summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Client
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'ssl-protocol-fix' of github.com:solj/bcfg2 into maintSol Jerome2014-10-211-1/+2
|\
| * Proxy.py: Pass through SSL protocol optionSol Jerome2014-10-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we were not passing through the SSL protocol specified in the client's bcfg2.conf which caused it to unconditionally be set to xmlrpc/ssl. While this appears to automagically work with newer versions of openssl, the version in e.g. centos5 will fail if the server is set to use TLSv1. This commit passes through the setting from the client's bcfg2.conf so that older clients can talk to servers which are set to TLSv1 (in order to mitigate the effects of POODLE). Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* | YUM: Add options to enable and disable Yum pluginsJonathan Billings2014-10-171-0/+10
|/ | | | | | | | | | | Adds two options you can define: * disabled_plugins: A comma-separated list of plugins to disable * enabled_plugins: A comma-separated list of plugins to enable This allows you to run bcfg2 with certain plugins enabled or disabled when they're not set that way in the yum configuration. This is useful because the Bcfg2 YUM plugin is initialized before it can read in any files that might overwrite yum plugin configuration.
* Merge branch 'sysv-http' of https://github.com/nathanolla/bcfg2 into maintSol Jerome2014-08-261-2/+42
|\
| * Log when downloading packages via HTTPNathan Olla2014-08-191-0/+2
| |
| * Check for origpkgtool attribute to prevent things that subclass SYSV from ↵Nathan Olla2014-07-161-6/+8
| | | | | | | | breaking
| * Remove unused import of copyNathan Olla2014-07-161-1/+0
| |
| * Implement _get_package_command and append _sysv_pkg_path attributeNathan Olla2014-07-161-33/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of doing a partially complete Install() method for SYSV, implements a custom _get_package_command that will use the _sysv_pkg_path attribute added by the pkgmogrify call. This will allow the installs to complete. Unfortunately, the single-pass install will still fail if there are any packages with an http:// URL. The pkgadd invocation for 'device' sources doesn't take multiple packages and the 'datastream' invocation doesn't handle packages with an HTTP URL. Finally, there is no reliable standard naming convention for SYSV datastream files, so the simplename attribute is re-used. There is a known issue with this patch - if any packages specified in the PackageList have an http url, the single-pass install will produce an error like: Trying single pass package install for pkgtype sysv pkgadd: ERROR: Failure occurred with http(s) negotiation: <'Peername' doesn't match 'host' or no matching entry> pkgadd: ERROR: unable to download package datastream from <http://install1.d.stor.en.desres.deshaw.com/jumpstart10U10/packages>. Single Pass Failed because the command that results isn't valid syntax for pkgadd. A workaround would be to add code to skip the single-pass install if any packages had the simplename attribute, or by checking the url for the presence of 'http'. I'm not sure if that should be fixed or if this is reasonable in this case.
| * Fix indentingNathan Olla2014-07-141-5/+4
| |
| * Add urlretrieve to Compat and documentNathan Olla2014-07-141-2/+2
| |
| * SYSV: Implement downloading and installing SYSV packages from HTTPNathan Olla2014-07-141-2/+46
| | | | | | | | | | | | | | | | pkgadd has different syntax for different sources (datastream and file system format) which makes using a single pkgtool variable difficult. Also, SYSV packages in datastream format don't necessarily have uniform names. Therefore, use the existing 'simplename' attribute to specify the datastream file name.
* | POSIXUsers.py: Allow supplementary group = primarySol Jerome2014-07-181-1/+1
|/ | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* debsums: read output from stderr instead of stdoutArach2014-07-051-1/+1
|
* fixed pylint/pep-8 testsChris St. Pierre2014-04-259-26/+25
|
* Correctly upgrade or downgrade yum packagesChris St. Pierre2014-04-081-15/+36
| | | | | | | | | | | | Formerly, yum did an 'update' to install the correct version of a package, even if the desired package was older than the installed package. This is wrong; it needs to do a downgrade. This changes it to downgrade when the desired package is older, and upgrade if it is newer. There is still the possibility of upgrading a package that should be downgraded if the desired package is only partially specified, but this should be very rare.
* Revert "Systemd: systemd is a replacement for chkconfig"Sol Jerome2014-04-061-2/+0
| | | | | | | | This reverts commit 690a18b5bb61516e5c11f6da3d788332373c196b. While systemd is meant to replace chkconfig, it appears that RHEL7 has both and does not provide systemd alternatives for certain SYSV init scripts by default.
* POSIX: fixed test to only apply ACLs to non-symlinksv1.3.4Chris St. Pierre2014-02-251-1/+1
|
* Revert "POSIX: fixed test to only apply ACLs to non-symlinks"Chris St. Pierre2014-02-251-2/+2
| | | | | | Massive typo. This reverts commit c51850b13f54d6f46e6c671e5ee1d3f0cacef727.
* POSIX: fixed test to only apply ACLs to non-symlinksChris St. Pierre2014-02-251-2/+2
|
* POSIX: Fix verification of symlinksChris St. Pierre2014-02-211-3/+3
| | | | | | | | | | * Stat the link itself, not its target * Get SELinux context from the link, not the target * Don't get ACLs at all; symlinks don't have their own ACLs The first issue listed wasn't actually a bug, because none of the information queried from the target by the stat call was actually used in verification, but it's been fixed for completeness.
* testsuite: Fixed several pylint 1.0 issuesChris St. Pierre2014-02-211-3/+7
|
* Don't strip other entries from default ACL, these are defined by mode number.Richard Connon2014-02-101-3/+1
|
* docstring for new sub-methodRichard Connon2014-02-041-0/+2
|
* Except _verify_acls from pylint branches checkRichard Connon2014-02-041-1/+1
|
* Removed redundant condition for empty default ACLRichard Connon2014-02-041-8/+7
|
* Fixed continue not in a loop error in previousRichard Connon2014-02-041-1/+1
|
* fix for "Too many branches" in _verify_aclsRichard Connon2014-02-041-20/+23
|
* Minor changes to default ACL codeRichard Connon2014-02-041-5/+4
|
* Support ACLs without a specific user/group for default owner/owning-group ↵Richard Connon2014-02-041-28/+52
| | | | ACLs on directories
* fixed pylint testsChris St. Pierre2014-01-301-2/+2
|
* Augeas: ensure that entry.attrib is always a dictChris St. Pierre2014-01-291-1/+2
|
* Client: let lxml.etree XML implementation parse very large documentsChris St. Pierre2014-01-291-1/+9
|
* added missing docstringChris St. Pierre2014-01-221-2/+5
|
* Don't parse unicode XML with encodingChris St. Pierre2014-01-221-1/+10
| | | | | Fix another place where a unicode XML string with an encoding declaration may be read. Cf. 0f8d403d1a86cfbfe8222662dc445e16e8f7eff9
* POSIX: Properly stringify ACLs with no user/group specifiedChris St. Pierre2014-01-161-1/+4
| | | | | | | This is just a workaround to avoid a traceback; the real fix will involve making the POSIX tool properly handle ACLs with no user/group given, which refer to the current user/group of the file they apply to.
* fixed indentation in previousRichard Connon2014-01-051-1/+1
|
* Fixed syntatical error in previousRichard Connon2014-01-051-2/+2
|
* Fixed group blacklist issue #150Richard Connon2014-01-051-0/+1
|
* Augeas improvements:Chris St. Pierre2013-12-111-10/+21
| | | | | | | | | | | | | * Added ability to specify initial content for a file that doesn't exist, to avoid a messy situation where you'd have to probe for file existence and either use a Path type="file" or Path type="augeas" depending, and run Bcfg2 twice. * All commands in an Augeas path are run if *any* of them fail to verify. Previously, only commands that hadn't been run would be installed, but that had issues, particularly with the Clear command, which could pass verification but then be required during the installation phase anyway. * Miscellaneous bug fixes.
* Augeas: avoid deprecation warningChris St. Pierre2013-12-051-2/+2
|
* Augeas: Added docstrings, fixed some minor pylint issuesChris St. Pierre2013-12-051-20/+91
|
* Augeas: Only install unverified commandsChris St. Pierre2013-12-051-0/+2
|
* POSIX: skip loading POSIX sub-tools that raise ImportErrorChris St. Pierre2013-12-051-2/+5
| | | | This mimics the behavior for "real" tools
* Tools: new Augeas driverChris St. Pierre2013-12-051-0/+211
|
* Remove all ACLs (including mask) from entries with no ACLs listedChris St. Pierre2013-09-121-0/+5
| | | | | | When installing an entry with no ACLs specified, but with ACLs on the file as it exists on the filesystem, the ACL mask was preserved, even as the ACLs are deleted.
* POSIXUsers: Fix tracebackSol Jerome2013-09-061-1/+2
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Fix pep8 errorsJason Kincl2013-08-301-3/+3
|
* Client: Add entries processed as important to list of entries whenJason Kincl2013-08-301-2/+4
| | | | determining if a bundle has been modified
* SELinux: Update the matchpathcon function to use the file's modeJonathan Billings2013-08-221-1/+2
| | | | | | | | If you don't supply a mode to the selinux.matchpathcon() function, it fails to properly look up the context in some circumstances related to context patterns in the SELinux policy. This change looks up the mode and supplies it to the function. (cherry picked from commit 20a2c9a8fb6c6ecbed259b5deccb01c01bf3304f)
* Client: Don't modify running services if ignoredSol Jerome2013-08-121-2/+3
| | | | | | | Previously, when a bundle's contents were updated, all services listed in the bundle were stopped if the status attribute was set to 'ignore'. Signed-off-by: Sol Jerome <sol.jerome@gmail.com>