type => { :default => "stomp", :desc => "Which type of queue to use for asynchronous processing.", }, :queue_type => { :default => "stomp", :desc => "Which type of queue to use for asynchronous processing.", }, :queue_source => { :default => "stomp://localhost:61613/", :desc => "Which type of queue to use for asynchronous processing. If your stomp server requires authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1", }, :async_storeconfigs => { :default => false, :type => :boolean, :desc => "Whether to use a queueing system to provide asynchronous database integration. Requires that `puppetqd` be running and that 'PSON' support for ruby be installed.", :hook => proc do |value| if value # This reconfigures the terminii for Node, Facts, and Catalog Puppet.settings[:storeconfigs] = true # But then we modify the configuration Puppet::Resource::Catalog.indirection.cache_class = :queue else raise "Cannot disable asynchronous storeconfigs in a running process" end end }, :thin_storeconfigs => { :default => false, :type => :boolean, :desc => "Boolean; whether storeconfigs store in the database only the facts and exported resources. If true, then storeconfigs performance will be higher and still allow exported/collected resources, but other usage external to Puppet might not work", :hook => proc do |value| Puppet.settings[:storeconfigs] = true if value end }, :config_version => { :default => "", :desc => "How to determine the configuration version. By default, it will be the time that the configuration is parsed, but you can provide a shell script to override how the version is determined. The output of this script will be added to every log message in the reports, allowing you to correlate changes on your hosts to the source version on the server.", }, :zlib => { :default => true, :type => :boolean, :desc => "Boolean; whether to use the zlib library", }, :prerun_command => { :default => "", :desc => "A command to run before every agent run. If this command returns a non-zero return code, the entire Puppet run will fail.", }, :postrun_command => { :default => "", :desc => "A command to run after every agent run. If this command returns a non-zero return code, the entire Puppet run will be considered to have failed, even though it might have performed work during the normal run.", }, :freeze_main => { :default => false, :type => :boolean, :desc => "Freezes the 'main' class, disallowing any code to be added to it. This\n" + "essentially means that you can't have any code outside of a node, class, or definition other\n" + "than in the site manifest.", } ) Puppet.define_settings(:module_tool, :module_repository => { :default => 'http://forge.puppetlabs.com', :desc => "The module repository", }, :module_working_dir => { :default => '$vardir/puppet-module', :desc => "The directory into which module tool data is stored", } ) hostname = Facter["hostname"].value domain = Facter["domain"].value if domain and domain != "" fqdn = [hostname, domain].join(".") else fqdn = hostname end Puppet.define_settings( :main, # We have to downcase the fqdn, because the current ssl stuff (as oppsed to in master) doesn't have good facilities for # manipulating naming. :certname => { :default => fqdn.downcase, :desc => "The name to use when handling certificates. Defaults to the fully qualified domain name.", :call_on_define => true, # Call our hook with the default value, so we're always downcased :hook => proc { |value| raise(ArgumentError, "Certificate names must be lower case; see #1168") unless value == value.downcase }}, :certdnsnames => { :default => '', :hook => proc do |value| unless value.nil? or value == '' then Puppet.warning < < { :default => '', :desc => < { :default => "$ssldir/certs", :type => :directory, :owner => "service", :desc => "The certificate directory." }, :ssldir => { :default => "$confdir/ssl", :type => :directory, :mode => 0771, :owner => "service", :desc => "Where SSL certificates are kept." }, :publickeydir => { :default => "$ssldir/public_keys", :type => :directory, :owner => "service", :desc => "The public key directory." }, :requestdir => { :default => "$ssldir/certificate_requests", :type => :directory, :type => :directory, :owner => "service", :desc => "Where host certificate requests are stored." }, :privatekeydir => { :default => "$ssldir/private_keys", :type => :directory, :mode => 0750, :owner => "service", :desc => "The private key directory." }, :privatedir => { :default => "$ssldir/private", :type => :directory, :mode => 0750, :owner => "service", :desc => "Where the client stores private certificate information." }, :passfile => { :default => "$privatedir/password", :type => :file, :mode => 0640, :owner => "service", :desc => "Where puppet agent stores the password for its private key. Generally unused." }, :hostcsr => { :default => "$ssldir/csr_$certname.pem", :type => :file, :mode => 0644, :owner => "service", :desc => "Where individual hosts store and look for their certificate requests." }, :hostcert => { :default => "$certdir/$certname.pem", :type => :file, :mode => 0644, :owner => "service", :desc => "Where individual hosts store and look for their certificates." }, :hostprivkey => { :default => "$privatekeydir/$certname.pem", :type => :file, :mode => 0600, :owner => "service", :desc => "Where individual hosts store and look for their private key." }, :hostpubkey => { :default => "$publickeydir/$certname.pem", :type => :file, :mode => 0644, :owner => "service", :desc => "Where individual hosts store and look for their public key." }, :localcacert => { :default => "$certdir/ca.pem", :type => :file, :mode => 0644, :owner => "service", :desc => "Where each client stores the CA certificate." }, :hostcrl => { :default => "$ssldir/crl.pem", :type => :file, :mode => 0644, :owner => "service", :desc => "Where the host's certificate revocation list can be found. This is distinct from the certificate authority's CRL." }, :certificate_revocation => { :default => true, :type => :boolean, :desc => "Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL) to all clients. If enabled, CA chaining will almost definitely not work.", } ) define_settings( :ca, :ca_name => { :default => "Puppet CA: $certname", :desc => "The name to use the Certificate Authority certificate.", }, :cadir => { :default => "$ssldir/ca", :type => :directory, :owner => "service", :group => "service", :mode => 0770, :desc => "The root directory for the certificate authority." }, :cacert => { :default => "$cadir/ca_crt.pem", :type => :file, :owner => "service", :group => "service", :mode => 0660, :desc => "The CA certificate." }, :cakey => { :default => "$cadir/ca_key.pem", :type => :file, :owner => "service", :group => "service", :mode => 0660, :desc => "The CA private key." }, :capub => { :default => "$cadir/ca_pub.pem", :type => :file, :owner => "service", :group => "service", :desc => "The CA public key." }, :cacrl => { :default => "$cadir/ca_crl.pem", :type => :file, :owner => "service", :group => "service", :mode => 0664, :desc => "The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.", :hook => proc do |value| if value == 'false' Puppet.deprecation_warning "Setting the :cacrl to 'false' is deprecated; Puppet will just ignore the crl if yours is missing" end end }, :caprivatedir => { :default => "$cadir/private", :type => :directory, :owner => "service", :group => "service", :mode => 0770, :desc => "Where the CA stores private certificate information." }, :csrdir => { :default => "$cadir/requests", :type => :directory, :owner => "service", :group => "service", :desc => "Where the CA stores certificate requests" }, :signeddir => { :default => "$cadir/signed", :type => :directory, :owner => "service", :group => "service", :mode => 0770, :desc => "Where the CA stores signed certificates." }, :capass => { :default => "$caprivatedir/ca.pass", :type => :file, :owner => "service", :group => "service", :mode => 0660, :desc => "Where the CA stores the password for the private key" }, :serial => { :default => "$cadir/serial", :type => :file, :owner => "service", :group => "service", :mode => 0644, :desc => "Where the serial number for certificates is stored." }, :autosign => { :default => "$confdir/autosign.conf", :type => :file, :mode => 0644, :desc => "Whether to enable autosign. Valid values are true (which autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign."}, :allow_duplicate_certs => { :default => false, :type => :boolean, :desc => "Whether to allow a new certificate request to overwrite an existing certificate.", }, :ca_days => { :default => "", :desc => "How long a certificate should be valid, in days. This setting is deprecated; use `ca_ttl` instead", }, :ca_ttl => { :default => "5y", :desc => "The default TTL for new certificates; valid values must be an integer, optionally followed by one of the units 'y' (years of 365 days), 'd' (days), 'h' (hours), or 's' (seconds). The unit defaults to seconds. If this setting is set, ca_days is ignored. Examples are '3600' (one hour) and '1825d', which is the same as '5y' (5 years) ", }, :ca_md => { :default => "md5", :desc => "The type of hash used in certificates.", }, :req_bits => { :default => 4096, :desc => "The bit length of the certificates.", }, :keylength => { :default => 4096, :desc => "The bit length of keys.", }, :cert_inventory => { :default => "$cadir/inventory.txt", :type => :file, :mode => 0644, :owner => "service", :group => "service", :desc => "A Complete listing of all certificates" } ) # Define the config default. define_settings(:application, :config_file_name => { :type => :string, :default => Puppet::Util::Settings.default_config_file_name, :desc => "The name of the puppet config file.", }, :config => { :type => :file, :default => "$confdir/${config_file_name}", :desc => "The configuration file for the current puppet application", }, :pidfile => { :type => :file, :default => "$rundir/${run_mode}.pid", :desc => "The pid file", }, :bindaddress => { :default => "", :desc => "The address a listening server should bind to. Mongrel servers default to 127.0.0.1 and WEBrick defaults to 0.0.0.0.", }, :servertype => { :default => "webrick", :desc => "The type of server to use. Currently supported options are webrick and mongrel. If you use mongrel, you will need a proxy in front of the process or processes, since Mongrel cannot speak SSL.", :call_on_define => true, # Call our hook with the default value, so we always get the correct bind address set. :hook => proc { |value| value == "webrick" ? Puppet.settings[:bindaddress] = "0.0.0.0" : Puppet.settings[:bindaddress] = "127.0.0.1" if Puppet.settings[:bindaddress] == "" } } ) define_settings(:master, :user => { :default => "puppet", :desc => "The user puppet master should run as.", }, :group => { :default => "puppet", :desc => "The group puppet master should run as.", }, :manifestdir => { :default => "$confdir/manifests", :type => :directory, :desc => "Where puppet master looks for its manifests.", }, :manifest => { :default => "$manifestdir/site.pp", :type => :file, :desc => "The entry-point manifest for puppet master.", }, :code => { :default => "", :desc => "Code to parse directly. This is essentially only used by `puppet`, and should only be set if you're writing your own Puppet executable", }, :masterlog => { :default => "$logdir/puppetmaster.log", :type => :file, :owner => "service", :group => "service", :mode => 0660, :desc => "Where puppet master logs. This is generally not used, since syslog is the default log destination." }, :masterhttplog => { :default => "$logdir/masterhttp.log", :type => :file, :owner => "service", :group => "service", :mode => 0660, :create => true, :desc => "Where the puppet master web server logs." }, :masterport => { :default => 8140, :desc => "Which port puppet master listens on.", }, :node_name => { :default => "cert", :desc => "How the puppet master determines the client's identity and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest, in particular for determining which 'node' statement applies to the client. Possible values are 'cert' (use the subject's CN in the client's certificate) and 'facter' (use the hostname that the client reported in its facts)", }, :bucketdir => { :default => "$vardir/bucket", :type => :directory, :mode => 0750, :owner => "service", :group => "service", :desc => "Where FileBucket files are stored." }, :rest_authconfig => { :default => "$confdir/auth.conf", :type => :file, :desc => "The configuration file that defines the rights to the different rest indirections. This can be used as a fine-grained authorization system for `puppet master`.", }, :ca => { :default => true, :type => :boolean, :desc => "Whether the master should function as a certificate authority.", }, :modulepath => { :default => "$confdir/modules#{File::PATH_SEPARATOR}/usr/share/puppet/modules", :type => :path, :desc => "The search path for modules, as a list of directories separated by the system path separator character. " + "(The POSIX path separator is ':', and the Windows path separator is ';'.)", }, :ssl_client_header => { :default => "HTTP_X_CLIENT_DN", :desc => "The header containing an authenticated client's SSL DN. Only used with Mongrel. This header must be set by the proxy to the authenticated client's SSL DN (e.g., `/CN=puppet.puppetlabs.com`). See http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel for more information.", }, :ssl_client_verify_header => { :default => "HTTP_X_CLIENT_VERIFY", :desc => "The header containing the status message of the client verification. Only used with Mongrel. This header must be set by the proxy to 'SUCCESS' if the client successfully authenticated, and anything else otherwise. See http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel for more information.", }, # To make sure this directory is created before we try to use it on the server, we need # it to be in the server section (#1138). :yamldir => { :default => "$vardir/yaml", :type => :directory, :owner => "service", :group => "service", :mode => "750", :desc => "The directory in which YAML data is stored, usually in a subdirectory."}, :server_datadir => { :default => "$vardir/server_data", :type => :directory, :owner => "service", :group => "service", :mode => "750", :desc => "The directory in which serialized data is stored, usually in a subdirectory."}, :reports => { :default => "store", :desc => "The list of reports to generate. All reports are looked for in `puppet/reports/name.rb`, and multiple report names should be comma-separated (whitespace is okay).", }, :reportdir => { :default => "$vardir/reports", :type => :directory, :mode => 0750, :owner => "service", :group => "service", :desc => "The directory in which to store reports received from the client. Each client gets a separate subdirectory."}, :reporturl => { :default => "http://localhost:3000/reports/upload", :desc => "The URL used by the http reports processor to send reports", }, :fileserverconfig => { :default => "$confdir/fileserver.conf", :type => :file, :desc => "Where the fileserver configuration is stored.", }, :strict_hostname_checking => { :default => false, :desc => "Whether to only search for the complete hostname as it is in the certificate when searching for node information in the catalogs.", } ) define_settings(:metrics, :rrddir => { :type => :directory, :default => "$vardir/rrd", :mode => 0750, :owner => "service", :group => "service", :desc => "The directory where RRD database files are stored. Directories for each reporting host will be created under this directory." }, :rrdinterval => { :default => "$runinterval", :desc => "How often RRD should expect data. This should match how often the hosts report back to the server.", } ) define_settings(:device, :devicedir => { :default => "$vardir/devices", :type => :directory, :mode => "750", :desc => "The root directory of devices' $vardir", }, :deviceconfig => { :default => "$confdir/device.conf", :desc => "Path to the device config file for puppet device", } ) define_settings(:agent, :node_name_value => { :default => "$certname", :desc => "The explicit value used for the node name for all requests the agent makes to the master. WARNING: This setting is mutually exclusive with node_name_fact. Changing this setting also requires changes to the default auth.conf configuration on the Puppet Master. Please see http://links.puppetlabs.com/node_name_value for more information." }, :node_name_fact => { :default => "", :desc => "The fact name used to determine the node name used for all requests the agent makes to the master. WARNING: This setting is mutually exclusive with node_name_value. Changing this setting also requires changes to the default auth.conf configuration on the Puppet Master. Please see http://links.puppetlabs.com/node_name_fact for more information.", :hook => proc do |value| if !value.empty? and Puppet[:node_name_value] != Puppet[:certname] raise "Cannot specify both the node_name_value and node_name_fact settings" end end }, :localconfig => { :default => "$statedir/localconfig", :type => :file, :owner => "root", :mode => 0660, :desc => "Where puppet agent caches the local configuration. An extension indicating the cache format is added automatically."}, :statefile => { :default => "$statedir/state.yaml", :type => :file, :mode => 0660, :desc => "Where puppet agent and puppet master store state associated with the running configuration. In the case of puppet master, this file reflects the state discovered through interacting with clients." }, :clientyamldir => { :default => "$vardir/client_yaml", :type => :directory, :mode => "750", :desc => "The directory in which client-side YAML data is stored." }, :client_datadir => { :default => "$vardir/client_data", :type => :directory, :mode => "750", :desc => "The directory in which serialized data is stored on the client." }, :classfile => { :default => "$statedir/classes.txt", :type => :file, :owner => "root", :mode => 0644, :desc => "The file in which puppet agent stores a list of the classes associated with the retrieved configuration. Can be loaded in the separate `puppet` executable using the `--loadclasses` option."}, :resourcefile => { :default => "$statedir/resources.txt", :type => :file, :owner => "root", :mode => 0644, :desc => "The file in which puppet agent stores a list of the resources associated with the retrieved configuration." }, :puppetdlog => { :default => "$logdir/puppetd.log", :type => :file, :owner => "root", :mode => 0640, :desc => "The log file for puppet agent. This is generally not used." }, :server => { :default => "puppet", :desc => "The server to which the puppet agent should connect" }, :use_srv_records => { :default => true, :type => :boolean, :desc => "Whether the server will search for SRV records in DNS for the current domain.", }, :srv_domain => { :default => "#{domain}", :desc => "The domain which will be queried to find the SRV records of servers to use.", }, :ignoreschedules => { :default => false, :type => :boolean, :desc => "Boolean; whether puppet agent should ignore schedules. This is useful for initial puppet agent runs.", }, :puppetport => { :default => 8139, :desc => "Which port puppet agent listens on.", }, :noop => { :default => false, :type => :boolean, :desc => "Whether puppet agent should be run in noop mode.", }, :runinterval => { :default => 1800, # 30 minutes :desc => "How often puppet agent applies the client configuration; in seconds. Note that a runinterval of 0 means \"run continuously\" rather than \"never run.\" If you want puppet agent to never run, you should start it with the `--no-client` option.", }, :listen => { :default => false, :type => :boolean, :desc => "Whether puppet agent should listen for connections. If this is true, then puppet agent will accept incoming REST API requests, subject to the default ACLs and the ACLs set in the `rest_authconfig` file. Puppet agent can respond usefully to requests on the `run`, `facts`, `certificate`, and `resource` endpoints.", }, :ca_server => { :default => "$server", :desc => "The server to use for certificate authority requests. It's a separate server because it cannot and does not need to horizontally scale.", }, :ca_port => { :default => "$masterport", :desc => "The port to use for the certificate authority.", }, :catalog_format => { :default => "", :desc => "(Deprecated for 'preferred_serialization_format') What format to use to dump the catalog. Only supports 'marshal' and 'yaml'. Only matters on the client, since it asks the server for a specific format.", :hook => proc { |value| if value Puppet.deprecation_warning "Setting 'catalog_format' is deprecated; use 'preferred_serialization_format' instead." Puppet.settings[:preferred_serialization_format] = value end } }, :preferred_serialization_format => { :default => "pson", :desc => "The preferred means of serializing ruby instances for passing over the wire. This won't guarantee that all instances will be serialized using this method, since not all classes can be guaranteed to support this format, but it will be used for all classes that support it.", }, - :puppetdlockfile => { - :default => "$statedir/puppetdlock", + :agent_pidfile => { + :default => "$statedir/agent.pid", :type => :file, - :desc => "A lock file to temporarily stop puppet agent from doing anything.", + :desc => "A lock file to indicate that a puppet agent run is currently in progress. File contains the pid of the running process.", + }, + :agent_disabled_lockfile => { + :default => "$statedir/agent_disabled.lock", + :type => :file, + :desc => "A lock file to indicate that puppet agent runs have been administratively disabled. File contains a JSON object with state information.", }, :usecacheonfailure => { :default => true, :type => :boolean, :desc => "Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one.", }, :use_cached_catalog => { :default => false, :type => :boolean, :desc => "Whether to only use the cached catalog rather than compiling a new catalog on every run. Puppet can be run with this enabled by default and then selectively disabled when a recompile is desired.", }, :ignorecache => { :default => false, :type => :boolean, :desc => "Ignore cache and always recompile the configuration. This is useful for testing new configurations, where the local cache may in fact be stale even if the timestamps are up to date - if the facts change or if the server changes.", }, :downcasefacts => { :default => false, :type => :boolean, :desc => "Whether facts should be made all lowercase when sent to the server.", }, :dynamicfacts => { :default => "memorysize,memoryfree,swapsize,swapfree", :desc => "Facts that are dynamic; these facts will be ignored when deciding whether changed facts should result in a recompile. Multiple facts should be comma-separated.", }, :splaylimit => { :default => "$runinterval", :desc => "The maximum time to delay before runs. Defaults to being the same as the run interval.", }, :splay => { :default => false, :type => :boolean, :desc => "Whether to sleep for a pseudo-random (but consistent) amount of time before a run.", }, :clientbucketdir => { :default => "$vardir/clientbucket", :type => :directory, :mode => 0750, :desc => "Where FileBucket files are stored locally." }, :configtimeout => { :default => 120, :desc => "How long the client should wait for the configuration to be retrieved before considering it a failure. This can help reduce flapping if too many clients contact the server at one time.", }, :reportserver => { :default => "$server", :call_on_define => false, :desc => "(Deprecated for 'report_server') The server to which to send transaction reports.", :hook => proc do |value| Puppet.settings[:report_server] = value if value end }, :report_server => { :default => "$server", :desc => "The server to send transaction reports to.", }, :report_port => { :default => "$masterport", :desc => "The port to communicate with the report_server.", }, :inventory_server => { :default => "$server", :desc => "The server to send facts to.", }, :inventory_port => { :default => "$masterport", :desc => "The port to communicate with the inventory_server.", }, :report => { :default => true, :type => :boolean, :desc => "Whether to send reports after every transaction.", }, :lastrunfile => { :default => "$statedir/last_run_summary.yaml", :type => :file, :mode => 0644, :desc => "Where puppet agent stores the last run report summary in yaml format." }, :lastrunreport => { :default => "$statedir/last_run_report.yaml", :type => :file, :mode => 0644, :desc => "Where puppet agent stores the last run report in yaml format." }, :graph => { :default => false, :type => :boolean, :desc => "Whether to create dot graph files for the different configuration graphs. These dot files can be interpreted by tools like OmniGraffle or dot (which is part of ImageMagick).", }, :graphdir => { :default => "$statedir/graphs", :type => :directory, :desc => "Where to store dot-outputted graphs.", }, :http_compression => { :default => false, :type => :boolean, :desc => "Allow http compression in REST communication with the master. This setting might improve performance for agent -> master communications over slow WANs. Your puppet master needs to support compression (usually by activating some settings in a reverse-proxy in front of the puppet master, which rules out webrick). It is harmless to activate this settings if your master doesn't support compression, but if it supports it, this setting might reduce performance on high-speed LANs.", }, :waitforcert => { :default => 120, # 2 minutes :desc => "The time interval, specified in seconds, 'puppet agent' should connect to the server and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0.", } ) define_settings(:inspect, :archive_files => { :type => :boolean, :default => false, :desc => "During an inspect run, whether to archive files whose contents are audited to a file bucket.", }, :archive_file_server => { :default => "$server", :desc => "During an inspect run, the file bucket server to archive files to if archive_files is set.", } ) # Plugin information. define_settings( :main, :plugindest => { :type => :directory, :default => "$libdir", :desc => "Where Puppet should store plugins that it pulls down from the central server.", }, :pluginsource => { :default => "puppet://$server/plugins", :desc => "From where to retrieve plugins. The standard Puppet `file` type is used for retrieval, so anything that is a valid file source can be used here.", }, :pluginsync => { :default => true, :type => :boolean, :desc => "Whether plugins should be synced with the central server.", }, :pluginsignore => { :default => ".svn CVS .git", :desc => "What files to ignore when pulling down plugins.", } ) # Central fact information. define_settings( :main, :factpath => { :type => :path, :default => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts", :desc => "Where Puppet should look for facts. Multiple directories should be separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)", #:call_on_define => true, # Call our hook with the default value, so we always get the value added to facter. :hook => proc { |value| Facter.search(value) if Facter.respond_to?(:search) }} ) define_settings( :tagmail, :tagmap => { :default => "$confdir/tagmail.conf", :desc => "The mapping between reporting tags and email addresses.", }, :sendmail => { :default => which('sendmail') || '', :desc => "Where to find the sendmail binary with which to send email.", }, :reportfrom => { :default => "report@" + [Facter["hostname"].value,Facter["domain"].value].join("."), :desc => "The 'from' email address for the reports.", }, :smtpserver => { :default => "none", :desc => "The server through which to send email reports.", } ) define_settings( :rails, :dblocation => { :default => "$statedir/clientconfigs.sqlite3", :type => :file, :mode => 0660, :owner => "service", :group => "service", :desc => "The database cache for client configurations. Used for querying within the language." }, :dbadapter => { :default => "sqlite3", :desc => "The type of database to use.", }, :dbmigrate => { :default => false, :type => :boolean, :desc => "Whether to automatically migrate the database.", }, :dbname => { :default => "puppet", :desc => "The name of the database to use.", }, :dbserver => { :default => "localhost", :desc => "The database server for caching. Only used when networked databases are used.", }, :dbport => { :default => "", :desc => "The database password for caching. Only used when networked databases are used.", }, :dbuser => { :default => "puppet", :desc => "The database user for caching. Only used when networked databases are used.", }, :dbpassword => { :default => "puppet", :desc => "The database password for caching. Only used when networked databases are used.", }, :dbconnections => { :default => '', :desc => "The number of database connections for networked databases. Will be ignored unless the value is a positive integer.", }, :dbsocket => { :default => "", :desc => "The database socket location. Only used when networked databases are used. Will be ignored if the value is an empty string.", }, :railslog => { :default => "$logdir/rails.log", :type => :file, :mode => 0600, :owner => "service", :group => "service", :desc => "Where Rails-specific logs are sent" }, :rails_loglevel => { :default => "info", :desc => "The log level for Rails connections. The value must be a valid log level within Rails. Production environments normally use `info` and other environments normally use `debug`.", } ) define_settings( :couchdb, :couchdb_url => { :default => "http://127.0.0.1:5984/puppet", :desc => "The url where the puppet couchdb database will be created", } ) define_settings( :transaction, :tags => { :default => "", :desc => "Tags to use to find resources. If this is set, then only resources tagged with the specified tags will be applied. Values must be comma-separated.", }, :evaltrace => { :default => false, :type => :boolean, :desc => "Whether each resource should log when it is being evaluated. This allows you to interactively see exactly what is being done.", }, :summarize => { :default => false, :type => :boolean, :desc => "Whether to print a transaction summary.", } ) define_settings( :main, :external_nodes => { :default => "none", :desc => "An external command that can produce node information. The command's output must be a YAML dump of a hash, and that hash must have a `classes` key and/or a `parameters` key, where `classes` is an array or hash and `parameters` is a hash. For unknown nodes, the command should exit with a non-zero exit code. This command makes it straightforward to store your node mapping information in other data sources like databases.", } ) define_settings( :ldap, :ldapnodes => { :default => false, :type => :boolean, :desc => "Whether to search for node configurations in LDAP. See http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes for more information.", }, :ldapssl => { :default => false, :type => :boolean, :desc => "Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires certificates to be set up on the client side.", }, :ldaptls => { :default => false, :type => :boolean, :desc => "Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires certificates to be set up on the client side.", }, :ldapserver => { :default => "ldap", :desc => "The LDAP server. Only used if `ldapnodes` is enabled.", }, :ldapport => { :default => 389, :desc => "The LDAP port. Only used if `ldapnodes` is enabled.", }, :ldapstring => { :default => "(&(objectclass=puppetClient)(cn=%s))", :desc => "The search string used to find an LDAP node.", }, :ldapclassattrs => { :default => "puppetclass", :desc => "The LDAP attributes to use to define Puppet classes. Values should be comma-separated.", }, :ldapstackedattrs => { :default => "puppetvar", :desc => "The LDAP attributes that should be stacked to arrays by adding the values in all hierarchy elements of the tree. Values should be comma-separated.", }, :ldapattrs => { :default => "all", :desc => "The LDAP attributes to include when querying LDAP for nodes. All returned attributes are set as variables in the top-level scope. Multiple values should be comma-separated. The value 'all' returns all attributes.", }, :ldapparentattr => { :default => "parentnode", :desc => "The attribute to use to define the parent node.", }, :ldapuser => { :default => "", :desc => "The user to use to connect to LDAP. Must be specified as a full DN.", }, :ldappassword => { :default => "", :desc => "The password to use to connect to LDAP.", }, :ldapbase => { :default => "", :desc => "The search base for LDAP searches. It's impossible to provide a meaningful default here, although the LDAP libraries might have one already set. Generally, it should be the 'ou=Hosts' branch under your main directory.", } ) define_settings(:master, :storeconfigs => { :default => false, :type => :boolean, :desc => "Whether to store each client's configuration, including catalogs, facts, and related data. This also enables the import and export of resources in the Puppet language - a mechanism for exchange resources between nodes. By default this uses ActiveRecord and an SQL database to store and query the data; this, in turn, will depend on Rails being available. You can adjust the backend using the storeconfigs_backend setting.", # Call our hook with the default value, so we always get the libdir set. #:call_on_define => true, :hook => proc do |value| require 'puppet/node' require 'puppet/node/facts' if value Puppet.settings[:async_storeconfigs] or Puppet::Resource::Catalog.indirection.cache_class = :store_configs Puppet::Node::Facts.indirection.cache_class = :store_configs Puppet::Node.indirection.cache_class = :store_configs Puppet::Resource.indirection.terminus_class = :store_configs end end }, :storeconfigs_backend => { :default => "active_record", :desc => "Configure the backend terminus used for StoreConfigs. By default, this uses the ActiveRecord store, which directly talks to the database from within the Puppet Master process." } ) # This doesn't actually work right now. define_settings( :parser, :lexical => { :default => false, :type => :boolean, :desc => "Whether to use lexical scoping (vs. dynamic).", }, :templatedir => { :default => "$vardir/templates", :type => :directory, :desc => "Where Puppet looks for template files. Can be a list of colon-separated directories.", } ) define_settings( :puppetdoc, :document_all => { :default => false, :type => :boolean, :desc => "Document all resources", } ) end diff --git a/lib/puppet/util/json_lockfile.rb b/lib/puppet/util/json_lockfile.rb new file mode 100644 index 000000000..523fa40c2 --- /dev/null +++ b/lib/puppet/util/json_lockfile.rb @@ -0,0 +1,41 @@ +require 'puppet/util/lockfile' + +# This class provides a simple API for managing a lock file +# whose contents are a serialized JSON object. In addition +# to querying the basic state (#locked?) of the lock, managing +# the lock (#lock, #unlock), the contents can be retrieved at +# any time while the lock is held (#lock_data). This can be +# used to store structured data (state messages, etc.) about +# the lock. +# +# @see Puppet::Util::Lockfile +class Puppet::Util::JsonLockfile < Puppet::Util::Lockfile + # Lock the lockfile. You may optionally pass a data object, which will be + # retrievable for the duration of time during which the file is locked. + # + # @param [Hash] lock_data an optional Hash of data to associate with the lock. + # This may be used to store pids, descriptive messages, etc. The + # data may be retrieved at any time while the lock is held by + # calling the #lock_data method. NOTE that the JSON serialization + # does NOT support Symbol objects--if you pass them in, they will be + # serialized as Strings, so you should plan accordingly. + # @return [boolean] true if lock is successfully acquired, false otherwise. + def lock(lock_data = nil) + return false if locked? + + super(lock_data.to_pson) + end + + # Retrieve the (optional) lock data that was specified at the time the file + # was locked. + # @return [Object] the data object. Remember that the serialization does not + # support Symbol objects, so if your data Object originally contained symbols, + # they will be converted to Strings. + def lock_data + return nil unless file_locked? + file_contents = super + return nil if file_contents.nil? + PSON.parse(file_contents) + end + +end \ No newline at end of file diff --git a/lib/puppet/util/lockfile.rb b/lib/puppet/util/lockfile.rb new file mode 100644 index 000000000..5c910db7f --- /dev/null +++ b/lib/puppet/util/lockfile.rb @@ -0,0 +1,62 @@ +# This class provides a simple API for managing a lock file +# whose contents are an (optional) String. In addition +# to querying the basic state (#locked?) of the lock, managing +# the lock (#lock, #unlock), the contents can be retrieved at +# any time while the lock is held (#lock_data). This can be +# used to store pids, messages, etc. +# +# @see Puppet::Util::JsonLockfile +class Puppet::Util::Lockfile + attr_reader :file_path + + def initialize(file_path) + @file_path = file_path + end + + # Lock the lockfile. You may optionally pass a data object, which will be + # retrievable for the duration of time during which the file is locked. + # + # @param [String] lock_data an optional String data object to associate + # with the lock. This may be used to store pids, descriptive messages, + # etc. The data may be retrieved at any time while the lock is held by + # calling the #lock_data method. + + # @return [boolean] true if lock is successfully acquired, false otherwise. + def lock(lock_data = nil) + return false if locked? + + File.open(@file_path, 'w') { |fd| fd.print(lock_data) } + true + end + + def unlock + if locked? + File.unlink(@file_path) + true + else + false + end + end + + def locked? + # delegate logic to a more explicit private method + file_locked? + end + + # Retrieve the (optional) lock data that was specified at the time the file + # was locked. + # @return [String] the data object. + def lock_data + return File.read(@file_path) if file_locked? + end + + # Private, internal utility method for encapsulating the logic about + # whether or not the file is locked. This method can be called + # by other methods in this class without as much risk of accidentally + # being overridden by child classes. + # @return [boolean] true if the file is locked, false if it is not. + def file_locked?() + File.exists? @file_path + end + private :file_locked? +end \ No newline at end of file diff --git a/lib/puppet/util/pidlock.rb b/lib/puppet/util/pidlock.rb index a0fe99e89..33c6bf14f 100644 --- a/lib/puppet/util/pidlock.rb +++ b/lib/puppet/util/pidlock.rb @@ -1,117 +1,53 @@ require 'fileutils' +require 'puppet/util/lockfile' class Puppet::Util::Pidlock - attr_reader :lockfile def initialize(lockfile) - @lockfile = lockfile + @lockfile = Puppet::Util::Lockfile.new(lockfile) end def locked? clear_if_stale - return true if File.exists? @lockfile - - # HACK! There was a temporary change to the lockfile behavior introduced in 2.7.10 and 2.7.11, and reverted - # in 2.7.12. We need to pull some chicanery to be backwards-compatible with those versions. For more info, - # see the comments on the method... and this hack should be removed for the 3.x series. - handle_2_7_10_disabled_lockfile - File.exists? @lockfile + @lockfile.locked? end def mine? Process.pid == lock_pid end - def anonymous? - return false unless File.exists?(@lockfile) - File.read(@lockfile) == "" - end - - def lock(opts = {}) - opts = {:anonymous => false}.merge(opts) + def lock + return mine? if locked? - if locked? - mine? - else - if opts[:anonymous] - File.open(@lockfile, 'w') { |fd| true } - else - File.open(@lockfile, "w") { |fd| fd.write(Process.pid) } - end - true - end + @lockfile.lock(Process.pid) end - def unlock(opts = {}) - return false unless locked? - - opts = {:anonymous => false}.merge(opts) - - if mine? or (opts[:anonymous] and anonymous?) - File.unlink(@lockfile) - true + def unlock() + if mine? + return @lockfile.unlock else false end end - private def lock_pid - if File.exists? @lockfile - File.read(@lockfile).to_i - else - nil - end + @lockfile.lock_data.to_i end + def clear_if_stale return if lock_pid.nil? errors = [Errno::ESRCH] # Process::Error can only happen, and is only defined, on Windows errors << Process::Error if defined? Process::Error begin Process.kill(0, lock_pid) rescue *errors - File.unlink(@lockfile) + @lockfile.unlock end end + private :clear_if_stale - - ###################################################################################### - # Backwards compatibility hack - ###################################################################################### - # A change to lockfile behavior was introduced in 2.7.10 and 2.7.11; basically, - # instead of using a single lockfile to indicate both administrative disabling of - # the agent *and* the case where an agent run is already in progress, we started using - # two separate lockfiles: the 'normal' one for the "run in progress" case, and a - # separate one with a ".disabled" extension to indicate administrative disabling. - # - # This was determined to cause incompatibilities with mcollective, so the behavior - # was reverted for 2.7.12. Unfortunately this leaves the possibility that someone - # may have run "agent --disable" to administratively disable a 2.7.10 or 2.7.11 - # agent, and then upgraded to a newer version. This method exists only to - # provide backwards compatibility. Basically, it just recognizes the 2.7.10/2.7.11 - # ".disabled" lock file, warns, and cleans it up. - # - # This should be removed for the 3.x series. - # - # For more information, please see tickets #12844, #3757, #4836, and #11057 - # - # -- cprice 2012-03-01 - # - def handle_2_7_10_disabled_lockfile - disabled_lockfile_path = @lockfile + ".disabled" - if (File.exists?(disabled_lockfile_path)) - Puppet.warning("Found special lockfile '#{disabled_lockfile_path}'; this file was " + - "generated by a call to 'puppet agent --disable' in puppet 2.7.10 or 2.7.11. " + - "The expected lockfile path is '#{@lockfile}'; renaming the lock file.") - File.rename(disabled_lockfile_path, @lockfile) - end - end - private :handle_2_7_10_disabled_lockfile - ###################################################################################### - # End backwards compatibility hack - ###################################################################################### end diff --git a/spec/unit/agent/disabler_spec.rb b/spec/unit/agent/disabler_spec.rb new file mode 100644 index 000000000..c93be4dc6 --- /dev/null +++ b/spec/unit/agent/disabler_spec.rb @@ -0,0 +1,68 @@ +#!/usr/bin/env rspec +require 'spec_helper' +require 'puppet/agent' +require 'puppet/agent/locker' + +class DisablerTester + include Puppet::Agent::Disabler +end + +describe Puppet::Agent::Disabler do + before do + @disabler = DisablerTester.new + end + + + ## These tests are currently very implementation-specific, and they rely heavily on + ## having access to the "disable_lockfile" method. However, I've made this method private + ## because it really shouldn't be exposed outside of our implementation... therefore + ## these tests have to use a lot of ".send" calls. They should probably be cleaned up + ## but for the moment I wanted to make sure not to lose any of the functionality of + ## the tests. --cprice 2012-04-16 + + it "should use an JsonLockfile instance as its disable_lockfile" do + @disabler.send(:disable_lockfile).should be_instance_of(Puppet::Util::JsonLockfile) + end + + + it "should use puppet's :agent_disabled_lockfile' setting to determine its lockfile path" do + Puppet.expects(:[]).with(:agent_disabled_lockfile).returns("/my/lock.disabled") + lock = Puppet::Util::JsonLockfile.new("/my/lock.disabled") + Puppet::Util::JsonLockfile.expects(:new).with("/my/lock.disabled").returns lock + + @disabler.send(:disable_lockfile) + end + + it "should reuse the same lock file each time" do + @disabler.send(:disable_lockfile).should equal(@disabler.send(:disable_lockfile)) + end + + it "should lock the file when disabled" do + @disabler.send(:disable_lockfile).expects(:lock) + + @disabler.disable + end + + it "should unlock the file when enabled" do + @disabler.send(:disable_lockfile).expects(:unlock) + + @disabler.enable + end + + it "should check the lock if it is disabled" do + @disabler.send(:disable_lockfile).expects(:locked?) + + @disabler.disabled? + end + + it "should report the disable message when disabled" do + lockfile = PuppetSpec::Files.tmpfile("lock") + lock = Puppet::Util::JsonLockfile.new(lockfile) + Puppet.expects(:[]).with(:agent_disabled_lockfile).returns("/my/lock.disabled") + Puppet::Util::JsonLockfile.expects(:new).with("/my/lock.disabled").returns lock + + msg = "I'm busy, go away" + @disabler.disable(msg) + @disabler.disable_message.should == msg + end +end diff --git a/spec/unit/agent/locker_spec.rb b/spec/unit/agent/locker_spec.rb index cfbdcc8eb..9d3188c14 100755 --- a/spec/unit/agent/locker_spec.rb +++ b/spec/unit/agent/locker_spec.rb @@ -1,99 +1,93 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' require 'puppet/agent/locker' class LockerTester include Puppet::Agent::Locker end describe Puppet::Agent::Locker do - before do + before do @locker = LockerTester.new - @locker.stubs(:lockfile_path).returns "/my/lock" end + ## These tests are currently very implementation-specific, and they rely heavily on + ## having access to the lockfile object. However, I've made this method private + ## because it really shouldn't be exposed outside of our implementation... therefore + ## these tests have to use a lot of ".send" calls. They should probably be cleaned up + ## but for the moment I wanted to make sure not to lose any of the functionality of + ## the tests. --cprice 2012-04-16 + it "should use a Pidlock instance as its lockfile" do - @locker.lockfile.should be_instance_of(Puppet::Util::Pidlock) + @locker.send(:lockfile).should be_instance_of(Puppet::Util::Pidlock) end - it "should use 'lockfile_path' to determine its lockfile path" do - @locker.expects(:lockfile_path).returns "/my/lock" + it "should use puppet's :agent_pidfile' setting to determine its lockfile path" do + Puppet.expects(:[]).with(:agent_pidfile).returns("/my/lock") lock = Puppet::Util::Pidlock.new("/my/lock") Puppet::Util::Pidlock.expects(:new).with("/my/lock").returns lock - @locker.lockfile + @locker.send(:lockfile) end it "should reuse the same lock file each time" do - @locker.lockfile.should equal(@locker.lockfile) - end - - it "should use the lock file to anonymously lock the process when disabled" do - @locker.lockfile.expects(:lock).with(:anonymous => true) - - @locker.disable - end - - it "should use the lock file to anonymously unlock the process when enabled" do - @locker.lockfile.expects(:unlock).with(:anonymous => true) - - @locker.enable + @locker.send(:lockfile).should equal(@locker.send(:lockfile)) end it "should have a method that yields when a lock is attained" do - @locker.lockfile.expects(:lock).returns true + @locker.send(:lockfile).expects(:lock).returns true yielded = false @locker.lock do yielded = true end yielded.should be_true end it "should return the block result when the lock method successfully locked" do - @locker.lockfile.expects(:lock).returns true + @locker.send(:lockfile).expects(:lock).returns true @locker.lock { :result }.should == :result end it "should return nil when the lock method does not receive the lock" do - @locker.lockfile.expects(:lock).returns false + @locker.send(:lockfile).expects(:lock).returns false @locker.lock {}.should be_nil end it "should not yield when the lock method does not receive the lock" do - @locker.lockfile.expects(:lock).returns false + @locker.send(:lockfile).expects(:lock).returns false yielded = false @locker.lock { yielded = true } yielded.should be_false end it "should not unlock when a lock was not received" do - @locker.lockfile.expects(:lock).returns false - @locker.lockfile.expects(:unlock).never + @locker.send(:lockfile).expects(:lock).returns false + @locker.send(:lockfile).expects(:unlock).never @locker.lock {} end it "should unlock after yielding upon obtaining a lock" do - @locker.lockfile.stubs(:lock).returns true - @locker.lockfile.expects(:unlock) + @locker.send(:lockfile).stubs(:lock).returns true + @locker.send(:lockfile).expects(:unlock) @locker.lock {} end it "should unlock after yielding upon obtaining a lock, even if the block throws an exception" do - @locker.lockfile.stubs(:lock).returns true - @locker.lockfile.expects(:unlock) + @locker.send(:lockfile).stubs(:lock).returns true + @locker.send(:lockfile).expects(:unlock) lambda { @locker.lock { raise "foo" } }.should raise_error(RuntimeError) end it "should be considered running if the lockfile is locked" do - @locker.lockfile.expects(:locked?).returns true + @locker.send(:lockfile).expects(:locked?).returns true @locker.should be_running end end diff --git a/spec/unit/agent_backward_compatibility_spec.rb b/spec/unit/agent_backward_compatibility_spec.rb deleted file mode 100755 index 9301e2611..000000000 --- a/spec/unit/agent_backward_compatibility_spec.rb +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/env rspec -require 'spec_helper' -require 'puppet/agent' - - -############################################################################ -# NOTE # -############################################################################ -# # -# This entire spec is only here for backwards compatibility from 2.7.12+ # -# with 2.7.10 and 2.7.11. The entire file should be able to be removed # -# for the 3.x series. # -# # -# For more info, see the comments on the #handle_2_7_10_disabled_lockfile # -# method in pidlock.rb # -# # -# --cprice 2012-03-01 # -############################################################################ - -class AgentTestClient - def run - # no-op - end - def stop - # no-op - end -end - -describe Puppet::Agent do - include PuppetSpec::Files - - let(:agent) { Puppet::Agent.new(AgentTestClient) } - - describe "in order to be backwards-compatibility with versions 2.7.10 and 2.7.11" do - - describe "when the 2.7.10/2.7.11 'disabled' lockfile exists" do - - # the "normal" lockfile - let(:lockfile_path) { tmpfile("agent_spec_lockfile") } - - # the 2.7.10/2.7.11 "disabled" lockfile - # (can't use PuppetSpec::Files.tmpfile here because we need the ".disabled" file to have *exactly* the same - # path/name as the original file, plus the ".disabled" suffix.) - let(:disabled_lockfile_path) { lockfile_path + ".disabled" } - - # some regexes to match log messages - let(:warning_regex) { /^Found special lockfile '#{Regexp.escape(disabled_lockfile_path)}'.*renaming/ } - let(:disabled_regex) { /^Skipping run of .*; administratively disabled/ } - - before(:each) do - # create the 2.7.10 "disable" lockfile. - FileUtils.touch(disabled_lockfile_path) - - # stub in our temp lockfile path. - AgentTestClient.expects(:lockfile_path).returns lockfile_path - end - - after(:each) do - # manually clean up the files that we didn't create via PuppetSpec::Files.tmpfile - begin - File.unlink(disabled_lockfile_path) - rescue Errno::ENOENT - # some of the tests expect for the agent code to take care of deleting this file, - # so it may (validly) not exist. - end - end - - describe "when the 'regular' lockfile also exists" do - # the logic here is that if a 'regular' lockfile already exists, then there is some state that the - # current version of puppet is responsible for dealing with. All of the tests in this block are - # simply here to make sure that our backwards-compatibility hack does *not* interfere with this. - # - # Even if the ".disabled" lockfile exists--it can be dealt with at another time, when puppet is - # in *exactly* the state that we want it to be in (mostly meaning that the 'regular' lockfile - # does not exist.) - - before(:each) do - # create the "regular" lockfile - FileUtils.touch(lockfile_path) - end - - it "should be recognized as 'disabled'" do - agent.should be_disabled - end - - it "should not try to start a new agent run" do - AgentTestClient.expects(:new).never - Puppet.expects(:notice).with(regexp_matches(disabled_regex)) - - agent.run - end - - it "should not delete the 2.7.10/2.7.11 lockfile" do - agent.run - - File.exists?(disabled_lockfile_path).should == true - end - - it "should not print the warning message" do - Puppet.expects(:warning).with(regexp_matches(warning_regex)).never - - agent.run - end - end - - describe "when the 'regular' lockfile does not exist" do - # this block of tests is for actually testing the backwards compatibility hack. This - # is where we're in a clean state and we know it's safe(r) to muck with the lockfile - # situation. - - it "should recognize that the agent is disabled" do - agent.should be_disabled - end - - describe "when an agent run is requested" do - it "should not try to start a new agent run" do - AgentTestClient.expects(:new).never - Puppet.expects(:notice).with(regexp_matches(disabled_regex)) - - agent.run - end - - it "should warn, remove the 2.7.10/2.7.11 lockfile, and create the 'normal' lockfile" do - Puppet.expects(:warning).with(regexp_matches(warning_regex)) - - agent.run - - File.exists?(disabled_lockfile_path).should == false - File.exists?(lockfile_path).should == true - end - end - - describe "when running --enable" do - it "should recognize that the agent is disabled" do - agent.should be_disabled - end - - it "should warn and clean up the 2.7.10/2.7.11 lockfile" do - Puppet.expects(:warning).with(regexp_matches(warning_regex)) - - agent.enable - - File.exists?(disabled_lockfile_path).should == false - File.exists?(lockfile_path).should == false - end - end - end - end - end - - -end diff --git a/spec/unit/agent_spec.rb b/spec/unit/agent_spec.rb index 13ea756d2..0b3e76d74 100755 --- a/spec/unit/agent_spec.rb +++ b/spec/unit/agent_spec.rb @@ -1,334 +1,326 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' class AgentTestClient def run # no-op end def stop # no-op end end def without_warnings flag = $VERBOSE $VERBOSE = nil yield $VERBOSE = flag end describe Puppet::Agent do before do @agent = Puppet::Agent.new(AgentTestClient) # So we don't actually try to hit the filesystem. @agent.stubs(:lock).yields # make Puppet::Application safe for stubbing; restore in an :after block; silence warnings for this. without_warnings { Puppet::Application = Class.new(Puppet::Application) } Puppet::Application.stubs(:clear?).returns(true) Puppet::Application.class_eval do class << self def controlled_run(&block) block.call end end end end after do # restore Puppet::Application from stub-safe subclass, and silence warnings without_warnings { Puppet::Application = Puppet::Application.superclass } end it "should set its client class at initialization" do Puppet::Agent.new("foo").client_class.should == "foo" end it "should include the Locker module" do Puppet::Agent.ancestors.should be_include(Puppet::Agent::Locker) end it "should create an instance of its client class and run it when asked to run" do client = mock 'client' AgentTestClient.expects(:new).returns client client.expects(:run) @agent.stubs(:running?).returns false @agent.stubs(:disabled?).returns false @agent.run end - it "should determine its lock file path by asking the client class" do - AgentTestClient.expects(:lockfile_path).returns "/my/lock" - @agent.lockfile_path.should == "/my/lock" - end - - it "should be considered running if the lock file is locked and not anonymous" do + it "should be considered running if the lock file is locked" do lockfile = mock 'lockfile' - @agent.expects(:lockfile).returns(lockfile).twice + @agent.expects(:lockfile).returns(lockfile) lockfile.expects(:locked?).returns true - lockfile.expects(:anonymous?).returns false @agent.should be_running end - it "should be considered disabled if the lock file is locked and anonymous" do - lockfile = mock 'lockfile' - - @agent.expects(:lockfile).returns(lockfile).at_least_once - lockfile.expects(:locked?).returns(true).at_least_once - lockfile.expects(:anonymous?).returns(true).at_least_once - - @agent.should be_disabled - end - describe "when being run" do before do + AgentTestClient.stubs(:lockfile_path).returns "/my/lock" @agent.stubs(:running?).returns false @agent.stubs(:disabled?).returns false end it "should splay" do @agent.expects(:splay) @agent.run end it "should do nothing if already running" do @agent.expects(:running?).returns true AgentTestClient.expects(:new).never @agent.run end + it "should do nothing if disabled" do + @agent.expects(:disabled?).returns(true) + AgentTestClient.expects(:new).never + @agent.run + end + it "(#11057) should notify the user about why a run is skipped" do Puppet::Application.stubs(:controlled_run).returns(false) Puppet::Application.stubs(:run_status).returns('MOCK_RUN_STATUS') # This is the actual test that we inform the user why the run is skipped. # We assume this information is contained in # Puppet::Application.run_status Puppet.expects(:notice).with(regexp_matches(/MOCK_RUN_STATUS/)) @agent.run end it "should display an informative message if the agent is administratively disabled" do @agent.expects(:disabled?).returns true - Puppet.expects(:notice).with(regexp_matches(/Skipping run of .*; administratively disabled/)) + @agent.expects(:disable_message).returns "foo" + Puppet.expects(:notice).with(regexp_matches(/Skipping run of .*; administratively disabled.*\(Reason: 'foo'\)/)) @agent.run end it "should use Puppet::Application.controlled_run to manage process state behavior" do calls = sequence('calls') Puppet::Application.expects(:controlled_run).yields.in_sequence(calls) AgentTestClient.expects(:new).once.in_sequence(calls) @agent.run end it "should not fail if a client class instance cannot be created" do AgentTestClient.expects(:new).raises "eh" Puppet.expects(:err) @agent.run end it "should not fail if there is an exception while running its client" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).raises "eh" Puppet.expects(:err) @agent.run end it "should use a mutex to restrict multi-threading" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client mutex = mock 'mutex' @agent.expects(:sync).returns mutex mutex.expects(:synchronize) client.expects(:run).never # if it doesn't run, then we know our yield is what triggers it @agent.run end it "should use a filesystem lock to restrict multiple processes running the agent" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client @agent.expects(:lock) client.expects(:run).never # if it doesn't run, then we know our yield is what triggers it @agent.run end it "should make its client instance available while running" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).with { @agent.client.should equal(client); true } @agent.run end it "should run the client instance with any arguments passed to it" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).with("testargs") @agent.run("testargs") end it "should return the agent result" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client @agent.expects(:lock).returns(:result) @agent.run.should == :result end describe "when should_fork is true" do before do @agent.should_fork = true Kernel.stubs(:fork) Process.stubs(:waitpid2).returns [123, (stub 'process::status', :exitstatus => 0)] @agent.stubs(:exit) end it "should run the agent in a forked process" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run) Kernel.expects(:fork).yields @agent.run end it "should exit child process if child exit" do client = AgentTestClient.new AgentTestClient.expects(:new).returns client client.expects(:run).raises(SystemExit) Kernel.expects(:fork).yields @agent.expects(:exit).with(-1) @agent.run end it "should re-raise exit happening in the child" do Process.stubs(:waitpid2).returns [123, (stub 'process::status', :exitstatus => -1)] lambda { @agent.run }.should raise_error(SystemExit) end it "should re-raise NoMoreMemory happening in the child" do Process.stubs(:waitpid2).returns [123, (stub 'process::status', :exitstatus => -2)] lambda { @agent.run }.should raise_error(NoMemoryError) end it "should return the child exit code" do Process.stubs(:waitpid2).returns [123, (stub 'process::status', :exitstatus => 777)] @agent.run.should == 777 end it "should return the block exit code as the child exit code" do Kernel.expects(:fork).yields @agent.expects(:exit).with(777) @agent.run_in_fork { 777 } end end end describe "when splaying" do before do Puppet.settings.stubs(:value).with(:splay).returns true Puppet.settings.stubs(:value).with(:splaylimit).returns "10" end it "should do nothing if splay is disabled" do Puppet.settings.expects(:value).returns false @agent.expects(:sleep).never @agent.splay end it "should do nothing if it has already splayed" do @agent.expects(:splayed?).returns true @agent.expects(:sleep).never @agent.splay end it "should log that it is splaying" do @agent.stubs :sleep Puppet.expects :info @agent.splay end it "should sleep for a random portion of the splaylimit plus 1" do Puppet.settings.expects(:value).with(:splaylimit).returns "50" @agent.expects(:rand).with(51).returns 10 @agent.expects(:sleep).with(10) @agent.splay end it "should mark that it has splayed" do @agent.stubs(:sleep) @agent.splay @agent.should be_splayed end end describe "when checking execution state" do describe 'with regular run status' do before :each do Puppet::Application.stubs(:restart_requested?).returns(false) Puppet::Application.stubs(:stop_requested?).returns(false) Puppet::Application.stubs(:interrupted?).returns(false) Puppet::Application.stubs(:clear?).returns(true) end it 'should be false for :stopping?' do @agent.stopping?.should be_false end it 'should be false for :needing_restart?' do @agent.needing_restart?.should be_false end end describe 'with a stop requested' do before :each do Puppet::Application.stubs(:clear?).returns(false) Puppet::Application.stubs(:restart_requested?).returns(false) Puppet::Application.stubs(:stop_requested?).returns(true) Puppet::Application.stubs(:interrupted?).returns(true) end it 'should be true for :stopping?' do @agent.stopping?.should be_true end it 'should be false for :needing_restart?' do @agent.needing_restart?.should be_false end end describe 'with a restart requested' do before :each do Puppet::Application.stubs(:clear?).returns(false) Puppet::Application.stubs(:restart_requested?).returns(true) Puppet::Application.stubs(:stop_requested?).returns(false) Puppet::Application.stubs(:interrupted?).returns(true) end it 'should be false for :stopping?' do @agent.stopping?.should be_false end it 'should be true for :needing_restart?' do @agent.needing_restart?.should be_true end end end end diff --git a/spec/unit/application/agent_spec.rb b/spec/unit/application/agent_spec.rb index d7e2e7f49..2f3a9a0e3 100755 --- a/spec/unit/application/agent_spec.rb +++ b/spec/unit/application/agent_spec.rb @@ -1,589 +1,621 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/agent' require 'puppet/application/agent' require 'puppet/network/server' require 'puppet/daemon' describe Puppet::Application::Agent do before :each do @puppetd = Puppet::Application[:agent] @puppetd.stubs(:puts) @daemon = stub_everything 'daemon' Puppet::Daemon.stubs(:new).returns(@daemon) Puppet[:daemonize] = false @agent = stub_everything 'agent' Puppet::Agent.stubs(:new).returns(@agent) @puppetd.preinit Puppet::Util::Log.stubs(:newdestination) Puppet::Node.indirection.stubs(:terminus_class=) Puppet::Node.indirection.stubs(:cache_class=) Puppet::Node::Facts.indirection.stubs(:terminus_class=) end it "should operate in agent run_mode" do @puppetd.class.run_mode.name.should == :agent end it "should declare a main command" do @puppetd.should respond_to(:main) end it "should declare a onetime command" do @puppetd.should respond_to(:onetime) end it "should declare a fingerprint command" do @puppetd.should respond_to(:fingerprint) end it "should declare a preinit block" do @puppetd.should respond_to(:preinit) end describe "in preinit" do it "should catch INT" do Signal.expects(:trap).with { |arg,block| arg == :INT } @puppetd.preinit end it "should init client to true" do @puppetd.preinit @puppetd.options[:client].should be_true end it "should init fqdn to nil" do @puppetd.preinit @puppetd.options[:fqdn].should be_nil end it "should init serve to []" do @puppetd.preinit @puppetd.options[:serve].should == [] end it "should use MD5 as default digest algorithm" do @puppetd.preinit @puppetd.options[:digest].should == :MD5 end it "should not fingerprint by default" do @puppetd.preinit @puppetd.options[:fingerprint].should be_false end it "should init waitforcert to nil" do @puppetd.preinit @puppetd.options[:waitforcert].should be_nil end end describe "when handling options" do before do @puppetd.command_line.stubs(:args).returns([]) end - [:centrallogging, :disable, :enable, :debug, :fqdn, :test, :verbose, :digest].each do |option| + [:centrallogging, :enable, :debug, :fqdn, :test, :verbose, :digest].each do |option| it "should declare handle_#{option} method" do @puppetd.should respond_to("handle_#{option}".to_sym) end it "should store argument value when calling handle_#{option}" do @puppetd.options.expects(:[]=).with(option, 'arg') @puppetd.send("handle_#{option}".to_sym, 'arg') end end + describe "when handling --disable" do + it "should declare handle_disable method" do + @puppetd.should respond_to(:handle_disable) + end + + it "should set disable to true" do + @puppetd.options.stubs(:[]=) + @puppetd.options.expects(:[]=).with(:disable, true) + @puppetd.handle_disable('') + end + + it "should store disable message" do + @puppetd.options.stubs(:[]=) + @puppetd.options.expects(:[]=).with(:disable_message, "message") + @puppetd.handle_disable('message') + end + end + it "should set client to false with --no-client" do @puppetd.handle_no_client(nil) @puppetd.options[:client].should be_false end it "should set waitforcert to 0 with --onetime and if --waitforcert wasn't given" do Puppet[:onetime] = true Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(0) @puppetd.setup_host end it "should use supplied waitforcert when --onetime is specified" do Puppet[:onetime] = true @puppetd.handle_waitforcert(60) Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(60) @puppetd.setup_host end it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(120) @puppetd.setup_host end it "should use the waitforcert setting when checking for a signed certificate" do Puppet[:waitforcert] = 10 Puppet::SSL::Host.any_instance.expects(:wait_for_cert).with(10) @puppetd.setup_host end it "should set the log destination with --logdest" do @puppetd.options.stubs(:[]=).with { |opt,val| opt == :setdest } Puppet::Log.expects(:newdestination).with("console") @puppetd.handle_logdest("console") end it "should put the setdest options to true" do @puppetd.options.expects(:[]=).with(:setdest,true) @puppetd.handle_logdest("console") end it "should parse the log destination from the command line" do @puppetd.command_line.stubs(:args).returns(%w{--logdest /my/file}) Puppet::Util::Log.expects(:newdestination).with("/my/file") @puppetd.parse_options end it "should store the waitforcert options with --waitforcert" do @puppetd.options.expects(:[]=).with(:waitforcert,42) @puppetd.handle_waitforcert("42") end it "should set args[:Port] with --port" do @puppetd.handle_port("42") @puppetd.args[:Port].should == "42" end end describe "during setup" do before :each do @puppetd.options.stubs(:[]) Puppet.stubs(:info) FileTest.stubs(:exists?).returns(true) Puppet[:libdir] = "/dev/null/lib" Puppet::SSL::Host.stubs(:ca_location=) Puppet::Transaction::Report.indirection.stubs(:terminus_class=) Puppet::Transaction::Report.indirection.stubs(:cache_class=) Puppet::Resource::Catalog.indirection.stubs(:terminus_class=) Puppet::Resource::Catalog.indirection.stubs(:cache_class=) Puppet::Node::Facts.indirection.stubs(:terminus_class=) @host = stub_everything 'host' Puppet::SSL::Host.stubs(:new).returns(@host) Puppet.stubs(:settraps) end describe "with --test" do before :each do #Puppet.settings.stubs(:handlearg) @puppetd.options.stubs(:[]=) end it "should call setup_test" do @puppetd.options.stubs(:[]).with(:test).returns(true) @puppetd.expects(:setup_test) @puppetd.setup end it "should set options[:verbose] to true" do @puppetd.options.expects(:[]=).with(:verbose,true) @puppetd.setup_test end it "should set options[:onetime] to true" do Puppet[:onetime] = false @puppetd.setup_test Puppet[:onetime].should == true end it "should set options[:detailed_exitcodes] to true" do @puppetd.options.expects(:[]=).with(:detailed_exitcodes,true) @puppetd.setup_test end end it "should call setup_logs" do @puppetd.expects(:setup_logs) @puppetd.setup end describe "when setting up logs" do before :each do Puppet::Util::Log.stubs(:newdestination) end it "should set log level to debug if --debug was passed" do @puppetd.options.stubs(:[]).with(:debug).returns(true) @puppetd.setup_logs Puppet::Util::Log.level.should == :debug end it "should set log level to info if --verbose was passed" do @puppetd.options.stubs(:[]).with(:verbose).returns(true) @puppetd.setup_logs Puppet::Util::Log.level.should == :info end [:verbose, :debug].each do |level| it "should set console as the log destination with level #{level}" do @puppetd.options.stubs(:[]).with(level).returns(true) Puppet::Util::Log.expects(:newdestination).with(:console) @puppetd.setup_logs end end it "should set a default log destination if no --logdest" do @puppetd.options.stubs(:[]).with(:setdest).returns(false) Puppet::Util::Log.expects(:setup_default) @puppetd.setup_logs end end it "should print puppet config if asked to in Puppet config" do Puppet[:configprint] = "pluginsync" Puppet.settings.expects(:print_configs).returns true expect { @puppetd.setup }.to exit_with 0 end it "should exit after printing puppet config if asked to in Puppet config" do Puppet[:modulepath] = '/my/path' Puppet[:configprint] = "modulepath" Puppet::Util::Settings.any_instance.expects(:puts).with('/my/path') expect { @puppetd.setup }.to exit_with 0 end it "should set a central log destination with --centrallogs" do @puppetd.options.stubs(:[]).with(:centrallogs).returns(true) Puppet[:server] = "puppet.reductivelabs.com" Puppet::Util::Log.stubs(:setup_default) Puppet::Util::Log.expects(:newdestination).with("puppet.reductivelabs.com") @puppetd.setup end it "should use :main, :puppetd, and :ssl" do Puppet.settings.expects(:use).with(:main, :agent, :ssl) @puppetd.setup end it "should install a remote ca location" do Puppet::SSL::Host.expects(:ca_location=).with(:remote) @puppetd.setup end it "should install a none ca location in fingerprint mode" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) Puppet::SSL::Host.expects(:ca_location=).with(:none) @puppetd.setup end it "should tell the report handler to use REST" do Puppet::Transaction::Report.indirection.expects(:terminus_class=).with(:rest) @puppetd.setup end it "should tell the report handler to cache locally as yaml" do Puppet::Transaction::Report.indirection.expects(:cache_class=).with(:yaml) @puppetd.setup end it "should change the catalog_terminus setting to 'rest'" do Puppet[:catalog_terminus] = :foo @puppetd.setup Puppet[:catalog_terminus].should == :rest end it "should tell the catalog handler to use cache" do Puppet::Resource::Catalog.indirection.expects(:cache_class=).with(:yaml) @puppetd.setup end it "should change the facts_terminus setting to 'facter'" do Puppet[:facts_terminus] = :foo @puppetd.setup Puppet[:facts_terminus].should == :facter end it "should create an agent" do Puppet::Agent.stubs(:new).with(Puppet::Configurer) @puppetd.setup end [:enable, :disable].each do |action| it "should delegate to enable_disable_client if we #{action} the agent" do @puppetd.options.stubs(:[]).with(action).returns(true) @puppetd.expects(:enable_disable_client).with(@agent) @puppetd.setup end end describe "when enabling or disabling agent" do [:enable, :disable].each do |action| it "should call client.#{action}" do @puppetd.options.stubs(:[]).with(action).returns(true) @agent.expects(action) expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 end end + it "should pass the disable message when disabling" do + @puppetd.options.stubs(:[]).with(:disable).returns(true) + @puppetd.options.stubs(:[]).with(:disable_message).returns("message") + @agent.expects(:disable).with("message") + expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 + end + + it "should pass the default disable message when disabling without a message" do + @puppetd.options.stubs(:[]).with(:disable).returns(true) + @puppetd.options.stubs(:[]).with(:disable_message).returns(nil) + @agent.expects(:disable).with("reason not specified") + expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 + end + it "should finally exit" do expect { @puppetd.enable_disable_client(@agent) }.to exit_with 0 end end it "should inform the daemon about our agent if :client is set to 'true'" do @puppetd.options.expects(:[]).with(:client).returns true @daemon.expects(:agent=).with(@agent) @puppetd.setup end it "should not inform the daemon about our agent if :client is set to 'false'" do @puppetd.options[:client] = false @daemon.expects(:agent=).never @puppetd.setup end it "should daemonize if needed" do Puppet.features.stubs(:microsoft_windows?).returns false Puppet[:daemonize] = true @daemon.expects(:daemonize) @puppetd.setup end it "should wait for a certificate" do @puppetd.options.stubs(:[]).with(:waitforcert).returns(123) @host.expects(:wait_for_cert).with(123) @puppetd.setup end it "should not wait for a certificate in fingerprint mode" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.options.stubs(:[]).with(:waitforcert).returns(123) @host.expects(:wait_for_cert).never @puppetd.setup end it "should setup listen if told to and not onetime" do Puppet[:listen] = true @puppetd.options.stubs(:[]).with(:onetime).returns(false) @puppetd.expects(:setup_listen) @puppetd.setup end describe "when setting up listen" do before :each do Puppet[:authconfig] = 'auth' FileTest.stubs(:exists?).with('auth').returns(true) File.stubs(:exist?).returns(true) @puppetd.options.stubs(:[]).with(:serve).returns([]) @server = stub_everything 'server' Puppet::Network::Server.stubs(:new).returns(@server) end it "should exit if no authorization file" do Puppet.stubs(:err) FileTest.stubs(:exists?).with(Puppet[:rest_authconfig]).returns(false) expect { @puppetd.setup_listen }.to exit_with 14 end it "should use puppet default port" do Puppet[:puppetport] = 32768 Puppet::Network::Server.expects(:new).with { |args| args[:port] == 32768 } @puppetd.setup_listen end end describe "when setting up for fingerprint" do before(:each) do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) end it "should not setup as an agent" do @puppetd.expects(:setup_agent).never @puppetd.setup end it "should not create an agent" do Puppet::Agent.stubs(:new).with(Puppet::Configurer).never @puppetd.setup end it "should not daemonize" do @daemon.expects(:daemonize).never @puppetd.setup end it "should setup our certificate host" do @puppetd.expects(:setup_host) @puppetd.setup end end end describe "when running" do before :each do @puppetd.agent = @agent @puppetd.daemon = @daemon @puppetd.options.stubs(:[]).with(:fingerprint).returns(false) end it "should dispatch to fingerprint if --fingerprint is used" do @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.stubs(:fingerprint) @puppetd.run_command end it "should dispatch to onetime if --onetime is used" do @puppetd.options.stubs(:[]).with(:onetime).returns(true) @puppetd.stubs(:onetime) @puppetd.run_command end it "should dispatch to main if --onetime and --fingerprint are not used" do @puppetd.options.stubs(:[]).with(:onetime).returns(false) @puppetd.stubs(:main) @puppetd.run_command end describe "with --onetime" do before :each do @agent.stubs(:run).returns(:report) @puppetd.options.stubs(:[]).with(:client).returns(:client) @puppetd.options.stubs(:[]).with(:detailed_exitcodes).returns(false) Puppet.stubs(:newservice) end it "should exit if no defined --client" do $stderr.stubs(:puts) @puppetd.options.stubs(:[]).with(:client).returns(nil) expect { @puppetd.onetime }.to exit_with 43 end it "should setup traps" do @daemon.expects(:set_signal_traps) expect { @puppetd.onetime }.to exit_with 0 end it "should not let the agent fork" do @agent.expects(:should_fork=).with(false) expect { @puppetd.onetime }.to exit_with 0 end it "should let the agent run" do @agent.expects(:run).returns(:report) expect { @puppetd.onetime }.to exit_with 0 end it "should finish by exiting with 0 error code" do expect { @puppetd.onetime }.to exit_with 0 end it "should stop the daemon" do @daemon.expects(:stop).with(:exit => false) expect { @puppetd.onetime }.to exit_with 0 end describe "and --detailed-exitcodes" do before :each do @puppetd.options.stubs(:[]).with(:detailed_exitcodes).returns(true) end it "should exit with agent computed exit status" do Puppet[:noop] = false @agent.stubs(:run).returns(666) expect { @puppetd.onetime }.to exit_with 666 end it "should exit with the agent's exit status, even if --noop is set." do Puppet[:noop] = true @agent.stubs(:run).returns(666) expect { @puppetd.onetime }.to exit_with 666 end end end describe "with --fingerprint" do before :each do @cert = stub_everything 'cert' @puppetd.options.stubs(:[]).with(:fingerprint).returns(true) @puppetd.options.stubs(:[]).with(:digest).returns(:MD5) @host = stub_everything 'host' @puppetd.stubs(:host).returns(@host) end it "should fingerprint the certificate if it exists" do @host.expects(:certificate).returns(@cert) @cert.expects(:fingerprint).with(:MD5).returns "fingerprint" @puppetd.fingerprint end it "should fingerprint the certificate request if no certificate have been signed" do @host.expects(:certificate).returns(nil) @host.expects(:certificate_request).returns(@cert) @cert.expects(:fingerprint).with(:MD5).returns "fingerprint" @puppetd.fingerprint end it "should display the fingerprint" do @host.stubs(:certificate).returns(@cert) @cert.stubs(:fingerprint).with(:MD5).returns("DIGEST") @puppetd.expects(:puts).with "DIGEST" @puppetd.fingerprint end end describe "without --onetime and --fingerprint" do before :each do Puppet.stubs(:notice) @puppetd.options.stubs(:[]).with(:client) end it "should start our daemon" do @daemon.expects(:start) @puppetd.main end end end end diff --git a/spec/unit/configurer_spec.rb b/spec/unit/configurer_spec.rb index 1ea91a002..570a500d0 100755 --- a/spec/unit/configurer_spec.rb +++ b/spec/unit/configurer_spec.rb @@ -1,615 +1,610 @@ #!/usr/bin/env rspec require 'spec_helper' require 'puppet/configurer' describe Puppet::Configurer do before do Puppet.settings.stubs(:use).returns(true) @agent = Puppet::Configurer.new @agent.stubs(:init_storage) Puppet::Util::Storage.stubs(:store) Puppet[:server] = "puppetmaster" Puppet[:report] = true end it "should include the Plugin Handler module" do Puppet::Configurer.ancestors.should be_include(Puppet::Configurer::PluginHandler) end it "should include the Fact Handler module" do Puppet::Configurer.ancestors.should be_include(Puppet::Configurer::FactHandler) end - it "should use the puppetdlockfile as its lockfile path" do - Puppet.settings.expects(:value).with(:puppetdlockfile).returns("/my/lock") - Puppet::Configurer.lockfile_path.should == "/my/lock" - end - describe "when executing a pre-run hook" do it "should do nothing if the hook is set to an empty string" do Puppet.settings[:prerun_command] = "" Puppet::Util.expects(:exec).never @agent.execute_prerun_command end it "should execute any pre-run command provided via the 'prerun_command' setting" do Puppet.settings[:prerun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.execute_prerun_command end it "should fail if the command fails" do Puppet.settings[:prerun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.execute_prerun_command.should be_false end end describe "when executing a post-run hook" do it "should do nothing if the hook is set to an empty string" do Puppet.settings[:postrun_command] = "" Puppet::Util.expects(:exec).never @agent.execute_postrun_command end it "should execute any post-run command provided via the 'postrun_command' setting" do Puppet.settings[:postrun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.execute_postrun_command end it "should fail if the command fails" do Puppet.settings[:postrun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.execute_postrun_command.should be_false end end describe "when executing a catalog run" do before do Puppet.settings.stubs(:use).returns(true) @agent.stubs(:download_plugins) Puppet::Node::Facts.indirection.terminus_class = :memory @facts = Puppet::Node::Facts.new(Puppet[:node_name_value]) Puppet::Node::Facts.indirection.save(@facts) @catalog = Puppet::Resource::Catalog.new @catalog.stubs(:to_ral).returns(@catalog) Puppet::Resource::Catalog.indirection.terminus_class = :rest Puppet::Resource::Catalog.indirection.stubs(:find).returns(@catalog) @agent.stubs(:send_report) @agent.stubs(:save_last_run_summary) Puppet::Util::Log.stubs(:close_all) end after :all do Puppet::Node::Facts.indirection.reset_terminus_class Puppet::Resource::Catalog.indirection.reset_terminus_class end it "should initialize storage" do Puppet::Util::Storage.expects(:load) @agent.run end it "should download plugins" do @agent.expects(:download_plugins) @agent.run end it "should initialize a transaction report if one is not provided" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns report @agent.run end it "should respect node_name_fact when setting the host on a report" do Puppet[:node_name_fact] = 'my_name_fact' @facts.values = {'my_name_fact' => 'node_name_from_fact'} report = Puppet::Transaction::Report.new("apply") @agent.run(:report => report) report.host.should == 'node_name_from_fact' end it "should pass the new report to the catalog" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.stubs(:new).returns report @catalog.expects(:apply).with{|options| options[:report] == report} @agent.run end it "should use the provided report if it was passed one" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).never @catalog.expects(:apply).with{|options| options[:report] == report} @agent.run(:report => report) end it "should set the report as a log destination" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns report Puppet::Util::Log.expects(:newdestination).with(report) Puppet::Util::Log.expects(:close).with(report) @agent.run end it "should retrieve the catalog" do @agent.expects(:retrieve_catalog) @agent.run end it "should log a failure and do nothing if no catalog can be retrieved" do @agent.expects(:retrieve_catalog).returns nil Puppet.expects(:err).with "Could not retrieve catalog; skipping run" @agent.run end it "should apply the catalog with all options to :run" do @agent.expects(:retrieve_catalog).returns @catalog @catalog.expects(:apply).with { |args| args[:one] == true } @agent.run :one => true end it "should accept a catalog and use it instead of retrieving a different one" do @agent.expects(:retrieve_catalog).never @catalog.expects(:apply) @agent.run :one => true, :catalog => @catalog end it "should benchmark how long it takes to apply the catalog" do @agent.expects(:benchmark).with(:notice, "Finished catalog run") @agent.expects(:retrieve_catalog).returns @catalog @catalog.expects(:apply).never # because we're not yielding @agent.run end it "should execute post-run hooks after the run" do @agent.expects(:execute_postrun_command) @agent.run end it "should send the report" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) @agent.expects(:send_report).with(report) @agent.run end it "should send the transaction report even if the catalog could not be retrieved" do @agent.expects(:retrieve_catalog).returns nil report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) @agent.expects(:send_report) @agent.run end it "should send the transaction report even if there is a failure" do @agent.expects(:retrieve_catalog).raises "whatever" report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) @agent.expects(:send_report) @agent.run.should be_nil end it "should remove the report as a log destination when the run is finished" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) @agent.run Puppet::Util::Log.destinations.should_not include(report) end it "should return the report exit_status as the result of the run" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) report.expects(:exit_status).returns(1234) @agent.run.should == 1234 end it "should send the transaction report even if the pre-run command fails" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:prerun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.expects(:send_report) @agent.run.should be_nil end it "should include the pre-run command failure in the report" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:prerun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.run.should be_nil report.logs.find { |x| x.message =~ /Could not run command from prerun_command/ }.should be end it "should send the transaction report even if the post-run command fails" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:postrun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @agent.expects(:send_report) @agent.run.should be_nil end it "should include the post-run command failure in the report" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:postrun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") report.expects(:<<).with { |log| log.message.include?("Could not run command from postrun_command") } @agent.run.should be_nil end it "should execute post-run command even if the pre-run command fails" do Puppet.settings[:prerun_command] = "/my/precommand" Puppet.settings[:postrun_command] = "/my/postcommand" Puppet::Util::Execution.expects(:execute).with(["/my/precommand"]).raises(Puppet::ExecutionFailure, "Failed") Puppet::Util::Execution.expects(:execute).with(["/my/postcommand"]) @agent.run.should be_nil end it "should finalize the report" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) report.expects(:finalize_report) @agent.run end it "should not apply the catalog if the pre-run command fails" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:prerun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @catalog.expects(:apply).never() @agent.expects(:send_report) @agent.run.should be_nil end it "should apply the catalog, send the report, and return nil if the post-run command fails" do report = Puppet::Transaction::Report.new("apply") Puppet::Transaction::Report.expects(:new).returns(report) Puppet.settings[:postrun_command] = "/my/command" Puppet::Util::Execution.expects(:execute).with(["/my/command"]).raises(Puppet::ExecutionFailure, "Failed") @catalog.expects(:apply) @agent.expects(:send_report) @agent.run.should be_nil end it "should refetch the catalog if the server specifies a new environment in the catalog" do @catalog.stubs(:environment).returns("second_env") @agent.expects(:retrieve_catalog).returns(@catalog).twice @agent.run end it "should change the environment setting if the server specifies a new environment in the catalog" do @catalog.stubs(:environment).returns("second_env") @agent.run @agent.environment.should == "second_env" end describe "when not using a REST terminus for catalogs" do it "should not pass any facts when retrieving the catalog" do Puppet::Resource::Catalog.indirection.terminus_class = :compiler @agent.expects(:facts_for_uploading).never Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:facts].nil? }.returns @catalog @agent.run end end describe "when using a REST terminus for catalogs" do it "should pass the prepared facts and the facts format as arguments when retrieving the catalog" do Puppet::Resource::Catalog.indirection.terminus_class = :rest @agent.expects(:facts_for_uploading).returns(:facts => "myfacts", :facts_format => :foo) Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:facts] == "myfacts" and options[:facts_format] == :foo }.returns @catalog @agent.run end end end describe "when sending a report" do include PuppetSpec::Files before do Puppet.settings.stubs(:use).returns(true) @configurer = Puppet::Configurer.new Puppet[:lastrunfile] = tmpfile('last_run_file') @report = Puppet::Transaction::Report.new("apply") end it "should print a report summary if configured to do so" do Puppet.settings[:summarize] = true @report.expects(:summary).returns "stuff" @configurer.expects(:puts).with("stuff") @configurer.send_report(@report) end it "should not print a report summary if not configured to do so" do Puppet.settings[:summarize] = false @configurer.expects(:puts).never @configurer.send_report(@report) end it "should save the report if reporting is enabled" do Puppet.settings[:report] = true Puppet::Transaction::Report.indirection.expects(:save).with(@report, nil, instance_of(Hash)) @configurer.send_report(@report) end it "should not save the report if reporting is disabled" do Puppet.settings[:report] = false Puppet::Transaction::Report.indirection.expects(:save).with(@report, nil, instance_of(Hash)).never @configurer.send_report(@report) end it "should save the last run summary if reporting is enabled" do Puppet.settings[:report] = true @configurer.expects(:save_last_run_summary).with(@report) @configurer.send_report(@report) end it "should save the last run summary if reporting is disabled" do Puppet.settings[:report] = false @configurer.expects(:save_last_run_summary).with(@report) @configurer.send_report(@report) end it "should log but not fail if saving the report fails" do Puppet.settings[:report] = true Puppet::Transaction::Report.indirection.expects(:save).raises("whatever") Puppet.expects(:err) lambda { @configurer.send_report(@report) }.should_not raise_error end end describe "when saving the summary report file" do include PuppetSpec::Files before do Puppet.settings.stubs(:use).returns(true) @configurer = Puppet::Configurer.new @report = stub 'report', :raw_summary => {} Puppet[:lastrunfile] = tmpfile('last_run_file') end it "should write the last run file" do @configurer.save_last_run_summary(@report) FileTest.exists?(Puppet[:lastrunfile]).should be_true end it "should write the raw summary as yaml" do @report.expects(:raw_summary).returns("summary") @configurer.save_last_run_summary(@report) File.read(Puppet[:lastrunfile]).should == YAML.dump("summary") end it "should log but not fail if saving the last run summary fails" do # The mock will raise an exception on any method used. This should # simulate a nice hard failure from the underlying OS for us. fh = Class.new(Object) do def method_missing(*args) raise "failed to do #{args[0]}" end end.new Puppet::Util.expects(:replace_file).yields(fh) Puppet.expects(:err) expect { @configurer.save_last_run_summary(@report) }.should_not raise_error end end describe "when retrieving a catalog" do before do Puppet.settings.stubs(:use).returns(true) @agent.stubs(:facts_for_uploading).returns({}) @catalog = Puppet::Resource::Catalog.new # this is the default when using a Configurer instance Puppet::Resource::Catalog.indirection.stubs(:terminus_class).returns :rest @agent.stubs(:convert_catalog).returns @catalog end describe "and configured to only retrieve a catalog from the cache" do before do Puppet.settings[:use_cached_catalog] = true end it "should first look in the cache for a catalog" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.returns @catalog Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.never @agent.retrieve_catalog({}).should == @catalog end it "should compile a new catalog if none is found in the cache" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.returns nil Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns @catalog @agent.retrieve_catalog({}).should == @catalog end end it "should use the Catalog class to get its catalog" do Puppet::Resource::Catalog.indirection.expects(:find).returns @catalog @agent.retrieve_catalog({}) end it "should use its node_name_value to retrieve the catalog" do Facter.stubs(:value).returns "eh" Puppet.settings[:node_name_value] = "myhost.domain.com" Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| name == "myhost.domain.com" }.returns @catalog @agent.retrieve_catalog({}) end it "should default to returning a catalog retrieved directly from the server, skipping the cache" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns @catalog @agent.retrieve_catalog({}).should == @catalog end it "should log and return the cached catalog when no catalog can be retrieved from the server" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns nil Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.returns @catalog Puppet.expects(:notice) @agent.retrieve_catalog({}).should == @catalog end it "should not look in the cache for a catalog if one is returned from the server" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns @catalog Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.never @agent.retrieve_catalog({}).should == @catalog end it "should return the cached catalog when retrieving the remote catalog throws an exception" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.raises "eh" Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.returns @catalog @agent.retrieve_catalog({}).should == @catalog end it "should log and return nil if no catalog can be retrieved from the server and :usecacheonfailure is disabled" do Puppet.stubs(:[]) Puppet.expects(:[]).with(:usecacheonfailure).returns false Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns nil Puppet.expects(:warning) @agent.retrieve_catalog({}).should be_nil end it "should return nil if no cached catalog is available and no catalog can be retrieved from the server" do Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_cache] == true }.returns nil Puppet::Resource::Catalog.indirection.expects(:find).with { |name, options| options[:ignore_terminus] == true }.returns nil @agent.retrieve_catalog({}).should be_nil end it "should convert the catalog before returning" do Puppet::Resource::Catalog.indirection.stubs(:find).returns @catalog @agent.expects(:convert_catalog).with { |cat, dur| cat == @catalog }.returns "converted catalog" @agent.retrieve_catalog({}).should == "converted catalog" end it "should return nil if there is an error while retrieving the catalog" do Puppet::Resource::Catalog.indirection.expects(:find).at_least_once.raises "eh" @agent.retrieve_catalog({}).should be_nil end end describe "when converting the catalog" do before do Puppet.settings.stubs(:use).returns(true) @catalog = Puppet::Resource::Catalog.new @oldcatalog = stub 'old_catalog', :to_ral => @catalog end it "should convert the catalog to a RAL-formed catalog" do @oldcatalog.expects(:to_ral).returns @catalog @agent.convert_catalog(@oldcatalog, 10).should equal(@catalog) end it "should finalize the catalog" do @catalog.expects(:finalize) @agent.convert_catalog(@oldcatalog, 10) end it "should record the passed retrieval time with the RAL catalog" do @catalog.expects(:retrieval_duration=).with 10 @agent.convert_catalog(@oldcatalog, 10) end it "should write the RAL catalog's class file" do @catalog.expects(:write_class_file) @agent.convert_catalog(@oldcatalog, 10) end it "should write the RAL catalog's resource file" do @catalog.expects(:write_resource_file) @agent.convert_catalog(@oldcatalog, 10) end end end diff --git a/spec/unit/util/json_lockfile_spec.rb b/spec/unit/util/json_lockfile_spec.rb new file mode 100644 index 000000000..a66e3866d --- /dev/null +++ b/spec/unit/util/json_lockfile_spec.rb @@ -0,0 +1,29 @@ +#!/usr/bin/env rspec +require 'spec_helper' + +require 'puppet/util/json_lockfile' + +describe Puppet::Util::JsonLockfile do + require 'puppet_spec/files' + include PuppetSpec::Files + + before(:each) do + @lockfile = tmpfile("lock") + @lock = Puppet::Util::JsonLockfile.new(@lockfile) + end + + describe "#lock" do + it "should create a lock file containing a json hash" do + data = { "foo" => "foofoo", "bar" => "barbar" } + @lock.lock(data) + + PSON.parse(File.read(@lockfile)).should == data + end + end + + it "should return the lock data" do + data = { "foo" => "foofoo", "bar" => "barbar" } + @lock.lock(data) + @lock.lock_data.should == data + end +end \ No newline at end of file diff --git a/spec/unit/util/lockfile_spec.rb b/spec/unit/util/lockfile_spec.rb new file mode 100644 index 000000000..5c3261fe3 --- /dev/null +++ b/spec/unit/util/lockfile_spec.rb @@ -0,0 +1,76 @@ +#!/usr/bin/env rspec +require 'spec_helper' + +require 'puppet/util/lockfile' + +describe Puppet::Util::Lockfile do + require 'puppet_spec/files' + include PuppetSpec::Files + + before(:each) do + @lockfile = tmpfile("lock") + @lock = Puppet::Util::Lockfile.new(@lockfile) + end + + describe "#lock" do + it "should return false if already locked" do + @lock.stubs(:locked?).returns(true) + @lock.lock.should be_false + end + + it "should return true if it successfully locked" do + @lock.lock.should be_true + end + + it "should create a lock file" do + @lock.lock + + File.should be_exists(@lockfile) + end + + it "should create a lock file containing a string" do + data = "foofoo barbar" + @lock.lock(data) + + File.read(@lockfile).should == data + end + end + + describe "#unlock" do + it "should return true when unlocking" do + @lock.lock + @lock.unlock.should be_true + end + + it "should return false when not locked" do + @lock.unlock.should be_false + end + + it "should clear the lock file" do + File.open(@lockfile, 'w') { |fd| fd.print("locked") } + @lock.unlock + File.should_not be_exists(@lockfile) + end + end + + it "should be locked when locked" do + @lock.lock + @lock.should be_locked + end + + it "should not be locked when not locked" do + @lock.should_not be_locked + end + + it "should not be locked when unlocked" do + @lock.lock + @lock.unlock + @lock.should_not be_locked + end + + it "should return the lock data" do + data = "foofoo barbar" + @lock.lock(data) + @lock.lock_data.should == data + end +end \ No newline at end of file diff --git a/spec/unit/util/pidlock_spec.rb b/spec/unit/util/pidlock_spec.rb new file mode 100644 index 000000000..20f8649b8 --- /dev/null +++ b/spec/unit/util/pidlock_spec.rb @@ -0,0 +1,179 @@ +#!/usr/bin/env rspec +require 'spec_helper' + +require 'puppet/util/pidlock' + +describe Puppet::Util::Pidlock do + require 'puppet_spec/files' + include PuppetSpec::Files + + before(:each) do + @lockfile = tmpfile("lock") + @lock = Puppet::Util::Pidlock.new(@lockfile) + end + + describe "#lock" do + it "should not be locked at start" do + @lock.should_not be_locked + end + + it "should not be mine at start" do + @lock.should_not be_mine + end + + it "should become locked" do + @lock.lock + @lock.should be_locked + end + + it "should become mine" do + @lock.lock + @lock.should be_mine + end + + it "should be possible to lock multiple times" do + @lock.lock + lambda { @lock.lock }.should_not raise_error + end + + it "should return true when locking" do + @lock.lock.should be_true + end + + it "should return true if locked by me" do + @lock.lock + @lock.lock.should be_true + end + + + it "should create a lock file" do + @lock.lock + File.should be_exists(@lockfile) + end + end + + describe "#unlock" do + it "should not be locked anymore" do + @lock.lock + @lock.unlock + @lock.should_not be_locked + end + + it "should return false if not locked" do + @lock.unlock.should be_false + end + + it "should return true if properly unlocked" do + @lock.lock + @lock.unlock.should be_true + end + + it "should get rid of the lock file" do + @lock.lock + @lock.unlock + File.should_not be_exists(@lockfile) + end + end + + describe "#locked?" do + it "should return true if locked" do + @lock.lock + @lock.should be_locked + end + end + + describe "with a stale lock" do + before(:each) do + # fake our pid to be 1234 + Process.stubs(:pid).returns(1234) + # lock the file + @lock.lock + # fake our pid to be a different pid, to simulate someone else + # holding the lock + Process.stubs(:pid).returns(6789) + + Process.stubs(:kill).with(0, 6789) + Process.stubs(:kill).with(0, 1234).raises(Errno::ESRCH) + end + + it "should not be locked" do + @lock.should_not be_locked + end + + describe "#lock" do + it "should clear stale locks" do + @lock.locked? + File.should_not be_exists(@lockfile) + end + + it "should replace with new locks" do + @lock.lock + File.should be_exists(@lockfile) + @lock.lock_pid.should == 6789 + @lock.should be_mine + @lock.should be_locked + end + end + + describe "#unlock" do + it "should not be allowed" do + @lock.unlock.should be_false + end + + it "should not remove the lock file" do + @lock.unlock + File.should be_exists(@lockfile) + end + end + end + + describe "with another process lock" do + before(:each) do + # fake our pid to be 1234 + Process.stubs(:pid).returns(1234) + # lock the file + @lock.lock + # fake our pid to be a different pid, to simulate someone else + # holding the lock + Process.stubs(:pid).returns(6789) + + Process.stubs(:kill).with(0, 6789) + Process.stubs(:kill).with(0, 1234) + end + + it "should be locked" do + @lock.should be_locked + end + + it "should not be mine" do + @lock.should_not be_mine + end + + describe "#lock" do + it "should not be possible" do + @lock.lock.should be_false + end + + it "should not overwrite the lock" do + @lock.lock + @lock.should_not be_mine + end + end + + describe "#unlock" do + it "should not be possible" do + @lock.unlock.should be_false + end + + it "should not remove the lock file" do + @lock.unlock + File.should be_exists(@lockfile) + end + + it "should still not be our lock" do + @lock.unlock + @lock.should_not be_mine + end + end + end +end \ No newline at end of file