Permalink
Commits on Apr 6, 2017
Commits on Mar 3, 2017
Commits on Mar 2, 2017
Commits on Mar 1, 2017
Commits on Feb 28, 2017
-
MikaelSmith committed
Feb 25, 2017 Rely on PATH lookup to find Puppet. The MSI sets up PATH; previous attempts to rely on PATH failed because they didn't add the `.bat` extension, and CreateProcess defaults to `.exe` if no extension is supplied. On Linux, append the default AIO path.
Commits on Feb 24, 2017
-
MikaelSmith committed
Feb 24, 2017 -
joshcooper committed
Feb 24, 2017 (MCOP-585) Only use AIO location for platform, and if PATH fails
Commits on Feb 23, 2017
-
MikaelSmith committed
Feb 23, 2017 Previously default paths for the `puppet-agent` package were added to allow this plugin to work out-of-the-box on those platforms. It did so by hard-coding the paths and trying each of them in turn. This left a hole for privilege escalation if not using `puppet-agent` packaging, and on Windows in particular would allow anyone to create `C:/opt/puppetlabs/bin/puppet` and co-opt the agent. We aspire to prevent privilege escalation while retaining easy out-of-the-box setup by - Ensure default paths are only used on the platform where they apply - Use PATH as the first option On Windows, this is sufficient to prevent privilege escallation even if not using the `puppet-agent` packaging, as `C:/Program Files` requires Administrator access to modify. On other platforms, `/opt` is not a privileged location, so we include a warning to explicitly set `plugin.puppet.command` if not relying on PATH or using default packaging.
Commits on Feb 10, 2017
Commits on Feb 9, 2017
-
When trying to find the path to the puppet executable also check the windows paths before relying on PATH
Commits on Jan 20, 2017
Commits on Jan 19, 2017
-
MikaelSmith committed
Jan 19, 2017
Commits on Jan 6, 2017
-
This improves the logs output from last_run_summary by adding details about the logs such as time, source etc. The old output was considered largely pointless and we decided to make a breaking change to improve things. The old 'parse_log' input is removed thus forcing code that relied on the old behaviour to fail with a DDL error rather than later fail in weird ways when the data format has changed
-
Previously, the Puppet runall command blocked on a single busy node. Fix it to trigger runs on each idle node in the queue concurrently, up to the concurrency limit, until all have run.
Commits on Jan 5, 2017
-
-
ripienaar committed
Dec 27, 2016 When the agent is disabled it's assumed to be idle, but there could be a period where if the agent was not idle when it was disabled it will still be applying for a while. This removes the short circuit and always checks the actual status
Commits on Nov 4, 2016
Commits on Nov 2, 2016
-
The last_run_summary.yaml now include information about corrective changes, this updates the puppet plugin to report those where appropriate
Commits on Oct 13, 2016
Commits on Aug 23, 2016
-
AIO packaging does not add puppet to PATH so the default of `puppet agent` does not work for modern users forcing every single user to edit the config file just to use this. This will check if AIO paths exist it will default to those otherwise the old default of `puppet agent` is used.
Commits on Aug 9, 2016
-
-
-
Use the `Util.str_to_bool` function in preference to in-place code.
-
This commit disallows the use of the `server` option by default as it makes it possible for an attacker to execute arbitrary code on the node by directing it to a compromised puppet master. At the same time a new configuration flag - `allow_sever_override` - is added to make it possible to explicitly allow the use of the option.
-
NewerOlder