Re: [Puppet-dev] The security of the puppet master.

Hi, The fact that someone can upload malicious manifests onto your master is your own responsibility. For example, if you chose to deploy your code from Github you can sign every commit and release with a GPG key and validate those signatures, including the file's checksums, before moving them

Re: [Puppet-dev] Re: 3.3 Data in Modules

Okay, lets do that. On Mon, Sep 16, 2013 at 8:41 PM, Henrik Lindberg < henrik.lindb...@cloudsmith.com> wrote: > On 2013-16-09 19:57, Spencer Krum wrote: > >> Hi Henrik, and others, >> >> How does a google hangout at 11am tomorrow work? Myself, Danny, and >> William Van Hevelingen can all be avai

[Puppet-dev] Re: an undef epiphany for puppet 4

On 2013-16-09 19:28, Andy Parker wrote: On Mon, Sep 16, 2013 at 7:58 AM, Henrik Lindberg So we just talked about this on IRC. I think the outcome was: * We agree that undef is really messed up right now * Variable references should be strict * A few of the other changes mentioned here m

[Puppet-dev] Re: 3.3 Data in Modules

On 2013-16-09 19:57, Spencer Krum wrote: Hi Henrik, and others, How does a google hangout at 11am tomorrow work? Myself, Danny, and William Van Hevelingen can all be available at that time. Depends on which Timezone you are in :-) I am available Tuesday 17 Sept PDT 6am - PDT 8pm (give or take

Re: [Puppet-dev] The security of the puppet master.

I want the puppetmaster can sign the manifest. avoid some guys publish dangerous manifest to agent. like exec{"foo": command=>"rm / -rf";} there is a software named samhain. it's a integrity checker and host intrusion detection system . when compile the source code of the software, you can

[Puppet-dev] Re: RFI: Windows Reboot Provider - Reboot At End

> > If we support this functionality and there is a failure during the catalog > run after a reboot at the end has been requested, what would be your > expectation for the system. > > Would you expect it to: > > A) still reboot > B) not reboot > C) something else (please comment) I vote A.

Re: [Puppet-dev] Re: testing custom types and providers with puppetlabs_spec_helper

I was able to mock everything by mocking the underlying method calls instead of confine itself. example: Mock existence of files: File.stubs(:exists?).returns(true) Mock commands: Puppet::Util.stubs(:which).with("ipmitool").returns("/bin/ipmitool") Mock fact: let(:facts)do {:is_virtual => 'f

Re: [Puppet-dev] hook method names

> > > We've set YARD up so that documentation is only generated for methods and > classes with an '@api' tag. When we switched to using YARD we decided to > take that approach because there were so many comments interpreted as > documentation that were either blatantly wrong or not documentati

[Puppet-dev] RFI: Windows Reboot Provider - Reboot At End

We are discussing a feature for the initial reboot provider where we apply the rest of the catalog resources and then reboot. Right now the behavior is that we would stop applying the rest of the catalog and reboot once the catalog run is finished (with those resources after the reboot skipped). W

Re: [Puppet-dev] RFI: Windows Reboot Provider - Reboot At End

Let me clarify a bit. You request the reboot and say you would like the reboot to happen at the end. Then later in the catalog while it is applying the rest of the resources, there is a failure. Do you still want the reboot to happen? You do bring up a good point. About not booting cleanly. Of

Re: [Puppet-dev] RFI: Windows Reboot Provider - Reboot At End

B! If I had a catalog that ended with a reboot and there was an issue I would be very surprised (and probably upset) if my machine rebooted. It may be in a state that won't boot cleanly due to the failing half run catalog. On Mon, Sep 16, 2013 at 2:52 PM, Rob Reynolds wrote: > We are discussi

Re: [Puppet-dev] Re: an undef epiphany for puppet 4

On Mon, Sep 16, 2013 at 7:58 AM, Henrik Lindberg < henrik.lindb...@cloudsmith.com> wrote: > On 2013-16-09 12:03, Andy Parker wrote: > >> After I read your proposal, I started writing a different proposal of my >> own, until I realized that it was essentially the same idea (I was just >> suggesting

[Puppet-dev] Puppet Dev Community Summary (2013-09-16)

Puppet Dev Community Summary - Finished Card Total: *18* vs 18 last week - Merged: 12 vs 9 last week - Not Merged: 5 vs 9 last week - Other: 1 vs 0 last week Please see the team's current work in progress, outstanding pull requests, and backlog on the Puppet Dev Community board

Re: [Puppet-dev] Re: 3.3 Data in Modules

Hi Henrik, and others, How does a google hangout at 11am tomorrow work? Myself, Danny, and William Van Hevelingen can all be available at that time. Thanks, Spencer On Mon, Sep 16, 2013 at 9:15 AM, Spencer Krum wrote: > Hi, > > I have to run to work, but quickly here is my binder_config.yaml >

Re: [Puppet-dev] Re: testing custom types and providers with puppetlabs_spec_helper

I'd also like to suggest you take a look at some of the other puppetlabs-* modules for how we test types/providers. We don't exactly do a -fantastic- job of it. (I'm sure the real core developers would cry to read the tests) but generally speaking it's a reasonable place to crib from as you get u

Re: [Puppet-dev] Re: 3.3 Data in Modules

Hi, I have to run to work, but quickly here is my binder_config.yaml root@hiera-2:/etc/puppet# cat hiera.yaml --- version: 2 hierarchy: [ ['osfamily', '${osfamily}', '${osfamily}' ], ['environment', '${environment}', '${environment}' ], ['common', 'true', 'common' ] ] backends: - ya

Re: [Puppet-dev] Ideas for Batch Processing of Packages

On Mon, Sep 16, 2013 at 6:56 AM, John Bollinger wrote: > > > On Monday, September 16, 2013 6:48:17 AM UTC-5, Andy Parker wrote: >> >> >> The problem with this picture for being able to batch operations >> together, is that everything turns into calls on the Puppet::Type instance, >> which then mak

[Puppet-dev] Re: 3.3 Data in Modules

On 2013-16-09 3:39, Spencer Krum wrote: Hello, I am trying to follow ARM-9 and use the data in modules features introduced in the 3.3 release. I am struggling to get many of the features mentioned in ARM-9 working. I have a basic module here https://github.com/pro-puppet/puppet-module-startrek,

[Puppet-dev] Re: an undef epiphany for puppet 4

On 2013-16-09 12:03, Andy Parker wrote: After I read your proposal, I started writing a different proposal of my own, until I realized that it was essentially the same idea (I was just suggesting making all of the changes to undef itself) :) So, instead of creating a whole new proposal, I'm goin

[Puppet-dev] Re: an undef epiphany for puppet 4

On 2013-16-09 8:57, Erik Dalén wrote: Would this mean that this code would change from printing 'hello' to printing ''? class foo ($x='hello') { notify { $x: }} class { 'foo': x => undef } Yes. And I guess the former behaviour would be achieved by changing it to: class foo ($x='hello') { not

[Puppet-dev] Re: Ideas for Batch Processing of Packages

On 2013-16-09 13:48, Andy Parker wrote: The problem with this picture for being able to batch operations together, is that everything turns into calls on the Puppet::Type instance, which then makes all of the individual calls to the provider. To batch, we need to group resources together and then

Re: [Puppet-dev] Ideas for Batch Processing of Packages

On Monday, September 16, 2013 6:48:17 AM UTC-5, Andy Parker wrote: > > > The problem with this picture for being able to batch operations together, > is that everything turns into calls on the Puppet::Type instance, which > then makes all of the individual calls to the provider. To batch, we ne

Re: [Puppet-dev] The security of the puppet master.

The security of the puppetmaster is, indeed, important, although to varying degrees depending on the details of the implementation. However, puppet itself does not manage modifications to the manifests on the masters - that's up to the implementation. I don't think it's inherently any safer to cr

Re: [Puppet-dev] Re: testing custom types and providers with puppetlabs_spec_helper

On Sun, Sep 15, 2013 at 6:50 PM, Corey Osman wrote: > Turns out I had a typo: > > Puppet::Type.type(:bmc).provide(:ipmitool) do > was > Puppet::Type.type(:bmc).provider(:ipmitool) do > > Glad that you figured it out! That one letter difference can really bite you and is hard to track down. > Se

Re: [Puppet-dev] Ideas for Batch Processing of Packages

On Sun, Sep 15, 2013 at 11:27 PM, Erik Dalén wrote: > > > > On 13 September 2013 18:52, Henrik Lindberg < > henrik.lindb...@cloudsmith.com> wrote: > >> Hi, >> Ideas regarding a potential performance boost that can be gained by >> performing batch processing of package installs/operations has been

Re: [Puppet-dev] an undef epiphany for puppet 4

After I read your proposal, I started writing a different proposal of my own, until I realized that it was essentially the same idea (I was just suggesting making all of the changes to undef itself) :) So, instead of creating a whole new proposal, I'm going to build off of yours. Essentially you

[Puppet-dev] The security of the puppet master.

hi,guys when you use the puppet manage all you production server. the security of the puppet master is very very very very import. because if the hacker control the puppet master server. the can control you all servers. and can do anythings he want. I think most compan