summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Setup reporting transport before starting threadsTim Laszlo2014-06-101-1/+4
|
* GroupLogic: parse generated template properly to allow xincludeChris St. Pierre2014-05-221-1/+1
|
* Init: Remove stray whitespaceSol Jerome2014-05-171-1/+1
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Metadata: Reread clients.xml/groups.xml more carefullyChris St. Pierre2014-05-151-8/+21
| | | | | Avoid building client metadata while rereading those files, and expire the metadata cache afterwards.
* XMLFileBacked: Watch XIncluded files that do not existChris St. Pierre2014-05-151-1/+7
| | | | | | | | | | | | | | | | | | | | This makes a best effort to watch XIncluded files that do not exist. Assume that you have XIncluded ``foo.xml``, the following (currently) fails: mv foo.xml /tmp mv /tmp/foo.xml . Bcfg2 processes the deletion event, and stops watching ``foo.xml``; consequently, it receives no creation event when you put ``foo.xml`` back. This does not fix the situation where you add a new file that is matched by a wildcard XInclude, which turns out to be much more difficult, and will likely require a significant restructuring of how wildcard XIncludes are processed. (I.e., we'll need to place a monitor on the directory or directories where the wildcard XInclude is looking, and then filter events according to the wildcard.)
* catch errors base64 decoding encrypted properties dataChris St. Pierre2014-05-121-1/+1
|
* fixed pylint/pep-8 testsChris St. Pierre2014-04-2517-50/+47
|
* Default to only (En|De)crypt vars that need itChris Brinker2014-04-251-2/+1
| | | | | | | | | | | | | | For both Encrypting and Decrypting of Properties files, we should by default only attempt to execute on elements that have an "encrypted" attribute defined. The code will already attempt to encrypt every element if nothing in the current document matches this xpath, which catches the case of a user trying to fully encrypt a completely new properties file. Conflicts: src/lib/Bcfg2/Server/Encryption.py
* do not bruteforce Properties decrypts with unknown passphraseChris St. Pierre2014-04-251-12/+5
| | | | | this greatly decreases startup time with lots of data encrypted with missing passphrases
* reduce logging from failed decryption with decrypt=laxChris St. Pierre2014-04-253-30/+25
|
* Enable bcfg2-yum-helper to depsolve for arches incompatible with serverJohn Morris2014-04-212-4/+34
| | | | | | | | | | | | | | | | By default, the yum dependency resolver uses the host's architecture to filter compatible packages. This prevents dependency resolution when the bcfg2 client's architecture is incompatible with the server's. This workaround checks the <Arch/> element for each of the client's yum sources, and if they are all identical, passes that architecture to bcfg2-yum-helper to override the default. The rpmUtils.arch module may only be configured for a single architecture. If multiple architectures are configured in yum sources, we don't know which one to pick, so use the default behavior instead.
* Reporting: Log to debug to prevent spam in logsSol Jerome2014-04-161-2/+2
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Correctly upgrade or downgrade yum packagesChris St. Pierre2014-04-081-15/+36
| | | | | | | | | | | | Formerly, yum did an 'update' to install the correct version of a package, even if the desired package was older than the installed package. This is wrong; it needs to do a downgrade. This changes it to downgrade when the desired package is older, and upgrade if it is newer. There is still the possibility of upgrading a package that should be downgraded if the desired package is only partially specified, but this should be very rare.
* Revert "Systemd: systemd is a replacement for chkconfig"Sol Jerome2014-04-061-2/+0
| | | | | | | | This reverts commit 690a18b5bb61516e5c11f6da3d788332373c196b. While systemd is meant to replace chkconfig, it appears that RHEL7 has both and does not provide systemd alternatives for certain SYSV init scripts by default.
* Core: better error messages when altsrc bind failsChris St. Pierre2014-03-141-3/+4
|
* bcfg2-report-collector: better error messages when failing to daemonizeChris St. Pierre2014-03-041-0/+13
|
* cleared pylint error on PluginDatabaseModel metadata optionsChris St. Pierre2014-03-031-1/+2
|
* Core: close all database connections at the end of XML-RPC requestsChris St. Pierre2014-03-031-6/+26
|
* Reporting: properly close db connectionChris St. Pierre2014-02-282-4/+6
| | | | | | | | | Close the db connection at the end of each DjangoORM import, not when the reporting collector shuts down. The collector may not have even opened a connection, in the case of a storage backend other than DjangoORM. Fixes #157
* POSIX: fixed test to only apply ACLs to non-symlinksv1.3.4Chris St. Pierre2014-02-251-1/+1
|
* Revert "POSIX: fixed test to only apply ACLs to non-symlinks"Chris St. Pierre2014-02-251-2/+2
| | | | | | Massive typo. This reverts commit c51850b13f54d6f46e6c671e5ee1d3f0cacef727.
* POSIX: fixed test to only apply ACLs to non-symlinksChris St. Pierre2014-02-251-2/+2
|
* Version bump to 1.3.4Sol Jerome2014-02-252-2/+2
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* helpers: better error message when failing to read FileBackedChris St. Pierre2014-02-251-1/+2
|
* bcfg2-lint: Verify abstract Package tagsChris St. Pierre2014-02-231-0/+10
|
* Metadata: reread client list from databaseChris St. Pierre2014-02-233-5/+41
| | | | | | | | This fixes two related bugs: One causes Metadata to use an out-of-date cached list of clients when a client is deleted or added with bcfg2-admin; the other causes child worker processes to use an out-of-date cached list of clients when a client is added with a Bcfg2 run when the multiprocessing core is in use.
* Fixed typoChris St. Pierre2014-02-211-1/+1
| | | | Note to self: do not push code before 9 am
* Yum: fix pylint testsChris St. Pierre2014-02-211-2/+2
|
* Yum: only fork to find bcfg2-yum-helper once, for realChris St. Pierre2014-02-211-2/+2
|
* POSIX: Fix verification of symlinksChris St. Pierre2014-02-211-3/+3
| | | | | | | | | | * Stat the link itself, not its target * Get SELinux context from the link, not the target * Don't get ACLs at all; symlinks don't have their own ACLs The first issue listed wasn't actually a bug, because none of the information queried from the target by the stat call was actually used in verification, but it's been fixed for completeness.
* testsuite: Fixed several pylint 1.0 issuesChris St. Pierre2014-02-213-6/+10
|
* core: only shut down core onceChris St. Pierre2014-02-191-0/+10
|
* FAM: Only shut down inotify notifier onceChris St. Pierre2014-02-191-1/+1
|
* Merge pull request #156 from irconan/default-aclsChris St. Pierre2014-02-182-46/+92
|\ | | | | Support ACLs without a specific user/group
| * support python 2.4 for default ACL checking in LintRichard Connon2014-02-181-6/+7
| |
| * Working lint check for invalid default ACLsRichard Connon2014-02-141-29/+18
| |
| * Correct XML source for bundles in default ACL LintRichard Connon2014-02-141-1/+1
| |
| * Lint checking for invalid default ACLsRichard Connon2014-02-141-1/+32
| |
| * Don't strip other entries from default ACL, these are defined by mode number.Richard Connon2014-02-101-3/+1
| |
| * docstring for new sub-methodRichard Connon2014-02-041-0/+2
| |
| * Except _verify_acls from pylint branches checkRichard Connon2014-02-041-1/+1
| |
| * Removed redundant condition for empty default ACLRichard Connon2014-02-041-8/+7
| |
| * Fixed continue not in a loop error in previousRichard Connon2014-02-041-1/+1
| |
| * fix for "Too many branches" in _verify_aclsRichard Connon2014-02-041-20/+23
| |
| * Minor changes to default ACL codeRichard Connon2014-02-041-5/+4
| |
| * Support ACLs without a specific user/group for default owner/owning-group ↵Richard Connon2014-02-041-28/+52
| | | | | | | | ACLs on directories
* | Fixed typo. Need coffee.Chris St. Pierre2014-02-181-1/+1
| |
* | Core: add default name for base Core implementationChris St. Pierre2014-02-181-1/+2
| |
* | ensure that DB connections are always closed at thread/process exitChris St. Pierre2014-02-183-10/+20
| |
* | settings: Make it possible to use ibm_db_django engineChris St. Pierre2014-02-141-1/+6
| | | | | | | | This is a forward-port of 49362b6d633a7784f77650d5218d0e629d50e4fb