| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we were not passing through the SSL protocol specified in the
client's bcfg2.conf which caused it to unconditionally be set to
xmlrpc/ssl. While this appears to automagically work with newer versions
of openssl, the version in e.g. centos5 will fail if the server is set
to use TLSv1.
This commit passes through the setting from the client's bcfg2.conf so
that older clients can talk to servers which are set to TLSv1 (in order
to mitigate the effects of POODLE).
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Adds two options you can define:
* disabled_plugins: A comma-separated list of plugins to disable
* enabled_plugins: A comma-separated list of plugins to enable
This allows you to run bcfg2 with certain plugins enabled or disabled
when they're not set that way in the yum configuration. This is
useful because the Bcfg2 YUM plugin is initialized before it can read
in any files that might overwrite yum plugin configuration.
|
|\ |
|
| | |
|
| |
| |
| |
| | |
breaking
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of doing a partially complete Install() method for SYSV,
implements a custom _get_package_command that will use the
_sysv_pkg_path attribute added by the pkgmogrify call.
This will allow the installs to complete. Unfortunately, the
single-pass install will still fail if there are any packages with an
http:// URL. The pkgadd invocation for 'device' sources doesn't take
multiple packages and the 'datastream' invocation doesn't handle packages
with an HTTP URL. Finally, there is no reliable standard naming
convention for SYSV datastream files, so the simplename attribute is
re-used.
There is a known issue with this patch - if any packages specified in
the PackageList have an http url, the single-pass install will produce
an error like:
Trying single pass package install for pkgtype sysv
pkgadd: ERROR: Failure occurred with http(s) negotiation: <'Peername' doesn't match 'host' or no matching entry>
pkgadd: ERROR: unable to download package datastream from <http://install1.d.stor.en.desres.deshaw.com/jumpstart10U10/packages>.
Single Pass Failed
because the command that results isn't valid syntax for pkgadd. A
workaround would be to add code to skip the single-pass install if any
packages had the simplename attribute, or by checking the url for the
presence of 'http'. I'm not sure if that should be fixed or if this is
reasonable in this case.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
pkgadd has different syntax for different sources (datastream and file
system format) which makes using a single pkgtool variable difficult.
Also, SYSV packages in datastream format don't necessarily have uniform
names. Therefore, use the existing 'simplename' attribute to specify
the datastream file name.
|
|/
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Formerly, yum did an 'update' to install the correct version of a
package, even if the desired package was older than the installed
package. This is wrong; it needs to do a downgrade. This changes it
to downgrade when the desired package is older, and upgrade if it is
newer.
There is still the possibility of upgrading a package that should be
downgraded if the desired package is only partially specified, but
this should be very rare.
|
|
|
|
|
|
|
|
| |
This reverts commit 690a18b5bb61516e5c11f6da3d788332373c196b.
While systemd is meant to replace chkconfig, it appears that RHEL7 has
both and does not provide systemd alternatives for certain SYSV init
scripts by default.
|
| |
|
|
|
|
|
|
| |
Massive typo.
This reverts commit c51850b13f54d6f46e6c671e5ee1d3f0cacef727.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Stat the link itself, not its target
* Get SELinux context from the link, not the target
* Don't get ACLs at all; symlinks don't have their own ACLs
The first issue listed wasn't actually a bug, because none of the
information queried from the target by the stat call was actually used
in verification, but it's been fixed for completeness.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ACLs on directories
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Fix another place where a unicode XML string with an encoding
declaration may be read. Cf. 0f8d403d1a86cfbfe8222662dc445e16e8f7eff9
|
|
|
|
|
|
|
| |
This is just a workaround to avoid a traceback; the real fix will
involve making the POSIX tool properly handle ACLs with no user/group
given, which refer to the current user/group of the file they apply
to.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added ability to specify initial content for a file that doesn't
exist, to avoid a messy situation where you'd have to probe for file
existence and either use a Path type="file" or Path type="augeas"
depending, and run Bcfg2 twice.
* All commands in an Augeas path are run if *any* of them fail to
verify. Previously, only commands that hadn't been run would be
installed, but that had issues, particularly with the Clear command,
which could pass verification but then be required during the
installation phase anyway.
* Miscellaneous bug fixes.
|
| |
|
| |
|
| |
|
|
|
|
| |
This mimics the behavior for "real" tools
|
| |
|
|
|
|
|
|
| |
When installing an entry with no ACLs specified, but with ACLs on the
file as it exists on the filesystem, the ACL mask was preserved, even
as the ACLs are deleted.
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
| |
|
|
|
|
| |
determining if a bundle has been modified
|
|
|
|
|
|
|
|
| |
If you don't supply a mode to the selinux.matchpathcon() function, it
fails to properly look up the context in some circumstances related to
context patterns in the SELinux policy. This change looks up the mode
and supplies it to the function.
(cherry picked from commit 20a2c9a8fb6c6ecbed259b5deccb01c01bf3304f)
|
|
|
|
|
|
|
| |
Previously, when a bundle's contents were updated, all services listed
in the bundle were stopped if the status attribute was set to 'ignore'.
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|